diff options
Diffstat (limited to 'mcs/class/referencesource/mscorlib/system/security')
207 files changed, 2681 insertions, 621 deletions
diff --git a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/ace.cs b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/ace.cs index f0dcbd61941..4776e5f6dba 100644 --- a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/ace.cs +++ b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/ace.cs @@ -137,8 +137,8 @@ namespace System.Security.AccessControl { // // Only have two bytes to store the length in. - // Indicates a bug in the implementation, not in user's code. - // + // Indicates a + Contract.Assert( false, "Length > ushort.MaxValue" ); throw new SystemException(); @@ -395,8 +395,8 @@ namespace System.Security.AccessControl if (((!( result is ObjectAce )) && (( binaryForm[offset + 2] << 0 ) + ( binaryForm[offset + 3] << 8 ) != result.BinaryLength )) // // This is needed because object aces created through ADSI have the advertised ACE length - // greater than the actual length by 32 (bug in ADSI). - // + // greater than the actual length by 32 ( + || (( result is ObjectAce ) && (( binaryForm[offset + 2] << 0 ) + ( binaryForm[offset + 3] << 8 ) != result.BinaryLength ) && ((( binaryForm[offset + 2] << 0 ) + ( binaryForm[offset + 3] << 8 ) - 32 ) != result.BinaryLength ))) { goto InvalidParameter; @@ -1199,8 +1199,8 @@ namespace System.Security.AccessControl default: // - // Indicates a bug in the implementation, not in user's code - // + // Indicates a + Contract.Assert( false, "Invalid ACE type" ); throw new SystemException(); diff --git a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/acl.cs b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/acl.cs index 16df8b1e453..71d016bddd9 100644 --- a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/acl.cs +++ b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/acl.cs @@ -373,9 +373,9 @@ namespace System.Security.AccessControl if ( aceLength % 4 != 0 ) { // - // This indicates a bug in one of the ACE classes. - // Binary length of an ace must ALWAYS be divisible by 4. - // + // This indicates a + + Contract.Assert( false, "aceLength % 4 != 0" ); throw new SystemException(); @@ -389,8 +389,8 @@ namespace System.Security.AccessControl // Increment the offset by the advertised length rather than the // actual binary length. (Ideally these two should match, but for // object aces created through ADSI, the actual length is 32 bytes - // less than the allocated size of the ACE. This is a bug in ADSI.) - // + // less than the allocated size of the ACE. This is a + offset += (binaryForm[offset + 2] << 0) + (binaryForm[offset + 3] << 8); } else @@ -512,9 +512,9 @@ namespace System.Security.AccessControl if ( aceLength % 4 != 0 ) { // - // This indicates a bug in one of the ACE classes. - // Binary length of an ace must ALWAYS be divisible by 4. - // + // This indicates a + + Contract.Assert( false, "aceLength % 4 != 0" ); throw new SystemException(); @@ -548,9 +548,9 @@ namespace System.Security.AccessControl if ( value.BinaryLength % 4 != 0 ) { // - // This indicates a bug in one of the ACE classes. - // Binary length of an ace must ALWAYS be divisible by 4. - // + // This indicates a + + Contract.Assert( false, "aceLength % 4 != 0" ); throw new SystemException(); @@ -1787,7 +1787,7 @@ namespace System.Security.AccessControl if ( ace == null ) { // - // <[....]-9/19/2004> Afraid to yank this statement now + // <Microsoft-9/19/2004> Afraid to yank this statement now // for fear of destabilization, so adding an assert instead // @@ -2991,6 +2991,11 @@ namespace System.Security.AccessControl RemoveQualifiedAcesSpecific( sid, AceQualifier.SystemAudit, accessMask, GenericAce.AceFlagsFromAuditFlags( auditFlags ) | GenericAce.AceFlagsFromInheritanceFlags( inheritanceFlags, propagationFlags ), ObjectAceFlags.None, Guid.Empty, Guid.Empty ); } + public void AddAudit(SecurityIdentifier sid, ObjectAuditRule rule) + { + AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); + } + public void AddAudit( AuditFlags auditFlags, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType ) { // @@ -3007,6 +3012,11 @@ namespace System.Security.AccessControl AddQualifiedAce(sid, AceQualifier.SystemAudit, accessMask, GenericAce.AceFlagsFromAuditFlags(auditFlags) | GenericAce.AceFlagsFromInheritanceFlags(inheritanceFlags, propagationFlags), objectFlags, objectType, inheritedObjectType); } + public void SetAudit(SecurityIdentifier sid, ObjectAuditRule rule) + { + SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); + } + public void SetAudit( AuditFlags auditFlags, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType ) { // @@ -3023,6 +3033,11 @@ namespace System.Security.AccessControl SetQualifiedAce(sid, AceQualifier.SystemAudit, accessMask, GenericAce.AceFlagsFromAuditFlags(auditFlags) | GenericAce.AceFlagsFromInheritanceFlags(inheritanceFlags, propagationFlags), objectFlags, objectType, inheritedObjectType); } + public bool RemoveAudit(SecurityIdentifier sid, ObjectAuditRule rule) + { + return RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); + } + public bool RemoveAudit( AuditFlags auditFlags, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType ) { // @@ -3038,6 +3053,11 @@ namespace System.Security.AccessControl return RemoveQualifiedAces(sid, AceQualifier.SystemAudit, accessMask, GenericAce.AceFlagsFromAuditFlags(auditFlags) | GenericAce.AceFlagsFromInheritanceFlags(inheritanceFlags, propagationFlags), true, objectFlags, objectType, inheritedObjectType); } + public void RemoveAuditSpecific(SecurityIdentifier sid, ObjectAuditRule rule) + { + RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); + } + public void RemoveAuditSpecific( AuditFlags auditFlags, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType ) { // @@ -3134,6 +3154,11 @@ namespace System.Security.AccessControl RemoveQualifiedAcesSpecific(sid, accessType == AccessControlType.Allow ? AceQualifier.AccessAllowed : AceQualifier.AccessDenied, accessMask, GenericAce.AceFlagsFromInheritanceFlags( inheritanceFlags, propagationFlags ), ObjectAceFlags.None, Guid.Empty, Guid.Empty ); } + public void AddAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule) + { + AddAccess(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); + } + public void AddAccess( AccessControlType accessType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType ) { // @@ -3152,6 +3177,11 @@ namespace System.Security.AccessControl AddQualifiedAce( sid, accessType == AccessControlType.Allow ? AceQualifier.AccessAllowed : AceQualifier.AccessDenied, accessMask, GenericAce.AceFlagsFromInheritanceFlags( inheritanceFlags, propagationFlags ), objectFlags, objectType, inheritedObjectType ); } + public void SetAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule) + { + SetAccess(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); + } + public void SetAccess( AccessControlType accessType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType ) { // @@ -3170,6 +3200,11 @@ namespace System.Security.AccessControl SetQualifiedAce( sid, accessType == AccessControlType.Allow ? AceQualifier.AccessAllowed : AceQualifier.AccessDenied, accessMask, GenericAce.AceFlagsFromInheritanceFlags( inheritanceFlags, propagationFlags ), objectFlags, objectType, inheritedObjectType); } + public bool RemoveAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule) + { + return RemoveAccess(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); + } + public bool RemoveAccess( AccessControlType accessType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType ) { // @@ -3187,6 +3222,11 @@ namespace System.Security.AccessControl return RemoveQualifiedAces(sid, accessType == AccessControlType.Allow ? AceQualifier.AccessAllowed : AceQualifier.AccessDenied, accessMask, GenericAce.AceFlagsFromInheritanceFlags( inheritanceFlags, propagationFlags ), false, objectFlags, objectType, inheritedObjectType ); } + public void RemoveAccessSpecific(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule) + { + RemoveAccessSpecific(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); + } + public void RemoveAccessSpecific( AccessControlType accessType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType ) { // diff --git a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/objectsecurity.cs b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/objectsecurity.cs index dedd7d4e5bb..75ffca9e5e4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/objectsecurity.cs +++ b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/objectsecurity.cs @@ -67,7 +67,7 @@ namespace System.Security.AccessControl #region Constructors - private ObjectSecurity() + protected ObjectSecurity() { } @@ -79,7 +79,7 @@ namespace System.Security.AccessControl _securityDescriptor = new CommonSecurityDescriptor( isContainer, isDS, ControlFlags.None, null, null, null, dacl ); } - internal ObjectSecurity( CommonSecurityDescriptor securityDescriptor ) + protected ObjectSecurity( CommonSecurityDescriptor securityDescriptor ) : this() { if ( securityDescriptor == null ) diff --git a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/privilege.cs b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/privilege.cs index aabc4a4e172..86a29142f16 100644 --- a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/privilege.cs +++ b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/privilege.cs @@ -171,11 +171,11 @@ namespace System.Security.AccessControl private bool disposed = false; private int referenceCount = 1; [System.Security.SecurityCritical] // auto-generated - private SafeTokenHandle threadHandle = new SafeTokenHandle( IntPtr.Zero ); + private SafeAccessTokenHandle threadHandle = new SafeAccessTokenHandle( IntPtr.Zero ); private bool isImpersonating = false; [System.Security.SecurityCritical] // auto-generated - private static volatile SafeTokenHandle processHandle = new SafeTokenHandle( IntPtr.Zero ); + private static volatile SafeAccessTokenHandle processHandle = new SafeAccessTokenHandle( IntPtr.Zero ); private static readonly object syncRoot = new object(); #region Constructor and Finalizer @@ -201,7 +201,7 @@ namespace System.Security.AccessControl { if ( processHandle.IsInvalid) { - SafeTokenHandle localProcessHandle; + SafeAccessTokenHandle localProcessHandle; if ( false == Win32Native.OpenProcessToken( Win32Native.GetCurrentProcess(), TokenAccessLevels.Duplicate, @@ -229,7 +229,7 @@ namespace System.Security.AccessControl // the process token by impersonating self. // - SafeTokenHandle threadHandleBefore = this.threadHandle; + SafeAccessTokenHandle threadHandleBefore = this.threadHandle; error = FCall.OpenThreadToken( TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, WinSecurityContext.Process, @@ -386,7 +386,7 @@ namespace System.Security.AccessControl #region Properties - public SafeTokenHandle ThreadHandle + public SafeAccessTokenHandle ThreadHandle { [System.Security.SecurityCritical] // auto-generated get { return this.threadHandle; } diff --git a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/rules.cs b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/rules.cs index 118bf926432..c9b3504f6ae 100644 --- a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/rules.cs +++ b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/rules.cs @@ -346,16 +346,16 @@ namespace System.Security.AccessControl { #region Constructors - internal AuthorizationRuleCollection() + public AuthorizationRuleCollection() : base() { } #endregion - #region Internal methods + #region Public methods - internal void AddRule( AuthorizationRule rule ) + public void AddRule( AuthorizationRule rule ) { InnerList.Add( rule ); } diff --git a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/securitydescriptor.cs b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/securitydescriptor.cs index 2e6560ef073..cf75b4a7dba 100644 --- a/mcs/class/referencesource/mscorlib/system/security/accesscontrol/securitydescriptor.cs +++ b/mcs/class/referencesource/mscorlib/system/security/accesscontrol/securitydescriptor.cs @@ -42,7 +42,6 @@ namespace System.Security.AccessControl SelfRelative = 0x8000, // must always be on } - public abstract class GenericSecurityDescriptor { #region Protected Members @@ -914,7 +913,7 @@ namespace System.Security.AccessControl ControlFlags actualFlags = flags | ControlFlags.DiscretionaryAclPresent; // - // Keep SACL and the flag bit in [....]. + // Keep SACL and the flag bit in sync. // if (systemAcl == null) @@ -1241,6 +1240,18 @@ namespace System.Security.AccessControl } } + public void AddDiscretionaryAcl(byte revision, int trusted) + { + this.DiscretionaryAcl = new DiscretionaryAcl(this.IsContainer, this.IsDS, revision, trusted); + this.AddControlFlags(ControlFlags.DiscretionaryAclPresent); + } + + public void AddSystemAcl(byte revision, int trusted) + { + this.SystemAcl = new SystemAcl(this.IsContainer, this.IsDS, revision, trusted); + this.AddControlFlags(ControlFlags.SystemAclPresent); + } + #endregion #region internal Methods @@ -1252,7 +1263,7 @@ namespace System.Security.AccessControl // // These two add/remove method must be called with great care (and thus it is internal) - // The caller is responsible for keeping the SaclPresent and DaclPresent bits in [....] + // The caller is responsible for keeping the SaclPresent and DaclPresent bits in sync // with the actual SACL and DACL. // diff --git a/mcs/class/referencesource/mscorlib/system/security/attributes.cs b/mcs/class/referencesource/mscorlib/system/security/attributes.cs index cd8b165baaf..f76ef8a2b26 100644 --- a/mcs/class/referencesource/mscorlib/system/security/attributes.cs +++ b/mcs/class/referencesource/mscorlib/system/security/attributes.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> using System.Runtime.InteropServices; namespace System.Security diff --git a/mcs/class/referencesource/mscorlib/system/security/builtinpermissionsets.cs b/mcs/class/referencesource/mscorlib/system/security/builtinpermissionsets.cs index be1d10fdce6..b3f65637603 100644 --- a/mcs/class/referencesource/mscorlib/system/security/builtinpermissionsets.cs +++ b/mcs/class/referencesource/mscorlib/system/security/builtinpermissionsets.cs @@ -4,7 +4,7 @@ // // ==--== // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using System; diff --git a/mcs/class/referencesource/mscorlib/system/security/claims/Claim.cs b/mcs/class/referencesource/mscorlib/system/security/claims/Claim.cs index d7ad4e38025..9a49bc497d4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/claims/Claim.cs +++ b/mcs/class/referencesource/mscorlib/system/security/claims/Claim.cs @@ -7,7 +7,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -18,6 +18,7 @@ namespace System.Security.Claims { using System.Collections.Generic; using System.Diagnostics.Contracts; + using System.IO; using System.Runtime.InteropServices; using System.Runtime.Serialization; @@ -36,6 +37,9 @@ namespace System.Security.Claims string m_value; string m_valueType; + [NonSerialized] + byte[] m_userSerializationData; + Dictionary<string, string> m_properties; [NonSerialized] @@ -43,10 +47,49 @@ namespace System.Security.Claims [NonSerialized] ClaimsIdentity m_subject; - + + private enum SerializationMask + { + None = 0, + NameClaimType = 1, + RoleClaimType = 2, + StringType = 4, + Issuer = 8, + OriginalIssuerEqualsIssuer = 16, + OriginalIssuer = 32, + HasProperties = 64, + UserData = 128, + } + #region Claim Constructors /// <summary> + /// Initializes an instance of <see cref="Claim"/> using a <see cref="BinaryReader"/>. + /// Normally the <see cref="BinaryReader"/> is constructed using the bytes from <see cref="WriteTo(BinaryWriter)"/> and initialized in the same way as the <see cref="BinaryWriter"/>. + /// </summary> + /// <param name="reader">a <see cref="BinaryReader"/> pointing to a <see cref="Claim"/>.</param> + /// <exception cref="ArgumentNullException">if 'reader' is null.</exception> + public Claim(BinaryReader reader) + : this(reader, null) + { + } + + /// <summary> + /// Initializes an instance of <see cref="Claim"/> using a <see cref="BinaryReader"/>. + /// Normally the <see cref="BinaryReader"/> is constructed using the bytes from <see cref="WriteTo(BinaryWriter)"/> and initialized in the same way as the <see cref="BinaryWriter"/>. + /// </summary> + /// <param name="reader">a <see cref="BinaryReader"/> pointing to a <see cref="Claim"/>.</param> + /// <param name="subject"> the value for <see cref="Claim.Subject"/>, which is the <see cref="ClaimsIdentity"/> that has these claims.</param> + /// <exception cref="ArgumentNullException">if 'reader' is null.</exception> + public Claim(BinaryReader reader, ClaimsIdentity subject) + { + if (reader == null) + throw new ArgumentNullException("reader"); + + Initialize(reader, subject); + } + + /// <summary> /// Creates a <see cref="Claim"/> with the specified type and value. /// </summary> /// <param name="type">The claim type.</param> @@ -203,9 +246,64 @@ namespace System.Security.Claims } } + /// <summary> + /// Copy constructor for <see cref="Claim"/> + /// </summary> + /// <param name="other">the <see cref="Claim"/> to copy.</param> + /// <remarks><see cref="Claim.Subject"/>will be set to 'null'.</remarks> + /// <exception cref="ArgumentNullException">if 'other' is null.</exception> + protected Claim(Claim other) + : this(other, (other == null ? (ClaimsIdentity)null : other.m_subject)) + { + } + + /// <summary> + /// Copy constructor for <see cref="Claim"/> + /// </summary> + /// <param name="other">the <see cref="Claim"/> to copy.</param> + /// <param name="subject">the <see cref="ClaimsIdentity"/> to assign to <see cref="Claim.Subject"/>.</param> + /// <remarks><see cref="Claim.Subject"/>will be set to 'subject'.</remarks> + /// <exception cref="ArgumentNullException">if 'other' is null.</exception> + protected Claim(Claim other, ClaimsIdentity subject) + { + if (other == null) + throw new ArgumentNullException("other"); + + m_issuer = other.m_issuer; + m_originalIssuer = other.m_originalIssuer; + m_subject = subject; + m_type = other.m_type; + m_value = other.m_value; + m_valueType = other.m_valueType; + if (other.m_properties != null) + { + m_properties = new Dictionary<string, string>(); + foreach (var key in other.m_properties.Keys) + { + m_properties.Add(key, other.m_properties[key]); + } + } + + if (other.m_userSerializationData != null) + { + m_userSerializationData = other.m_userSerializationData.Clone() as byte[]; + } + } + #endregion /// <summary> + /// Contains any additional data provided by a derived type, typically set when calling <see cref="WriteTo(BinaryWriter, byte[])"/>.</param> + /// </summary> + protected virtual byte[] CustomSerializationData + { + get + { + return m_userSerializationData; + } + } + + /// <summary> /// Gets the issuer of the <see cref="Claim"/>. /// </summary> public string Issuer @@ -266,6 +364,7 @@ namespace System.Security.Claims /// <summary> /// Gets the claim type of the <see cref="Claim"/>. /// </summary> + /// <seealso cref="ClaimTypes"/>. public string Type { get { return m_type; } @@ -282,39 +381,233 @@ namespace System.Security.Claims /// <summary> /// Gets the value type of the <see cref="Claim"/>. /// </summary> + /// <seealso cref="ClaimValueTypes"/> public string ValueType { get { return m_valueType; } } /// <summary> - /// Returns a new <see cref="Claim"/> object copied from this object. The subject of the new claim object is set to null. + /// Creates a new instance <see cref="Claim"/> with values copied from this object. /// </summary> - /// <returns>A new <see cref="Claim"/> object copied from this object.</returns> - /// <remarks>This is a shallow copy operation.</remarks> public virtual Claim Clone() { return Clone((ClaimsIdentity)null); } /// <summary> - /// Returns a new <see cref="Claim"/> object copied from this object. The subject of the new claim object is set to identity. + /// Creates a new instance <see cref="Claim"/> with values copied from this object. /// </summary> - /// <param name="identity">The <see cref="ClaimsIdentity"/> that this <see cref="Claim"/> is associated with.</param> - /// <returns>A new <see cref="Claim"/> object copied from this object.</returns> - /// <remarks>This is a shallow copy operation.</remarks> + /// <param name="identity">the value for <see cref="Claim.Subject"/>, which is the <see cref="ClaimsIdentity"/> that has these claims. + /// <remarks><see cref="Claim.Subject"/> will be set to 'identity'.</remarks> public virtual Claim Clone(ClaimsIdentity identity) { - Claim newClaim = new Claim(m_type, m_value, m_valueType, m_issuer, m_originalIssuer, identity); - if (m_properties != null) + return new Claim(this, identity); + } + + private void Initialize(BinaryReader reader, ClaimsIdentity subject) + { + if (reader == null) + { + throw new ArgumentNullException("reader"); + } + + m_subject = subject; + + SerializationMask mask = (SerializationMask)reader.ReadInt32(); + int numPropertiesRead = 1; + int numPropertiesToRead = reader.ReadInt32(); + m_value = reader.ReadString(); + + if ((mask & SerializationMask.NameClaimType) == SerializationMask.NameClaimType) + { + m_type = ClaimsIdentity.DefaultNameClaimType; + } + else if ((mask & SerializationMask.RoleClaimType) == SerializationMask.RoleClaimType) + { + m_type = ClaimsIdentity.DefaultRoleClaimType; + } + else + { + m_type = reader.ReadString(); + numPropertiesRead++; + } + + if ((mask & SerializationMask.StringType) == SerializationMask.StringType) + { + m_valueType = reader.ReadString(); + numPropertiesRead++; + } + else + { + m_valueType = ClaimValueTypes.String; + } + + if ((mask & SerializationMask.Issuer) == SerializationMask.Issuer) + { + m_issuer = reader.ReadString(); + numPropertiesRead++; + } + else + { + m_issuer = ClaimsIdentity.DefaultIssuer; + } + + if ((mask & SerializationMask.OriginalIssuerEqualsIssuer) == SerializationMask.OriginalIssuerEqualsIssuer) { - foreach (string key in m_properties.Keys) + m_originalIssuer = m_issuer; + } + else if ((mask & SerializationMask.OriginalIssuer) == SerializationMask.OriginalIssuer) + { + m_originalIssuer = reader.ReadString(); + numPropertiesRead++; + } + else + { + m_originalIssuer = ClaimsIdentity.DefaultIssuer; + } + + if ((mask & SerializationMask.HasProperties) == SerializationMask.HasProperties) + { + // + int numProperties = reader.ReadInt32(); + for (int i = 0; i < numProperties; i++) { - newClaim.Properties[key] = m_properties[key]; + Properties.Add(reader.ReadString(), reader.ReadString()); } } - return newClaim; + if ((mask & SerializationMask.UserData) == SerializationMask.UserData) + { + // + int cb = reader.ReadInt32(); + m_userSerializationData = reader.ReadBytes(cb); + numPropertiesRead++; + } + + for (int i = numPropertiesRead; i < numPropertiesToRead; i++) + { + reader.ReadString(); + } + } + + /// <summary> + /// Serializes using a <see cref="BinaryWriter"/> + /// </summary> + /// <param name="writer">the <see cref="BinaryWriter"/> to use for data storage.</param> + /// <exception cref="ArgumentNullException">if 'writer' is null.</exception> + public virtual void WriteTo(BinaryWriter writer) + { + WriteTo(writer, null); + } + + /// <summary> + /// Serializes using a <see cref="BinaryWriter"/> + /// </summary> + /// <param name="writer">the <see cref="BinaryWriter"/> to use for data storage.</param> + /// <param name="userData">additional data provided by derived type.</param> + /// <exception cref="ArgumentNullException">if 'writer' is null.</exception> + protected virtual void WriteTo(BinaryWriter writer, byte[] userData) + { + if (writer == null) + { + throw new ArgumentNullException("writer"); + } + + // + + + int numberOfPropertiesWritten = 1; + SerializationMask mask = SerializationMask.None; + if (string.Equals(m_type, ClaimsIdentity.DefaultNameClaimType)) + { + mask |= SerializationMask.NameClaimType; + } + else if (string.Equals(m_type, ClaimsIdentity.DefaultRoleClaimType)) + { + mask |= SerializationMask.RoleClaimType; + } + else + { + numberOfPropertiesWritten++; + } + + if (!string.Equals(m_valueType, ClaimValueTypes.String, StringComparison.Ordinal)) + { + numberOfPropertiesWritten++; + mask |= SerializationMask.StringType; + } + + if (!string.Equals(m_issuer, ClaimsIdentity.DefaultIssuer, StringComparison.Ordinal)) + { + numberOfPropertiesWritten++; + mask |= SerializationMask.Issuer; + } + + if (string.Equals(m_originalIssuer, m_issuer, StringComparison.Ordinal)) + { + mask |= SerializationMask.OriginalIssuerEqualsIssuer; + } + else if (!string.Equals(m_originalIssuer, ClaimsIdentity.DefaultIssuer, StringComparison.Ordinal)) + { + numberOfPropertiesWritten++; + mask |= SerializationMask.OriginalIssuer; + } + + if (Properties.Count > 0) + { + numberOfPropertiesWritten++; + mask |= SerializationMask.HasProperties; + } + + // + if (userData != null && userData.Length > 0) + { + numberOfPropertiesWritten++; + mask |= SerializationMask.UserData; + } + + writer.Write((Int32)mask); + writer.Write((Int32)numberOfPropertiesWritten); + writer.Write(m_value); + + if (((mask & SerializationMask.NameClaimType) != SerializationMask.NameClaimType) && ((mask & SerializationMask.RoleClaimType) != SerializationMask.RoleClaimType)) + { + writer.Write(m_type); + } + + if ((mask & SerializationMask.StringType) == SerializationMask.StringType) + { + writer.Write(m_valueType); + } + + if ((mask & SerializationMask.Issuer) == SerializationMask.Issuer) + { + writer.Write(m_issuer); + } + + if ((mask & SerializationMask.OriginalIssuer) == SerializationMask.OriginalIssuer) + { + writer.Write(m_originalIssuer); + } + + if ((mask & SerializationMask.HasProperties) == SerializationMask.HasProperties) + { + writer.Write(Properties.Count); + foreach (var key in Properties.Keys) + { + writer.Write(key); + writer.Write(Properties[key]); + } + } + + if ((mask & SerializationMask.UserData) == SerializationMask.UserData) + { + writer.Write((Int32)userData.Length); + writer.Write(userData); + } + + writer.Flush(); } /// <summary> diff --git a/mcs/class/referencesource/mscorlib/system/security/claims/ClaimTypes.cs b/mcs/class/referencesource/mscorlib/system/security/claims/ClaimTypes.cs index 12019f397f2..f91627ba885 100644 --- a/mcs/class/referencesource/mscorlib/system/security/claims/ClaimTypes.cs +++ b/mcs/class/referencesource/mscorlib/system/security/claims/ClaimTypes.cs @@ -7,7 +7,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Brentsch</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/claims/ClaimValueTypes.cs b/mcs/class/referencesource/mscorlib/system/security/claims/ClaimValueTypes.cs index 32c9b0b2c07..2eb238f4908 100644 --- a/mcs/class/referencesource/mscorlib/system/security/claims/ClaimValueTypes.cs +++ b/mcs/class/referencesource/mscorlib/system/security/claims/ClaimValueTypes.cs @@ -7,7 +7,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Brentsch</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/claims/ClaimsIdentity.cs b/mcs/class/referencesource/mscorlib/system/security/claims/ClaimsIdentity.cs index 698f87bafec..87a8604ab14 100644 --- a/mcs/class/referencesource/mscorlib/system/security/claims/ClaimsIdentity.cs +++ b/mcs/class/referencesource/mscorlib/system/security/claims/ClaimsIdentity.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -30,6 +30,22 @@ namespace System.Security.Claims [ComVisible(true)] public class ClaimsIdentity : IIdentity { + private enum SerializationMask + { + None = 0, + AuthenticationType = 1, + BootstrapConext = 2, + NameClaimType = 4, + RoleClaimType = 8, + HasClaims = 16, + HasLabel = 32, + Actor = 64, + UserData = 128, + } + + [NonSerialized] + private byte[] m_userSerializationData; + [NonSerialized] const string PreFix = "System.Security.ClaimsIdentity."; [NonSerialized] @@ -333,6 +349,49 @@ namespace System.Security.Claims } } + /// Initializes an instance of <see cref="ClaimsIdentity"/> using a <see cref="BinaryReader"/>. + /// Normally the reader is constructed from the bytes returned from <see cref="WriteTo"/> + /// </summary> + /// <param name="reader">a <see cref="BinaryReader"/> pointing to a <see cref="ClaimsIdentity"/>.</param> + /// <exception cref="ArgumentNullException">if 'reader' is null.</exception> + public ClaimsIdentity(BinaryReader reader) + { + if (reader == null) + throw new ArgumentNullException("reader"); + + Initialize(reader); + } + + /// <summary> + /// Copy constructor. + /// </summary> + /// <param name="other"><see cref="ClaimsIdentity"/> to copy.</param> + /// <exception cref="ArgumentNullException">if 'other' is null.</exception> + protected ClaimsIdentity(ClaimsIdentity other) + { + if (other == null) + { + throw new ArgumentNullException("other"); + } + + if (other.m_actor != null) + { + m_actor = other.m_actor.Clone(); + } + + m_authenticationType = other.m_authenticationType; + m_bootstrapContext = other.m_bootstrapContext; + m_label = other.m_label; + m_nameType = other.m_nameType; + m_roleType = other.m_roleType; + if (other.m_userSerializationData != null) + { + m_userSerializationData = other.m_userSerializationData.Clone() as byte[]; + } + + SafeAddClaims(other.m_instanceClaims); + } + /// <summary> /// Initializes an instance of <see cref="Identity"/> from a serialized stream created via /// <see cref="ISerializable"/>. @@ -451,6 +510,17 @@ namespace System.Security.Claims } /// <summary> + /// Contains any additional data provided by a derived type, typically set when calling <see cref="WriteTo(BinaryWriter, byte[])"/>.</param> + /// </summary> + protected virtual byte[] CustomSerializationData + { + get + { + return m_userSerializationData; + } + } + + /// <summary> /// Allow the association of claims with this instance of <see cref="ClaimsIdentity"/>. /// The claims will not be serialized or added in Clone(). They will be included in searches, finds and returned from the call to Claims. /// It is recommended the creator of the claims ensures the subject of the claims reflects this <see cref="ClaimsIdentity"/>. @@ -998,6 +1068,203 @@ namespace System.Security.Claims return false; } + /// <summary> + /// Initializes from a <see cref="BinaryReader"/>. Normally the reader is initialized in the same as the one passed to <see cref="Serialize(BinaryWriter)"/> + /// </summary> + /// <param name="reader">a <see cref="BinaryReader"/> pointing to a <see cref="ClaimsIdentity"/>.</param> + /// <exception cref="ArgumentNullException">if 'reader' is null.</exception> + private void Initialize(BinaryReader reader) + { + if (reader == null) + { + throw new ArgumentNullException("reader"); + } + + // + SerializationMask mask = (SerializationMask)reader.ReadInt32(); + + if ((mask & SerializationMask.AuthenticationType) == SerializationMask.AuthenticationType) + { + m_authenticationType = reader.ReadString(); + } + + if ((mask & SerializationMask.BootstrapConext) == SerializationMask.BootstrapConext) + { + m_bootstrapContext = reader.ReadString(); + } + + if ((mask & SerializationMask.NameClaimType) == SerializationMask.NameClaimType) + { + m_nameType = reader.ReadString(); + } + else + { + m_nameType = ClaimsIdentity.DefaultNameClaimType; + } + + if ((mask & SerializationMask.RoleClaimType) == SerializationMask.RoleClaimType) + { + m_roleType = reader.ReadString(); + } + else + { + m_roleType = ClaimsIdentity.DefaultRoleClaimType; + } + + if ((mask & SerializationMask.HasClaims) == SerializationMask.HasClaims) + { + // + int numberOfClaims = reader.ReadInt32(); + for (int index = 0; index < numberOfClaims; ++index) + { + Claim claim = new Claim(reader, this); + m_instanceClaims.Add(claim); + } + } + } + + /// <summary> + /// Provides and extensibility point for derived types to create a custom <see cref="Claim"/>. + /// </summary> + /// <param name="reader">the <see cref="BinaryReader"/>that points at the claim.</param> + /// <returns>a new <see cref="Claim"/>.</returns> + protected virtual Claim CreateClaim(BinaryReader reader) + { + if (reader == null) + { + throw new ArgumentNullException("reader"); + } + + return new Claim(reader, this); + } + + /// <summary> + /// Serializes using a <see cref="BinaryWriter"/> + /// </summary> + /// <param name="writer">the <see cref="BinaryWriter"/> to use for data storage.</param> + /// <exception cref="ArgumentNullException">if 'writer' is null.</exception> + public virtual void WriteTo(BinaryWriter writer) + { + WriteTo(writer, null); + } + + /// <summary> + /// Serializes using a <see cref="BinaryWriter"/> + /// </summary> + /// <param name="writer">the <see cref="BinaryWriter"/> to use for data storage.</param> + /// <param name="userData">additional data provided by derived type.</param> + /// <exception cref="ArgumentNullException">if 'writer' is null.</exception> + protected virtual void WriteTo(BinaryWriter writer, byte[] userData) + { + if (writer == null) + { + throw new ArgumentNullException("writer"); + } + + int numberOfPropertiesWritten = 0; + var mask = SerializationMask.None; + if (m_authenticationType != null) + { + mask |= SerializationMask.AuthenticationType; + numberOfPropertiesWritten++; + } + + if (m_bootstrapContext != null) + { + string rawData = m_bootstrapContext as string; + if (rawData != null) + { + mask |= SerializationMask.BootstrapConext; + numberOfPropertiesWritten++; + } + } + + if (!string.Equals(m_nameType, ClaimsIdentity.DefaultNameClaimType, StringComparison.Ordinal)) + { + mask |= SerializationMask.NameClaimType; + numberOfPropertiesWritten++; + } + + if (!string.Equals(m_roleType, ClaimsIdentity.DefaultRoleClaimType, StringComparison.Ordinal)) + { + mask |= SerializationMask.RoleClaimType; + numberOfPropertiesWritten++; + } + + if (!string.IsNullOrWhiteSpace(m_label)) + { + mask |= SerializationMask.HasLabel; + numberOfPropertiesWritten++; + } + + if (m_instanceClaims.Count > 0) + { + mask |= SerializationMask.HasClaims; + numberOfPropertiesWritten++; + } + + if (m_actor != null) + { + mask |= SerializationMask.Actor; + numberOfPropertiesWritten++; + } + + if (userData != null && userData.Length > 0) + { + numberOfPropertiesWritten++; + mask |= SerializationMask.UserData; + } + + writer.Write((Int32)mask); + writer.Write((Int32)numberOfPropertiesWritten); + if ((mask & SerializationMask.AuthenticationType) == SerializationMask.AuthenticationType) + { + writer.Write(m_authenticationType); + } + + if ((mask & SerializationMask.BootstrapConext) == SerializationMask.BootstrapConext) + { + writer.Write(m_bootstrapContext as string); + } + + if ((mask & SerializationMask.NameClaimType) == SerializationMask.NameClaimType) + { + writer.Write(m_nameType); + } + + if ((mask & SerializationMask.RoleClaimType) == SerializationMask.RoleClaimType) + { + writer.Write(m_roleType); + } + + if ((mask & SerializationMask.HasLabel) == SerializationMask.HasLabel) + { + writer.Write(m_label); + } + + if ((mask & SerializationMask.HasClaims) == SerializationMask.HasClaims) + { + writer.Write((Int32)m_instanceClaims.Count); + foreach (var claim in m_instanceClaims) + { + claim.WriteTo(writer); + } + } + + if ((mask & SerializationMask.Actor) == SerializationMask.Actor) + { + m_actor.WriteTo(writer); + } + + if ((mask & SerializationMask.UserData) == SerializationMask.UserData) + { + writer.Write((Int32)userData.Length); + writer.Write(userData); + } + + writer.Flush(); + } + // <param name="useContext"></param> The reason for this param is due to WindowsIdentity deciding to have an // api that doesn't pass the context to its internal constructor. [SecurityCritical] diff --git a/mcs/class/referencesource/mscorlib/system/security/claims/ClaimsPrincipal.cs b/mcs/class/referencesource/mscorlib/system/security/claims/ClaimsPrincipal.cs index 0d4be8ae0c6..3512df9da93 100644 --- a/mcs/class/referencesource/mscorlib/system/security/claims/ClaimsPrincipal.cs +++ b/mcs/class/referencesource/mscorlib/system/security/claims/ClaimsPrincipal.cs @@ -7,7 +7,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -36,6 +36,16 @@ namespace System.Security.Claims [ComVisible(true)] public class ClaimsPrincipal : IPrincipal { + private enum SerializationMask + { + None = 0, + HasIdentities = 1, + UserData = 2 + } + + [NonSerialized] + private byte[] m_userSerializationData; + [NonSerialized] const string PreFix = "System.Security.ClaimsPrincipal."; [NonSerialized] @@ -230,6 +240,21 @@ namespace System.Security.Claims } } + /// <summary> + /// Initializes an instance of <see cref="ClaimsPrincipal"/> using a <see cref="BinaryReader"/>. + /// Normally the <see cref="BinaryReader"/> is constructed using the bytes from <see cref="WriteTo(BinaryWriter)"/> and initialized in the same way as the <see cref="BinaryWriter"/>. + /// </summary> + /// <param name="reader">a <see cref="BinaryReader"/> pointing to a <see cref="ClaimsPrincipal"/>.</param> + /// <exception cref="ArgumentNullException">if 'reader' is null.</exception> + public ClaimsPrincipal(BinaryReader reader) + { + if (reader == null) + throw new ArgumentNullException("reader"); + + Initialize(reader); + } + + [SecurityCritical] protected ClaimsPrincipal(SerializationInfo info, StreamingContext context) { @@ -241,6 +266,41 @@ namespace System.Security.Claims Deserialize(info, context); } + /// <summary> + /// Contains any additional data provided by derived type, typically set when calling <see cref="WriteTo(BinaryWriter, byte[])"/>.</param> + /// </summary> + protected virtual byte[] CustomSerializationData + { + get + { + return m_userSerializationData; + } + } + + /// <summary> + /// Creates a new instance of <see cref="ClaimsPrincipal"/> with values copied from this object. + /// </summary> + public virtual ClaimsPrincipal Clone() + { + return new ClaimsPrincipal(this); + } + + /// <summary> + /// Provides and extensibility point for derived types to create a custom <see cref="ClaimsIdentity"/>. + /// </summary> + /// <param name="reader">the <see cref="BinaryReader"/>that points at the claim.</param> + /// <exception cref="ArgumentNullException">if 'reader' is null.</exception> + /// <returns>a new <see cref="ClaimsIdentity"/>.</returns> + protected virtual ClaimsIdentity CreateClaimsIdentity(BinaryReader reader) + { + if (reader == null) + { + throw new ArgumentNullException("reader"); + } + + return new ClaimsIdentity(reader); + } + #endregion ClaimsPrincipal Constructors [OnSerializing()] @@ -717,6 +777,104 @@ namespace System.Security.Claims return false; } + + /// <summary> + /// Initializes from a <see cref="BinaryReader"/>. Normally the reader is initialized with the results from <see cref="WriteTo(BinaryWriter)"/> + /// Normally the <see cref="BinaryReader"/> is initialized in the same way as the <see cref="BinaryWriter"/> passed to <see cref="WriteTo(BinaryWriter)"/>. + /// </summary> + /// <param name="reader">a <see cref="BinaryReader"/> pointing to a <see cref="ClaimsPrincipal"/>.</param> + /// <exception cref="ArgumentNullException">if 'reader' is null.</exception> + private void Initialize(BinaryReader reader) + { + if (reader == null) + { + throw new ArgumentNullException("reader"); + } + + SerializationMask mask = (SerializationMask)reader.ReadInt32(); + int numPropertiesToRead = reader.ReadInt32(); + int numPropertiesRead = 0; + if ((mask & SerializationMask.HasIdentities) == SerializationMask.HasIdentities) + { + numPropertiesRead++; + int numberOfIdentities = reader.ReadInt32(); + for (int index = 0; index < numberOfIdentities; ++index) + { + // directly add to m_identities as that is what we serialized from + m_identities.Add(CreateClaimsIdentity(reader)); + } + } + + if ((mask & SerializationMask.UserData) == SerializationMask.UserData) + { + // + int cb = reader.ReadInt32(); + m_userSerializationData = reader.ReadBytes(cb); + numPropertiesRead++; + } + + for (int i = numPropertiesRead; i < numPropertiesToRead; i++) + { + reader.ReadString(); + } + } + + /// <summary> + /// Serializes using a <see cref="BinaryWriter"/> + /// </summary> + /// <exception cref="ArgumentNullException">if 'writer' is null.</exception> + public virtual void WriteTo(BinaryWriter writer) + { + WriteTo(writer, null); + } + + /// <summary> + /// Serializes using a <see cref="BinaryWriter"/> + /// </summary> + /// <param name="writer">the <see cref="BinaryWriter"/> to use for data storage.</param> + /// <param name="userData">additional data provided by derived type.</param> + /// <exception cref="ArgumentNullException">if 'writer' is null.</exception> + protected virtual void WriteTo(BinaryWriter writer, byte[] userData) + { + + if (writer == null) + { + throw new ArgumentNullException("writer"); + } + + int numberOfPropertiesWritten = 0; + var mask = SerializationMask.None; + if (m_identities.Count > 0) + { + mask |= SerializationMask.HasIdentities; + numberOfPropertiesWritten++; + } + + if (userData != null && userData.Length > 0) + { + numberOfPropertiesWritten++; + mask |= SerializationMask.UserData; + } + + writer.Write((Int32)mask); + writer.Write((Int32)numberOfPropertiesWritten); + if ((mask & SerializationMask.HasIdentities) == SerializationMask.HasIdentities) + { + writer.Write(m_identities.Count); + foreach (var identity in m_identities) + { + identity.WriteTo(writer); + } + } + + if ((mask & SerializationMask.UserData) == SerializationMask.UserData) + { + writer.Write((Int32)userData.Length); + writer.Write(userData); + } + + writer.Flush(); + } } } diff --git a/mcs/class/referencesource/mscorlib/system/security/claims/RoleClaimProvider.cs b/mcs/class/referencesource/mscorlib/system/security/claims/RoleClaimProvider.cs index 3a061e99c19..3664f914222 100644 --- a/mcs/class/referencesource/mscorlib/system/security/claims/RoleClaimProvider.cs +++ b/mcs/class/referencesource/mscorlib/system/security/claims/RoleClaimProvider.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // // RoleClaimProvider.cs diff --git a/mcs/class/referencesource/mscorlib/system/security/codeaccesspermission.cs b/mcs/class/referencesource/mscorlib/system/security/codeaccesspermission.cs index 98fb570b48e..e1d1bb12ce3 100644 --- a/mcs/class/referencesource/mscorlib/system/security/codeaccesspermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/codeaccesspermission.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> namespace System.Security { using System.IO; diff --git a/mcs/class/referencesource/mscorlib/system/security/codeaccesssecurityengine.cs b/mcs/class/referencesource/mscorlib/system/security/codeaccesssecurityengine.cs index 45b3eccba21..804cc50b1af 100644 --- a/mcs/class/referencesource/mscorlib/system/security/codeaccesssecurityengine.cs +++ b/mcs/class/referencesource/mscorlib/system/security/codeaccesssecurityengine.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security { @@ -20,7 +20,7 @@ namespace System.Security { using System.Diagnostics.Contracts; // Used in DemandInternal, to remember the result of previous demands - // KEEP IN [....] WITH DEFINITIONS IN SECURITYPOLICY.H + // KEEP IN SYNC WITH DEFINITIONS IN SECURITYPOLICY.H [Serializable] internal enum PermissionType { diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/HashAlgorithmName.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/HashAlgorithmName.cs new file mode 100644 index 00000000000..3e75d7b5ad1 --- /dev/null +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/HashAlgorithmName.cs @@ -0,0 +1,109 @@ +// ==++== +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// +// ==--== + +namespace System.Security.Cryptography +{ + // Strongly typed string representing the name of a hash algorithm. + // Open ended to allow extensibility while giving the discoverable feel of an enum for common values. + + /// <summary> + /// Specifies the name of a cryptographic hash algorithm. + /// </summary> + /// Asymmetric Algorithms implemented using Microsoft's CNG (Cryptography Next Generation) API + /// will interpret the underlying string value as a CNG algorithm identifier: + /// * https://msdn.microsoft.com/en-us/library/windows/desktop/aa375534(v=vs.85).aspx + /// + /// As with CNG, the names are case-sensitive. + /// + /// Asymmetric Algorithms implemented using other technologies: + /// * Must recognize at least "MD5", "SHA1", "SHA256", "SHA384", and "SHA512". + /// * Should recognize additional CNG IDs for any other hash algorithms that they also support. + /// </remarks> + public struct HashAlgorithmName : IEquatable<HashAlgorithmName> + { + // Returning a new instance every time is free here since HashAlgorithmName is a struct with + // a single string field. The optimized codegen should be equivalent to return "MD5". + + /// <summary> + /// Gets a <see cref="HashAlgorithmName" /> representing "MD5" + /// </summary> + public static HashAlgorithmName MD5 { get { return new HashAlgorithmName("MD5"); } } + + /// <summary> + /// Gets a <see cref="HashAlgorithmName" /> representing "SHA1" + /// </summary> + public static HashAlgorithmName SHA1 { get { return new HashAlgorithmName("SHA1"); } } + + /// <summary> + /// Gets a <see cref="HashAlgorithmName" /> representing "SHA256" + /// </summary> + public static HashAlgorithmName SHA256 { get { return new HashAlgorithmName("SHA256"); } } + + /// <summary> + /// Gets a <see cref="HashAlgorithmName" /> representing "SHA384" + /// </summary> + public static HashAlgorithmName SHA384 { get { return new HashAlgorithmName("SHA384"); } } + + /// <summary> + /// Gets a <see cref="HashAlgorithmName" /> representing "SHA512" + /// </summary> + public static HashAlgorithmName SHA512 { get { return new HashAlgorithmName("SHA512"); } } + + private readonly string _name; + + /// <summary> + /// Gets a <see cref="HashAlgorithmName" /> representing a custom name. + /// </summary> + /// <param name="name">The custom hash algorithm name.</param> + public HashAlgorithmName(string name) + { + // Note: No validation because we have to deal with default(HashAlgorithmName) regardless. + _name = name; + } + + /// <summary> + /// Gets the underlying string representation of the algorithm name. + /// </summary> + /// <remarks> + /// May be null or empty to indicate that no hash algorithm is applicable. + /// </remarks> + public string Name + { + get { return _name; } + } + + public override string ToString() + { + return _name ?? String.Empty; + } + + public override bool Equals(object obj) + { + return obj is HashAlgorithmName && Equals((HashAlgorithmName)obj); + } + + public bool Equals(HashAlgorithmName other) + { + // NOTE: intentionally ordinal and case sensitive, matches CNG. + return _name == other._name; + } + + public override int GetHashCode() + { + return _name == null ? 0 : _name.GetHashCode(); + } + + public static bool operator ==(HashAlgorithmName left, HashAlgorithmName right) + { + return left.Equals(right); + } + + public static bool operator !=(HashAlgorithmName left, HashAlgorithmName right) + { + return !(left == right); + } + } +} diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/RSAEncryptionPadding.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/RSAEncryptionPadding.cs new file mode 100644 index 00000000000..9494908361d --- /dev/null +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/RSAEncryptionPadding.cs @@ -0,0 +1,130 @@ +// ==++== +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// +// ==--== + +namespace System.Security.Cryptography +{ + /// <summary> + /// Specifies the padding mode and parameters to use with RSA encryption or decryption operations. + /// </summary> + public sealed class RSAEncryptionPadding : IEquatable<RSAEncryptionPadding> + { + private static readonly RSAEncryptionPadding s_pkcs1 = new RSAEncryptionPadding(RSAEncryptionPaddingMode.Pkcs1, default(HashAlgorithmName)); + private static readonly RSAEncryptionPadding s_oaepSHA1 = CreateOaep(HashAlgorithmName.SHA1); + private static readonly RSAEncryptionPadding s_oaepSHA256 = CreateOaep(HashAlgorithmName.SHA256); + private static readonly RSAEncryptionPadding s_oaepSHA384 = CreateOaep(HashAlgorithmName.SHA384); + private static readonly RSAEncryptionPadding s_oaepSHA512 = CreateOaep(HashAlgorithmName.SHA512); + + /// <summary> + /// <see cref="RSAEncryptionPaddingMode.Pkcs1"/> mode. + /// </summary> + public static RSAEncryptionPadding Pkcs1 { get { return s_pkcs1; } } + + /// <summary> + /// <see cref="RSAEncryptionPaddingMode.Oaep"/> mode with SHA1 hash algorithm. + /// </summary> + public static RSAEncryptionPadding OaepSHA1 { get { return s_oaepSHA1; } } + + /// <summary> + /// <see cref="RSAEncrytpionPaddingMode.Oaep"/> mode with SHA256 hash algorithm. + /// </summary> + public static RSAEncryptionPadding OaepSHA256 { get { return s_oaepSHA256; } } + + /// <summary> + /// <see cref="RSAEncrytpionPaddingMode.Oaep"/> mode with SHA384 hash algorithm. + /// </summary> + public static RSAEncryptionPadding OaepSHA384 { get { return s_oaepSHA384; } } + + /// <summary> + /// <see cref="RSAEncrytpionPaddingMode.Oaep"/> mode with SHA512 hash algorithm. + /// </summary> + public static RSAEncryptionPadding OaepSHA512 { get { return s_oaepSHA512; } } + + private RSAEncryptionPaddingMode _mode; + private HashAlgorithmName _oaepHashAlgorithm; + + private RSAEncryptionPadding(RSAEncryptionPaddingMode mode, HashAlgorithmName oaepHashAlgorithm) + { + _mode = mode; + _oaepHashAlgorithm = oaepHashAlgorithm; + } + + /// <summary> + /// Creates a new instance instance representing <see cref="RSAEncryptionPaddingMode.Oaep"/> + /// with the given hash algorithm. + /// </summary> + public static RSAEncryptionPadding CreateOaep(HashAlgorithmName hashAlgorithm) + { + if (String.IsNullOrEmpty(hashAlgorithm.Name)) + { + throw new ArgumentException(Environment.GetResourceString("Cryptography_HashAlgorithmNameNullOrEmpty"), "hashAlgorithm"); + } + + return new RSAEncryptionPadding(RSAEncryptionPaddingMode.Oaep, hashAlgorithm); + } + + /// <summary> + /// Gets the padding mode to use. + /// </summary> + public RSAEncryptionPaddingMode Mode + { + get { return _mode; } + } + + /// <summary> + /// Gets the padding mode to use in conjunction with <see cref="RSAEncryptionPaddingMode.Oaep"/>. + /// </summary> + /// <remarks> + /// If <see cref="Mode"/> is not <see cref="RSAEncryptionPaddingMode.Oaep"/>, then <see cref="HashAlgorithmName.Name" /> will be null. + /// </remarks> + public HashAlgorithmName OaepHashAlgorithm + { + get { return _oaepHashAlgorithm; } + } + + public override int GetHashCode() + { + return CombineHashCodes(_mode.GetHashCode(), _oaepHashAlgorithm.GetHashCode()); + } + + // Same as non-public Tuple.CombineHashCodes + private static int CombineHashCodes(int h1, int h2) + { + return (((h1 << 5) + h1) ^ h2); + } + + public override bool Equals(object obj) + { + return Equals(obj as RSAEncryptionPadding); + } + + public bool Equals(RSAEncryptionPadding other) + { + return other != null + && _mode == other._mode + && _oaepHashAlgorithm == other._oaepHashAlgorithm; + } + + public static bool operator ==(RSAEncryptionPadding left, RSAEncryptionPadding right) + { + if (Object.ReferenceEquals(left, null)) + { + return Object.ReferenceEquals(right, null); + } + + return left.Equals(right); + } + + public static bool operator !=(RSAEncryptionPadding left, RSAEncryptionPadding right) + { + return !(left == right); + } + + public override string ToString() + { + return _mode.ToString() + _oaepHashAlgorithm.Name; + } + } +} diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/RSAEncryptionPaddingMode.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/RSAEncryptionPaddingMode.cs new file mode 100644 index 00000000000..7c1bb10d44f --- /dev/null +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/RSAEncryptionPaddingMode.cs @@ -0,0 +1,32 @@ +// ==++== +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// +// ==--== + +namespace System.Security.Cryptography +{ + /// <summary> + /// Specifies the padding mode to use with RSA encryption or decryption operations. + /// </summary> + public enum RSAEncryptionPaddingMode + { + /// <summary> + /// PKCS #1 v1.5. + /// </summary> + /// <remarks> + /// This mode correpsonds to the RSAES-PKCS1-v1_5 encryption scheme described in the PKCS #1 RSA Encryption Standard. + /// It is supported for compatibility with existing applications. + /// </remarks> + Pkcs1, + + /// <summary> + /// Optimal Asymmetric Encryption Padding. + /// </summary> + /// <remarks> + /// This mode corresponds to the RSAES-OEAP encryption scheme described in the PKCS #1 RSA Encryption Standard. + /// It is recommended for new applications. + /// </remarks> + Oaep, + } +} diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/RSASignaturePadding.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/RSASignaturePadding.cs new file mode 100644 index 00000000000..61989c70232 --- /dev/null +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/RSASignaturePadding.cs @@ -0,0 +1,87 @@ +// ==++== +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// +// ==--== + +namespace System.Security.Cryptography +{ + // NOTE: This is *currently* 1:1 with the enum, but it exists to reserve room for more options + // such as custom # of PSS salt bytes without having to modify other parts of the API + // surface. + + /// <summary> + /// Specifies the padding mode and parameters to use with RSA signature creation or verification operations. + /// </summary> + public sealed class RSASignaturePadding : IEquatable<RSASignaturePadding> + { + private static readonly RSASignaturePadding s_pkcs1 = new RSASignaturePadding(RSASignaturePaddingMode.Pkcs1); + private static readonly RSASignaturePadding s_pss = new RSASignaturePadding(RSASignaturePaddingMode.Pss); + + private readonly RSASignaturePaddingMode _mode; + + private RSASignaturePadding(RSASignaturePaddingMode mode) + { + _mode = mode; + } + + /// <summary> + /// <see cref="RSASignaturePaddingMode.Pkcs1"/> mode. + /// </summary> + public static RSASignaturePadding Pkcs1 + { + get { return s_pkcs1; } + } + + /// <summary> + /// <see cref="RSASignaturePaddingMode.Pss"/> mode with the number of salt bytes equal to the size of the hash. + /// </summary> + public static RSASignaturePadding Pss + { + get { return s_pss; } + } + + /// <summary> + /// Gets the padding mode to use. + /// </summary> + public RSASignaturePaddingMode Mode + { + get { return _mode; } + } + + public override int GetHashCode() + { + return _mode.GetHashCode(); + } + + public override bool Equals(object obj) + { + return Equals(obj as RSASignaturePadding); + } + + public bool Equals(RSASignaturePadding other) + { + return other != null && _mode == other._mode; + } + + public static bool operator ==(RSASignaturePadding left, RSASignaturePadding right) + { + if (Object.ReferenceEquals(left, null)) + { + return Object.ReferenceEquals(right, null); + } + + return left.Equals(right); + } + + public static bool operator !=(RSASignaturePadding left, RSASignaturePadding right) + { + return !(left == right); + } + + public override string ToString() + { + return _mode.ToString(); + } + } +} diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/RSASignaturePaddingMode.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/RSASignaturePaddingMode.cs new file mode 100644 index 00000000000..356852937fd --- /dev/null +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/RSASignaturePaddingMode.cs @@ -0,0 +1,32 @@ +// ==++== +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// +// ==--== + +namespace System.Security.Cryptography +{ + /// <summary> + /// Specifies the padding mode to use with RSA signature creation or verification operations. + /// </summary> + public enum RSASignaturePaddingMode + { + /// <summary> + /// PKCS #1 v1.5. + /// </summary> + /// <remarks> + /// This corresponds to the RSASSA-PKCS1-v1.5 signature scheme of the PKCS #1 RSA Encryption Standard. + /// It is supported for compatibility with existing applications. + /// </remarks> + Pkcs1, + + /// <summary> + /// Probabilistic Signature Scheme. + /// </summary> + /// <remarks> + /// This corresponds to the RSASSA-PKCS1-v1.5 signature scheme of the PKCS #1 RSA Encryption Standard. + /// It is recommended for new applications. + /// </remarks> + Pss, + } +}
\ No newline at end of file diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricalgorithm.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricalgorithm.cs index 027dc7304aa..45cdaa749e6 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricalgorithm.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricalgorithm.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -11,7 +11,7 @@ // namespace System.Security.Cryptography { -[System.Runtime.InteropServices.ComVisible(true)] + [System.Runtime.InteropServices.ComVisible(true)] public abstract class AsymmetricAlgorithm : IDisposable { protected int KeySizeValue; protected KeySizes[] LegalKeySizesValue; @@ -71,13 +71,19 @@ namespace System.Security.Cryptography { public virtual KeySizes[] LegalKeySizes { get { return (KeySizes[]) LegalKeySizesValue.Clone(); } } - - public abstract String SignatureAlgorithm { - get; + + // This method must be implemented by derived classes. In order to conform to the contract, it cannot be abstract. + public virtual String SignatureAlgorithm { + get { + throw new NotImplementedException(); + } } - public abstract String KeyExchangeAlgorithm { - get; + // This method must be implemented by derived classes. In order to conform to the contract, it cannot be abstract. + public virtual String KeyExchangeAlgorithm { + get { + throw new NotImplementedException(); + } } // @@ -98,7 +104,14 @@ namespace System.Security.Cryptography { return (AsymmetricAlgorithm) CryptoConfig.CreateFromName(algName); } - public abstract void FromXmlString(String xmlString); - public abstract String ToXmlString(bool includePrivateParameters); + // This method must be implemented by derived classes. In order to conform to the contract, it cannot be abstract. + public virtual void FromXmlString(String xmlString) { + throw new NotImplementedException(); + } + + // This method must be implemented by derived classes. In order to conform to the contract, it cannot be abstract. + public virtual String ToXmlString(bool includePrivateParameters) { + throw new NotImplementedException(); + } } } diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetrickeyexchangedeformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetrickeyexchangedeformatter.cs index f9272ee23e6..1492e46ba29 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetrickeyexchangedeformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetrickeyexchangedeformatter.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetrickeyexchangeformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetrickeyexchangeformatter.cs index 1da8d9b89a3..5dca811ed20 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetrickeyexchangeformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetrickeyexchangeformatter.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricsignaturedeformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricsignaturedeformatter.cs index 232e711da08..df836d2b039 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricsignaturedeformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricsignaturedeformatter.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricsignatureformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricsignatureformatter.cs index 6911141f48a..37f1d65f64c 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricsignatureformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/asymmetricsignatureformatter.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/base64transforms.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/base64transforms.cs index 91ffbd4f42b..05efe3c3e4a 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/base64transforms.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/base64transforms.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/capinative.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/capinative.cs new file mode 100644 index 00000000000..ea377f350a3 --- /dev/null +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/capinative.cs @@ -0,0 +1,598 @@ +// ==++== +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// +// ==--== + +// +// This source file is marked up so that it can be built both as part of the BCL and as part of the fx tree +// as well. Since the security annotation process is different between the two trees, SecurityCritical +// attributes appear directly in this file, instead of being marked up by the BCL annotator tool. +// + +using System; +using System.Diagnostics; +using System.Globalization; +using System.Runtime.ConstrainedExecution; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; +using System.Security; +using System.Text; +using Microsoft.Win32.SafeHandles; +using System.Diagnostics.Contracts; + +namespace System.Security.Cryptography { + + /// <summary> + /// Native interop with CAPI. Native code definitions can be found in wincrypt.h + /// </summary> + internal static class CapiNative { + /// <summary> + /// Class fields for CAPI algorithm identifiers + /// </summary> + internal enum AlgorithmClass + { + Any = (0 << 13), // ALG_CLASS_ANY + Signature = (1 << 13), // ALG_CLASS_SIGNATURE + Hash = (4 << 13), // ALG_CLASS_HASH + KeyExchange = (5 << 13), // ALG_CLASS_KEY_EXCHANGE + } + + /// <summary> + /// Type identifier fields for CAPI algorithm identifiers + /// </summary> + internal enum AlgorithmType + { + Any = (0 << 9), // ALG_TYPE_ANY + Rsa = (2 << 9), // ALG_TYPE_RSA + } + + /// <summary> + /// Sub identifiers for CAPI algorithm identifiers + /// </summary> + internal enum AlgorithmSubId + { + Any = 0, // ALG_SID_ANY + + RsaAny = 0, // ALG_SID_RSA_ANY + + Sha1 = 4, // ALG_SID_SHA1 + Sha256 = 12, // ALG_SID_SHA_256 + Sha384 = 13, // ALG_SID_SHA_384 + Sha512 = 14, // ALG_SID_SHA_512 + } + + /// <summary> + /// CAPI algorithm identifiers + /// </summary> + internal enum AlgorithmID + { + None = 0, + + RsaSign = (AlgorithmClass.Signature | AlgorithmType.Rsa | AlgorithmSubId.RsaAny), // CALG_RSA_SIGN + RsaKeyExchange = (AlgorithmClass.KeyExchange | AlgorithmType.Rsa | AlgorithmSubId.RsaAny), // CALG_RSA_KEYX + + Sha1 = (AlgorithmClass.Hash | AlgorithmType.Any | AlgorithmSubId.Sha1), // CALG_SHA1 + Sha256 = (AlgorithmClass.Hash | AlgorithmType.Any | AlgorithmSubId.Sha256), // CALG_SHA_256 + Sha384 = (AlgorithmClass.Hash | AlgorithmType.Any | AlgorithmSubId.Sha384), // CALG_SHA_384 + Sha512 = (AlgorithmClass.Hash | AlgorithmType.Any | AlgorithmSubId.Sha512), // CALG_SHA_512 + } + + /// <summary> + /// Flags for the CryptAcquireContext API + /// </summary> + [Flags] + internal enum CryptAcquireContextFlags { + None = 0x00000000, + NewKeyset = 0x00000008, // CRYPT_NEWKEYSET + DeleteKeyset = 0x00000010, // CRYPT_DELETEKEYSET + MachineKeyset = 0x00000020, // CRYPT_MACHINE_KEYSET + Silent = 0x00000040, // CRYPT_SILENT + VerifyContext = unchecked((int)0xF0000000) // CRYPT_VERIFYCONTEXT + } + + /// <summary> + /// Error codes returned by CAPI + /// </summary> + internal enum ErrorCode { + Ok = 0x00000000, + MoreData = 0x000000ea, // ERROR_MORE_DATA + BadHash = unchecked((int)0x80090002), // NTE_BAD_HASH + BadData = unchecked((int)0x80090005), // NTE_BAD_DATA + BadSignature = unchecked((int)0x80090006), // NTE_BAD_SIGNATURE + NoKey = unchecked((int)0x8009000d) // NTE_NO_KEY + } + + /// <summary> + /// Properties of CAPI hash objects + /// </summary> + internal enum HashProperty { + None = 0, + HashValue = 0x0002, // HP_HASHVAL + HashSize = 0x0004, // HP_HASHSIZE + } + + /// <summary> + /// Flags for the CryptGenKey API + /// </summary> + [Flags] + internal enum KeyGenerationFlags { + None = 0x00000000, + Exportable = 0x00000001, // CRYPT_EXPORTABLE + UserProtected = 0x00000002, // CRYPT_USER_PROTECTED + Archivable = 0x00004000 // CRYPT_ARCHIVABLE + } + + /// <summary> + /// Properties that can be read or set on a key + /// </summary> + internal enum KeyProperty { + None = 0, + AlgorithmID = 7, // KP_ALGID + KeyLength = 9 // KP_KEYLEN + } + + /// <summary> + /// Key numbers for identifying specific keys within a single container + /// </summary> + internal enum KeySpec { + KeyExchange = 1, // AT_KEYEXCHANGE + Signature = 2 // AT_SIGNATURE + } + + /// <summary> + /// Well-known names of crypto service providers + /// </summary> + internal static class ProviderNames { + // MS_ENHANCED_PROV + internal const string MicrosoftEnhanced = "Microsoft Enhanced Cryptographic Provider v1.0"; + } + + /// <summary> + /// Provider type accessed in a crypto service provider. These provide the set of algorithms + /// available to use for an application. + /// </summary> + internal enum ProviderType { + RsaFull = 1 // PROV_RSA_FULL + } + + [System.Security.SecurityCritical] + internal static class UnsafeNativeMethods { + /// <summary> + /// Open a crypto service provider, if a key container is specified KeyContainerPermission + /// should be demanded. + /// </summary> + [DllImport("advapi32", SetLastError = true, CharSet = CharSet.Unicode)] + [return: MarshalAs(UnmanagedType.Bool)] + internal static extern bool CryptAcquireContext([Out] out SafeCspHandle phProv, + string pszContainer, + string pszProvider, + ProviderType dwProvType, + CryptAcquireContextFlags dwFlags); + + /// <summary> + /// Create an object to hash data with + /// </summary> + [DllImport("advapi32", SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + internal static extern bool CryptCreateHash(SafeCspHandle hProv, + AlgorithmID Algid, + IntPtr hKey, // SafeCspKeyHandle + int dwFlags, + [Out] out SafeCspHashHandle phHash); + + /// <summary> + /// Create a new key in the given key container + /// </summary> + [DllImport("advapi32", SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + internal static extern bool CryptGenKey(SafeCspHandle hProv, + int Algid, + uint dwFlags, + [Out] out SafeCspKeyHandle phKey); + + /// <summary> + /// Fill a buffer with randomly generated data + /// </summary> + [DllImport("advapi32", SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + internal static extern bool CryptGenRandom(SafeCspHandle hProv, + int dwLen, + [In, Out, MarshalAs(UnmanagedType.LPArray)] byte[] pbBuffer); + + /// <summary> + /// Fill a buffer with randomly generated data + /// </summary> + [DllImport("advapi32", SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + internal static extern unsafe bool CryptGenRandom(SafeCspHandle hProv, + int dwLen, + byte* pbBuffer); + + /// <summary> + /// Read the value of a property from a hash object + /// </summary> + [DllImport("advapi32", SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + internal static extern bool CryptGetHashParam(SafeCspHashHandle hHash, + HashProperty dwParam, + [In, Out, MarshalAs(UnmanagedType.LPArray)] byte[] pbData, + [In, Out] ref int pdwDataLen, + int dwFlags); + + /// <summary> + /// Read the value of a property from a key + /// </summary> + [DllImport("advapi32", SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + internal static extern bool CryptGetKeyParam(SafeCspKeyHandle hKey, + KeyProperty dwParam, + [In, Out, MarshalAs(UnmanagedType.LPArray)] byte[] pbData, + [In, Out] ref int pdwDataLen, + int dwFlags); + + /// <summary> + /// Import a key blob into a CSP + /// </summary> + [DllImport("advapi32", SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + internal static extern bool CryptImportKey(SafeCspHandle hProv, + [In, MarshalAs(UnmanagedType.LPArray)] byte[] pbData, + int pdwDataLen, + IntPtr hPubKey, // SafeCspKeyHandle + KeyGenerationFlags dwFlags, + [Out] out SafeCspKeyHandle phKey); + + /// <summary> + /// Set the value of a property on a hash object + /// </summary> + [DllImport("advapi32", SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + internal static extern bool CryptSetHashParam(SafeCspHashHandle hHash, + HashProperty dwParam, + [In, MarshalAs(UnmanagedType.LPArray)] byte[] pbData, + int dwFlags); + + /// <summary> + /// Verify the a digital signature + /// </summary> + [DllImport("advapi32", SetLastError = true, CharSet = CharSet.Unicode)] + [return: MarshalAs(UnmanagedType.Bool)] + internal static extern bool CryptVerifySignature(SafeCspHashHandle hHash, + [In, MarshalAs(UnmanagedType.LPArray)] byte[] pbSignature, + int dwSigLen, + SafeCspKeyHandle hPubKey, + string sDescription, + int dwFlags); + } + + /// <summary> + /// Acquire a handle to a crypto service provider and optionally a key container + /// </summary> + [SecurityCritical] + internal static SafeCspHandle AcquireCsp(string keyContainer, + string providerName, + ProviderType providerType, + CryptAcquireContextFlags flags) { + Contract.Assert(keyContainer == null, "Key containers are not supported"); + + // Specifying both verify context (for an ephemeral key) and machine keyset (for a persisted machine key) + // does not make sense. Additionally, Widows is beginning to lock down against uses of MACHINE_KEYSET + // (for instance in the app container), even if verify context is present. Therefore, if we're using + // an ephemeral key, strip out MACHINE_KEYSET from the flags. + if (((flags & CryptAcquireContextFlags.VerifyContext) == CryptAcquireContextFlags.VerifyContext) && + ((flags & CryptAcquireContextFlags.MachineKeyset) == CryptAcquireContextFlags.MachineKeyset)) { + flags &= ~CryptAcquireContextFlags.MachineKeyset; + } + + SafeCspHandle cspHandle = null; + if (!UnsafeNativeMethods.CryptAcquireContext(out cspHandle, + keyContainer, + providerName, + providerType, + flags)) { + throw new CryptographicException(Marshal.GetLastWin32Error()); + } + + return cspHandle; + } + + /// <summary> + /// Create a CSP hash object for the specified hash algorithm + /// </summary> + [SecurityCritical] + internal static SafeCspHashHandle CreateHashAlgorithm(SafeCspHandle cspHandle, AlgorithmID algorithm) { + Contract.Assert(cspHandle != null && !cspHandle.IsInvalid, "cspHandle != null && !cspHandle.IsInvalid"); + Contract.Assert(((AlgorithmClass)algorithm & AlgorithmClass.Hash) == AlgorithmClass.Hash, "Invalid hash algorithm"); + + SafeCspHashHandle hashHandle = null; + if (!UnsafeNativeMethods.CryptCreateHash(cspHandle, algorithm, IntPtr.Zero, 0, out hashHandle)) { + throw new CryptographicException(Marshal.GetLastWin32Error()); + } + + return hashHandle; + } + + /// <summary> + /// Fill a buffer with random data generated by the CSP + /// </summary> + [SecurityCritical] + internal static void GenerateRandomBytes(SafeCspHandle cspHandle, byte[] buffer) { + Contract.Assert(cspHandle != null && !cspHandle.IsInvalid, "cspHandle != null && !cspHandle.IsInvalid"); + Contract.Assert(buffer != null && buffer.Length > 0, "buffer != null && buffer.Length > 0"); + + if (!UnsafeNativeMethods.CryptGenRandom(cspHandle, buffer.Length, buffer)) { + throw new CryptographicException(Marshal.GetLastWin32Error()); + } + } + + /// <summary> + /// Fill part of a buffer with random data generated by the CSP + /// </summary> + [SecurityCritical] + internal static unsafe void GenerateRandomBytes(SafeCspHandle cspHandle, byte[] buffer, int offset, int count) + { + Contract.Assert(cspHandle != null && !cspHandle.IsInvalid, "cspHandle != null && !cspHandle.IsInvalid"); + Contract.Assert(buffer != null && buffer.Length > 0, "buffer != null && buffer.Length > 0"); + Contract.Assert(offset >= 0 && count > 0, "offset >= 0 && count > 0"); + Contract.Assert(buffer.Length >= offset + count, "buffer.Length >= offset + count"); + + fixed (byte* pBuffer = &buffer[offset]) + { + if (!UnsafeNativeMethods.CryptGenRandom(cspHandle, count, pBuffer)) + { + throw new CryptographicException(Marshal.GetLastWin32Error()); + } + } + } + + /// <summary> + /// Get a DWORD sized property of a hash object + /// </summary> + [SecurityCritical] + internal static int GetHashPropertyInt32(SafeCspHashHandle hashHandle, HashProperty property) { + byte[] rawProperty = GetHashProperty(hashHandle, property); + Contract.Assert(rawProperty.Length == sizeof(int) || rawProperty.Length == 0, "Unexpected property size"); + return rawProperty.Length == sizeof(int) ? BitConverter.ToInt32(rawProperty, 0) : 0; + } + + /// <summary> + /// Get an arbitrary property of a hash object + /// </summary> + [SecurityCritical] + internal static byte[] GetHashProperty(SafeCspHashHandle hashHandle, HashProperty property) { + Contract.Assert(hashHandle != null && !hashHandle.IsInvalid, "keyHandle != null && !keyHandle.IsInvalid"); + + int bufferSize = 0; + byte[] buffer = null; + + // Figure out how big of a buffer we need to hold the property + if (!UnsafeNativeMethods.CryptGetHashParam(hashHandle, property, buffer, ref bufferSize, 0)) { + int errorCode = Marshal.GetLastWin32Error(); + if (errorCode != (int)ErrorCode.MoreData) { + throw new CryptographicException(errorCode); + } + } + + // Now get the property bytes directly + buffer = new byte[bufferSize]; + if (!UnsafeNativeMethods.CryptGetHashParam(hashHandle, property, buffer, ref bufferSize, 0)) { + throw new CryptographicException(Marshal.GetLastWin32Error()); + } + + return buffer; + } + + /// <summary> + /// Get a DWORD sized property of a key stored in a CSP + /// </summary> + [SecurityCritical] + internal static int GetKeyPropertyInt32(SafeCspKeyHandle keyHandle, KeyProperty property) { + byte[] rawProperty = GetKeyProperty(keyHandle, property); + Contract.Assert(rawProperty.Length == sizeof(int) || rawProperty.Length == 0, "Unexpected property size"); + return rawProperty.Length == sizeof(int) ? BitConverter.ToInt32(rawProperty, 0) : 0; + } + + /// <summary> + /// Get an arbitrary property of a key stored in a CSP + /// </summary> + [SecurityCritical] + internal static byte[] GetKeyProperty(SafeCspKeyHandle keyHandle, KeyProperty property) { + Contract.Assert(keyHandle != null && !keyHandle.IsInvalid, "keyHandle != null && !keyHandle.IsInvalid"); + + int bufferSize = 0; + byte[] buffer = null; + + // Figure out how big of a buffer we need to hold the property + if (!UnsafeNativeMethods.CryptGetKeyParam(keyHandle, property, buffer, ref bufferSize, 0)) { + int errorCode = Marshal.GetLastWin32Error(); + if (errorCode != (int)ErrorCode.MoreData) { + throw new CryptographicException(errorCode); + } + } + + // Now get the property bytes directly + buffer = new byte[bufferSize]; + if (!UnsafeNativeMethods.CryptGetKeyParam(keyHandle, property, buffer, ref bufferSize, 0)) { + throw new CryptographicException(Marshal.GetLastWin32Error()); + } + + return buffer; + } + + /// <summary> + /// Set an arbitrary property on a hash object + /// </summary> + [SecurityCritical] + internal static void SetHashProperty(SafeCspHashHandle hashHandle, + HashProperty property, + byte[] value) { + Contract.Assert(hashHandle != null && !hashHandle.IsInvalid, "hashHandle != null && !hashHandle.IsInvalid"); + + if (!UnsafeNativeMethods.CryptSetHashParam(hashHandle, property, value, 0)) { + throw new CryptographicException(Marshal.GetLastWin32Error()); + } + } + + /// <summary> + /// Verify that the digital signature created with the specified hash and asymmetric algorithm + /// is valid for the given hash value. + /// </summary> + [SecurityCritical] + internal static bool VerifySignature(SafeCspHandle cspHandle, + SafeCspKeyHandle keyHandle, + AlgorithmID signatureAlgorithm, + AlgorithmID hashAlgorithm, + byte[] hashValue, + byte[] signature) { + Contract.Assert(cspHandle != null && !cspHandle.IsInvalid, "cspHandle != null && !cspHandle.IsInvalid"); + Contract.Assert(keyHandle != null && !keyHandle.IsInvalid, "keyHandle != null && !keyHandle.IsInvalid"); + Contract.Assert(((AlgorithmClass)signatureAlgorithm & AlgorithmClass.Signature) == AlgorithmClass.Signature, "Invalid signature algorithm"); + Contract.Assert(((AlgorithmClass)hashAlgorithm & AlgorithmClass.Hash) == AlgorithmClass.Hash, "Invalid hash algorithm"); + Contract.Assert(hashValue != null, "hashValue != null"); + Contract.Assert(signature != null, "signature != null"); + + // CAPI and the CLR have inverse byte orders for signatures, so we need to reverse before verifying + byte[] signatureValue = new byte[signature.Length]; + Array.Copy(signature, signatureValue, signatureValue.Length); + Array.Reverse(signatureValue); + + using (SafeCspHashHandle hashHandle = CreateHashAlgorithm(cspHandle, hashAlgorithm)) { + // Make sure the hash value is the correct size and import it into the CSP + if (hashValue.Length != GetHashPropertyInt32(hashHandle, HashProperty.HashSize)) { + throw new CryptographicException((int)ErrorCode.BadHash); + } + SetHashProperty(hashHandle, HashProperty.HashValue, hashValue); + + // Do the signature verification. A TRUE result means that the signature was valid. A FALSE + // result either means an invalid signature or some other error, so we need to check the last + // error to see which occured. + if (UnsafeNativeMethods.CryptVerifySignature(hashHandle, + signatureValue, + signatureValue.Length, + keyHandle, + null, + 0)) { + return true; + } + else { + int error = Marshal.GetLastWin32Error(); + + if (error != (int)ErrorCode.BadSignature) { + throw new CryptographicException(error); + } + + return false; + } + } + } + } + + /// <summary> + /// SafeHandle representing a native HCRYPTPROV on Windows, or representing all state associated with + /// loading a CSSM CSP on the Mac. The HCRYPTPROV SafeHandle usage is straightforward, however CSSM + /// usage is slightly different. + /// + /// For CSSM we hold three pieces of state: + /// * m_initializedCssm - a flag indicating that CSSM_Init() was successfully called + /// * m_cspModuleGuid - the module GUID of the CSP we loaded, if that CSP was successfully loaded + /// * handle - handle resulting from attaching to the CSP + /// + /// We need to keep all three pieces of state, since we need to teardown in a specific order. If + /// these pieces of state were in seperate SafeHandles we could not guarantee their order of + /// finalization. + /// </summary> + [SecurityCritical] + internal sealed class SafeCspHandle : SafeHandleZeroOrMinusOneIsInvalid { + + private SafeCspHandle() : base(true) { + } + + [DllImport("advapi32")] +#if FEATURE_CORECLR || FEATURE_CER + [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] +#endif // FEATURE_CORECLR || FEATURE_CER + [return: MarshalAs(UnmanagedType.Bool)] + private extern static bool CryptReleaseContext(IntPtr hProv, int dwFlags); + + /// <summary> + /// Clean up the safe handle's resources. + /// + /// On Windows the cleanup is a straightforward release of the HCRYPTPROV handle. However, on + /// the Mac, CSSM requires that we release resources in the following order: + /// + /// 1. Detach from the CSP + /// 2. Unload the CSP + /// 3. Terminate CSSM + /// + /// Both the unload and terminate operations are ref-counted by CSSM, so it is safe to do these + /// even if other handles are open on the CSP or other CSSM objects are in use. + /// </summary> + [SecurityCritical] + protected override bool ReleaseHandle() { + return CryptReleaseContext(handle, 0); + } + + } + + /// <summary> + /// SafeHandle representing a native HCRYPTHASH + /// </summary> + [SecurityCritical] + internal sealed class SafeCspHashHandle : SafeHandleZeroOrMinusOneIsInvalid { + private SafeCspHashHandle() : base(true) { + } + + [DllImport("advapi32")] +#if FEATURE_CORECLR || FEATURE_CER + [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] +#endif // FEATURE_CORECLR || FEATURE_CER + [return: MarshalAs(UnmanagedType.Bool)] + private extern static bool CryptDestroyHash(IntPtr hKey); + + [SecurityCritical] + protected override bool ReleaseHandle() { + return CryptDestroyHash(handle); + } + } + + /// <summary> + /// SafeHandle representing a native HCRYPTKEY on Windows. + /// + /// On the Mac, we generate our keys by hand, so they are really just CSSM_KEY structures along with + /// the associated data blobs. Because of this, the only resource that needs to be released when the + /// key is freed is the memory associated with the key blob. + /// + /// However, in order for a SafeCspKeyHandle to marshal as a CSSM_KEY_PTR, as one would expect, the + /// handle value on the Mac is actually a pointer to the CSSM_KEY. We maintain a seperate m_data + /// pointer which is the buffer holding the actual key data. + /// + /// Both of these details add a further invarient that on the Mac a SafeCspKeyHandle may never be an + /// [out] parameter from an API. This is because we always expect that we control the memory buffer + /// that the CSSM_KEY resides in and that we don't have to call CSSM_FreeKey on the data. + /// + /// Keeping this in a SafeHandle rather than just marshaling the key structure direclty buys us a + /// level of abstraction, in that if we ever do need to work with keys that require a CSSM_FreeKey + /// call, we can continue to use the same key handle object. It also means that keys are represented + /// by the same type on both Windows and Mac, so that consumers of the CapiNative layer don't have + /// to know the difference between the two. + /// </summary> + [SecurityCritical] + internal sealed class SafeCspKeyHandle : SafeHandleZeroOrMinusOneIsInvalid { + + internal SafeCspKeyHandle() : base(true) { + } + + [DllImport("advapi32")] +#if FEATURE_CORECLR || FEATURE_CER + [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] +#endif // FEATURE_CORECLR || FEATURE_CER + [return: MarshalAs(UnmanagedType.Bool)] + private extern static bool CryptDestroyKey(IntPtr hKey); + + [SecurityCritical] + protected override bool ReleaseHandle() { + return CryptDestroyKey(handle); + } + } +} diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/crypto.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/crypto.cs index 8315aefb43c..0e9cc0fa86d 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/crypto.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/crypto.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -20,7 +20,7 @@ namespace System.Security.Cryptography { // and ciphertext-stealing (CTS). Not all implementations will support all modes. [Serializable] [System.Runtime.InteropServices.ComVisible(true)] - public enum CipherMode { // Please keep in [....] with wincrypt.h + public enum CipherMode { // Please keep in sync with wincrypt.h CBC = 1, ECB = 2, OFB = 3, diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptoapitransform.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptoapitransform.cs index 96765edbf32..ebd6ef63097 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptoapitransform.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptoapitransform.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -332,7 +332,7 @@ namespace System.Security.Cryptography { } #endif -#if FEATURE_CRYPTO && FEATURE_X509_SECURESTRINGS +#if (FEATURE_CRYPTO && FEATURE_X509_SECURESTRINGS) || FEATURE_CORECLR private SecureString m_keyPassword; public SecureString KeyPassword { get { diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptoconfig.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptoconfig.cs index 348d0ec8a1d..7a81d9b05fd 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptoconfig.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptoconfig.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -57,6 +57,7 @@ namespace System.Security.Cryptography { // on Vista and the FIPS registry key downlevel. // +#if !FEATURE_CORECLR if (Utils._GetEnforceFipsPolicySetting()) { if (Environment.OSVersion.Version.Major >= 6) { bool fipsEnabled; @@ -73,7 +74,9 @@ namespace System.Security.Cryptography { s_haveFipsAlgorithmPolicy = true; } } - else { + else +#endif // !FEATURE_CORECLR + { s_fipsAlgorithmPolicy = false; s_haveFipsAlgorithmPolicy = true; } @@ -194,7 +197,7 @@ namespace System.Security.Cryptography { #if FEATURE_CRYPTO || FEATURE_LEGACYNETCFCRYPTO Type RSACryptoServiceProviderType = typeof(System.Security.Cryptography.RSACryptoServiceProvider); #endif //FEATURE_CRYPTO || FEATURE_LEGACYNETCFCRYPTO -#if FEATURE_CRYPTO +#if FEATURE_CRYPTO && !FEATURE_CORECLR Type DSACryptoServiceProviderType = typeof(System.Security.Cryptography.DSACryptoServiceProvider); Type DESCryptoServiceProviderType = typeof(System.Security.Cryptography.DESCryptoServiceProvider); Type TripleDESCryptoServiceProviderType = typeof(System.Security.Cryptography.TripleDESCryptoServiceProvider); @@ -308,7 +311,7 @@ namespace System.Security.Cryptography { ht.Add("System.Security.Cryptography.RSA", RSACryptoServiceProviderType); ht.Add("System.Security.Cryptography.AsymmetricAlgorithm", RSACryptoServiceProviderType); #endif //FEATURE_CRYPTO || FEATURE_LEGACYNETCFCRYPTO -#if FEATURE_CRYPTO +#if FEATURE_CRYPTO && !FEATURE_CORECLR ht.Add("DSA", DSACryptoServiceProviderType); ht.Add("System.Security.Cryptography.DSA", DSACryptoServiceProviderType); ht.Add("ECDsa", ECDsaCngType); @@ -362,7 +365,7 @@ namespace System.Security.Cryptography { #if FEATURE_CRYPTO || FEATURE_LEGACYNETCFCRYPTO ht.Add("http://www.w3.org/2001/04/xmlenc#sha256", SHA256ManagedType); #endif //FEATURE_CRYPTO || FEATURE_LEGACYNETCFCRYPTO -#if FEATURE_CRYPTO +#if FEATURE_CRYPTO && !FEATURE_CORECLR ht.Add("http://www.w3.org/2001/04/xmlenc#sha512", SHA512ManagedType); ht.Add("http://www.w3.org/2001/04/xmlenc#ripemd160", RIPEMD160ManagedType); @@ -461,7 +464,7 @@ namespace System.Security.Cryptography { [ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)] private static void InitializeConfigInfo() { -#if FEATURE_CRYPTO +#if FEATURE_CRYPTO && !FEATURE_CORECLR if (machineNameHT == null) { lock(InternalSyncObject) diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptostream.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptostream.cs index efbe8b77384..71cd2fd18ea 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptostream.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/cryptostream.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/derivebytes.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/derivebytes.cs index 41b18c8e5ac..ee2265e727b 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/derivebytes.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/derivebytes.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -13,12 +13,7 @@ namespace System.Security.Cryptography { [System.Runtime.InteropServices.ComVisible(true)] public abstract class DeriveBytes - // On Orcas DeriveBytes is not disposable, so we cannot add the IDisposable implementation to the - // CoreCLR mscorlib. However, this type does need to be disposable since subtypes can and do hold onto - // native resources. Therefore, on desktop mscorlibs we add an IDisposable implementation. -#if !FEATURE_CORECLR : IDisposable -#endif // !FEATURE_CORECLR { // // public methods diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/des.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/des.cs index 1ee88690879..56d89ed2ee4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/des.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/des.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/descryptoserviceprovider.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/descryptoserviceprovider.cs index 43e779d8731..bb01d69877b 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/descryptoserviceprovider.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/descryptoserviceprovider.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/dsa.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/dsa.cs index 51f9a9ae4cc..2e6feaae3a8 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/dsa.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/dsa.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/dsacryptoserviceprovider.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/dsacryptoserviceprovider.cs index 318b09813ab..469b1f49d11 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/dsacryptoserviceprovider.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/dsacryptoserviceprovider.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/dsasignaturedeformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/dsasignaturedeformatter.cs index 3f8d457d9df..bf57d241cac 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/dsasignaturedeformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/dsasignaturedeformatter.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/dsasignatureformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/dsasignatureformatter.cs index 8bc61b1c355..260113a9e12 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/dsasignatureformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/dsasignatureformatter.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/hashalgorithm.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/hashalgorithm.cs index 6b033c2f1d6..479a0b68d79 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/hashalgorithm.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/hashalgorithm.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -195,9 +195,12 @@ namespace System.Security.Cryptography { // implementation. Post-Orcas the desktop has an implicit IDispoable implementation. #if FEATURE_CORECLR void IDisposable.Dispose() -#else - public void Dispose() + { + Dispose(); + } #endif // FEATURE_CORECLR + + public void Dispose() { Dispose(true); GC.SuppressFinalize(this); diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmac.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmac.cs index 6c00533d3e5..32b61120db2 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmac.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmac.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacmd5.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacmd5.cs index da536c01f03..0a3347113d7 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacmd5.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacmd5.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacripemd160.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacripemd160.cs index 991d877ff7e..8b2aabebda8 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacripemd160.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacripemd160.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha1.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha1.cs index 1d0b4e75d6b..f31252e2745 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha1.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha1.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha256.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha256.cs index 72e2b56e67d..ef7986240e3 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha256.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha256.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha384.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha384.cs index 1e7418a89f1..e1a973c1c3d 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha384.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha384.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha512.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha512.cs index e8af775a36c..f252b7f53b4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha512.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/hmacsha512.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/icryptotransform.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/icryptotransform.cs index 68747a9001e..cc6068be927 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/icryptotransform.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/icryptotransform.cs @@ -7,9 +7,9 @@ * * ICryptoTransform.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> * - * Author: [....] + * Author: bal * */ diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/icspasymmetricalgorithm.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/icspasymmetricalgorithm.cs index f726d36a05f..d5b501ce558 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/icspasymmetricalgorithm.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/icspasymmetricalgorithm.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/keyedhashalgorithm.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/keyedhashalgorithm.cs index 0cb2075cc53..6fb7dccd1aa 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/keyedhashalgorithm.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/keyedhashalgorithm.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/mactripledes.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/mactripledes.cs index a0d4e7d9255..19d8be12240 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/mactripledes.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/mactripledes.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/maskgenerationmethod.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/maskgenerationmethod.cs index 63c09e7c0ec..0aa22ac46bb 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/maskgenerationmethod.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/maskgenerationmethod.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // namespace System.Security.Cryptography { diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/md5.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/md5.cs index 2d4bdb70ff9..1029764fd01 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/md5.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/md5.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/md5cryptoserviceprovider.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/md5cryptoserviceprovider.cs index 33c71335eba..bbd42c334cd 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/md5cryptoserviceprovider.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/md5cryptoserviceprovider.cs @@ -4,7 +4,7 @@ using System.Diagnostics.Contracts; // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/passwordderivebytes.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/passwordderivebytes.cs index ba6b40ec0ef..a18ec5af8f3 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/passwordderivebytes.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/passwordderivebytes.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/pkcs1maskgenerationmethod.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/pkcs1maskgenerationmethod.cs index cb2d19469e4..c88a2811b2d 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/pkcs1maskgenerationmethod.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/pkcs1maskgenerationmethod.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Cryptography { diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/randomnumbergenerator.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/randomnumbergenerator.cs index 82a129167ce..bd78f5ea4d8 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/randomnumbergenerator.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/randomnumbergenerator.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -18,7 +18,7 @@ namespace System.Security.Cryptography { // On Orcas RandomNumberGenerator is not disposable, so we cannot add the IDisposable implementation to the // CoreCLR mscorlib. However, this type does need to be disposable since subtypes can and do hold onto // native resources. Therefore, on desktop mscorlibs we add an IDisposable implementation. -#if !FEATURE_CORECLR +#if !FEATURE_CORECLR || FEATURE_CORESYSTEM : IDisposable #endif // !FEATURE_CORECLR { @@ -54,6 +54,19 @@ namespace System.Security.Cryptography { public abstract void GetBytes(byte[] data); + public virtual void GetBytes(byte[] data, int offset, int count) { + if (data == null) throw new ArgumentNullException("data"); + if (offset < 0) throw new ArgumentOutOfRangeException("offset", Environment.GetResourceString("ArgumentOutOfRange_NeedNonNegNum")); + if (count < 0) throw new ArgumentOutOfRangeException("count", Environment.GetResourceString("ArgumentOutOfRange_NeedNonNegNum")); + if (offset + count > data.Length) throw new ArgumentException(Environment.GetResourceString("Argument_InvalidOffLen")); + + if (count > 0) { + byte[] tempData = new byte[count]; + GetBytes(tempData); + Array.Copy(tempData, 0, data, offset, count); + } + } + #if (!FEATURE_CORECLR && !SILVERLIGHT) || FEATURE_LEGACYNETCFCRYPTO public virtual void GetNonZeroBytes(byte[] data) { diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rc2.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rc2.cs index e8542464bc3..a33eb7255d1 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rc2.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rc2.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rc2cryptoserviceprovider.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rc2cryptoserviceprovider.cs index c97acf8e60b..7d51c3a60da 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rc2cryptoserviceprovider.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rc2cryptoserviceprovider.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rfc2898derivebytes.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rfc2898derivebytes.cs index 9585beea6de..ab8edce4816 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rfc2898derivebytes.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rfc2898derivebytes.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -18,6 +18,10 @@ namespace System.Security.Cryptography { using System.IO; using System.Text; using System.Diagnostics.Contracts; + using System.Runtime.CompilerServices; + using System.Runtime.InteropServices; + using System.Runtime.Versioning; + using System.Security.Cryptography.X509Certificates; [System.Runtime.InteropServices.ComVisible(true)] public class Rfc2898DeriveBytes : DeriveBytes @@ -25,6 +29,8 @@ namespace System.Security.Cryptography { private byte[] m_buffer; private byte[] m_salt; private HMACSHA1 m_hmacsha1; // The pseudo-random generator function used in PBKDF2 + private byte[] m_password; + private CspParameters m_cspParams = new CspParameters(); private uint m_iterations; private uint m_block; @@ -39,6 +45,10 @@ namespace System.Security.Cryptography { public Rfc2898DeriveBytes(string password, int saltSize) : this(password, saltSize, 1000) {} + // This method needs to be safe critical, because in debug builds the C# compiler will include null + // initialization of the _safeProvHandle field in the method. Since SafeProvHandle is critical, a + // transparent reference triggers an error using PasswordDeriveBytes. + [SecuritySafeCritical] public Rfc2898DeriveBytes(string password, int saltSize, int iterations) { if (saltSize < 0) throw new ArgumentOutOfRangeException("saltSize", Environment.GetResourceString("ArgumentOutOfRange_NeedNonNegNum")); @@ -49,7 +59,8 @@ namespace System.Security.Cryptography { Salt = salt; IterationCount = iterations; - m_hmacsha1 = new HMACSHA1(new UTF8Encoding(false).GetBytes(password)); + m_password = new UTF8Encoding(false).GetBytes(password); + m_hmacsha1 = new HMACSHA1(m_password); Initialize(); } @@ -57,9 +68,14 @@ namespace System.Security.Cryptography { public Rfc2898DeriveBytes(string password, byte[] salt, int iterations) : this (new UTF8Encoding(false).GetBytes(password), salt, iterations) {} + // This method needs to be safe critical, because in debug builds the C# compiler will include null + // initialization of the _safeProvHandle field in the method. Since SafeProvHandle is critical, a + // transparent reference triggers an error using PasswordDeriveBytes. + [SecuritySafeCritical] public Rfc2898DeriveBytes(byte[] password, byte[] salt, int iterations) { Salt = salt; IterationCount = iterations; + m_password = password; m_hmacsha1 = new HMACSHA1(password); Initialize(); } @@ -191,5 +207,61 @@ namespace System.Security.Cryptography { m_block++; return ret; } + + [System.Security.SecuritySafeCritical] // auto-generated + public byte[] CryptDeriveKey(string algname, string alghashname, int keySize, byte[] rgbIV) + { + if (keySize < 0) + throw new CryptographicException(Environment.GetResourceString("Cryptography_InvalidKeySize")); + + int algidhash = X509Utils.NameOrOidToAlgId(alghashname, OidGroup.HashAlgorithm); + if (algidhash == 0) + throw new CryptographicException(Environment.GetResourceString("Cryptography_PasswordDerivedBytes_InvalidAlgorithm")); + + int algid = X509Utils.NameOrOidToAlgId(algname, OidGroup.AllGroups); + if (algid == 0) + throw new CryptographicException(Environment.GetResourceString("Cryptography_PasswordDerivedBytes_InvalidAlgorithm")); + + // Validate the rgbIV array + if (rgbIV == null) + throw new CryptographicException(Environment.GetResourceString("Cryptography_PasswordDerivedBytes_InvalidIV")); + + byte[] key = null; + DeriveKey(ProvHandle, algid, algidhash, + m_password, m_password.Length, keySize << 16, rgbIV, rgbIV.Length, + JitHelpers.GetObjectHandleOnStack(ref key)); + return key; + } + + [System.Security.SecurityCritical] // auto-generated + private SafeProvHandle _safeProvHandle = null; + private SafeProvHandle ProvHandle + { + [System.Security.SecurityCritical] // auto-generated + get + { + if (_safeProvHandle == null) + { + lock (this) + { + if (_safeProvHandle == null) + { + SafeProvHandle safeProvHandle = Utils.AcquireProvHandle(m_cspParams); + System.Threading.Thread.MemoryBarrier(); + _safeProvHandle = safeProvHandle; + } + } + } + return _safeProvHandle; + } + } + + [System.Security.SecurityCritical] // auto-generated + [ResourceExposure(ResourceScope.None)] + [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity] + private static extern void DeriveKey(SafeProvHandle hProv, int algid, int algidHash, + byte[] password, int cbPassword, int dwFlags, byte[] IV, int cbIV, + ObjectHandleOnStack retKey); + } } diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndael.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndael.cs index 1c7a9f75c2a..46211eb3074 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndael.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndael.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndaelmanaged.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndaelmanaged.cs index b12bdfbece7..c394cec048a 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndaelmanaged.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndaelmanaged.cs @@ -4,7 +4,7 @@ using System.Diagnostics.Contracts; // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndaelmanagedtransform.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndaelmanagedtransform.cs index 79829fac683..dc93a6317d8 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndaelmanagedtransform.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rijndaelmanagedtransform.cs @@ -4,7 +4,7 @@ using System.Diagnostics.Contracts; // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/ripemd160.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/ripemd160.cs index a75deb9a76d..094a3319b04 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/ripemd160.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/ripemd160.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/ripemd160managed.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/ripemd160managed.cs index bf13aabcddb..4196bd8de20 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/ripemd160managed.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/ripemd160managed.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rngcryptoserviceprovider.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rngcryptoserviceprovider.cs index 63b2dc29c89..226632e81e2 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rngcryptoserviceprovider.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rngcryptoserviceprovider.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -171,6 +171,20 @@ namespace System.Security.Cryptography { CapiNative.GenerateRandomBytes(m_cspHandle, data); } } + + #if FEATURE_CORECLR + [System.Security.SecuritySafeCritical] // auto-generated + #endif + public override void GetBytes(byte[] data, int offset, int count) { + if (data == null) throw new ArgumentNullException("data"); + if (offset < 0) throw new ArgumentOutOfRangeException("offset", Environment.GetResourceString("ArgumentOutOfRange_NeedNonNegNum")); + if (count < 0) throw new ArgumentOutOfRangeException("count", Environment.GetResourceString("ArgumentOutOfRange_NeedNonNegNum")); + if (offset + count > data.Length) throw new ArgumentException(Environment.GetResourceString("Argument_InvalidOffLen")); + + if (count > 0) { + CapiNative.GenerateRandomBytes(m_cspHandle, data, offset, count); + } + } #endif // !FEATURE_CORECLR #if !FEATURE_PAL diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsa.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsa.cs index 98d3280cefe..f196b12ba77 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsa.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsa.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -11,6 +11,7 @@ // namespace System.Security.Cryptography { + using System.IO; using System.Text; using System.Runtime.Serialization; using System.Security.Util; @@ -44,17 +45,7 @@ namespace System.Security.Cryptography { [System.Runtime.InteropServices.ComVisible(true)] public abstract class RSA : AsymmetricAlgorithm { - // - // Extending this class allows us to know that you are really implementing - // an RSA key. This is required for anybody providing a new RSA key value - // implemention. - // - // The class provides no methods, fields or anything else. Its only purpose is - // as a heirarchy member for identification of algorithm. - // - protected RSA() { } - // // public methods // @@ -71,13 +62,186 @@ namespace System.Security.Cryptography { return (RSA) CryptoConfig.CreateFromName(algName); } - // Apply the private key to the data. This function represents a - // raw RSA operation -- no implicit depadding of the imput value - abstract public byte[] DecryptValue(byte[] rgb); + // + // New RSA encrypt/decrypt/sign/verify RSA abstractions in .NET 4.6+ and .NET Core + // + // Methods that throw DerivedClassMustOverride are effectively abstract but we + // cannot mark them as such as it would be a breaking change. We'll make them + // abstract in .NET Core. + + public virtual byte[] Encrypt(byte[] data, RSAEncryptionPadding padding) { + throw DerivedClassMustOverride(); + } + + public virtual byte[] Decrypt(byte[] data, RSAEncryptionPadding padding) { + throw DerivedClassMustOverride(); + } + + public virtual byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { + throw DerivedClassMustOverride(); + } + + public virtual bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { + throw DerivedClassMustOverride(); + } + + protected virtual byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) { + throw DerivedClassMustOverride(); + } + + protected virtual byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) { + throw DerivedClassMustOverride(); + } + + public byte[] SignData(byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { + if (data == null) { + throw new ArgumentNullException("data"); + } + return SignData(data, 0, data.Length, hashAlgorithm, padding); + } + + public virtual byte[] SignData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { + if (data == null) { + throw new ArgumentNullException("data"); + } + if (offset < 0 || offset > data.Length) { + throw new ArgumentOutOfRangeException("offset"); + } + if (count < 0 || count > data.Length - offset) { + throw new ArgumentOutOfRangeException("count"); + } + if (String.IsNullOrEmpty(hashAlgorithm.Name)) { + throw HashAlgorithmNameNullOrEmpty(); + } + if (padding == null) { + throw new ArgumentNullException("padding"); + } + + byte[] hash = HashData(data, offset, count, hashAlgorithm); + return SignHash(hash, hashAlgorithm, padding); + } + + public virtual byte[] SignData(Stream data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { + if (data == null) { + throw new ArgumentNullException("data"); + } + if (String.IsNullOrEmpty(hashAlgorithm.Name)) { + throw HashAlgorithmNameNullOrEmpty(); + } + if (padding == null) { + throw new ArgumentNullException("padding"); + } + + byte[] hash = HashData(data, hashAlgorithm); + return SignHash(hash, hashAlgorithm, padding); + } + + public bool VerifyData(byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { + if (data == null) { + throw new ArgumentNullException("data"); + } + return VerifyData(data, 0, data.Length, signature, hashAlgorithm, padding); + } + + public virtual bool VerifyData(byte[] data, int offset, int count, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { + if (data == null) { + throw new ArgumentNullException("data"); + } + if (offset < 0 || offset > data.Length) { + throw new ArgumentOutOfRangeException("offset"); + } + if (count < 0 || count > data.Length - offset) { + throw new ArgumentOutOfRangeException("count"); + } + if (signature == null) { + throw new ArgumentNullException("signature"); + } + if (String.IsNullOrEmpty(hashAlgorithm.Name)) { + throw HashAlgorithmNameNullOrEmpty(); + } + if (padding == null) { + throw new ArgumentNullException("padding"); + } + + byte[] hash = HashData(data, offset, count, hashAlgorithm); + return VerifyHash(hash, signature, hashAlgorithm, padding); + } + + public bool VerifyData(Stream data, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { + if (data == null) { + throw new ArgumentNullException("data"); + } + if (signature == null) { + throw new ArgumentNullException("signature"); + } + if (String.IsNullOrEmpty(hashAlgorithm.Name)) { + throw HashAlgorithmNameNullOrEmpty(); + } + if (padding == null) { + throw new ArgumentNullException("padding"); + } + + byte[] hash = HashData(data, hashAlgorithm); + return VerifyHash(hash, signature, hashAlgorithm, padding); + } + + private static Exception DerivedClassMustOverride() { + return new NotImplementedException(Environment.GetResourceString("NotSupported_SubclassOverride")); + } + + internal static Exception HashAlgorithmNameNullOrEmpty() { + return new ArgumentException(Environment.GetResourceString("Cryptography_HashAlgorithmNameNullOrEmpty"), "hashAlgorithm"); + } + + // + // Legacy encrypt/decrypt RSA abstraction from .NET < 4.6 + // + // These should be obsolete, but we can't mark them as such here due to rules around not introducing + // source breaks to scenarios that compile against the GAC. + // + // They used to be abstract, but the only concrete implementation in RSACryptoServiceProvider threw + // NotSupportedException! This has been moved up to the base so all subclasses can ignore them moving forward. + // They will also be removed from .NET Core altogether. + // + // The original intent was for these to perform the RSA algorithm without padding/depadding. This can + // be seen by how the RSAXxx(De)Formatter classes call them in the non-RSACryptoServiceProvider case -- + // they do the padding/depadding in managed code. + // + // Unfortunately, these formatter classes are still incompatible with RSACng or any derived class that does not + // implement EncryptValue, DecryptValue as the formatters speculatively expected non-RSACryptoServiceProvider + // to do. That needs to be fixed in a subsequent release. We can still do it as it would move an exception to a + // correct result... + // + + // [Obsolete] + public virtual byte[] DecryptValue(byte[] rgb) { + throw new NotSupportedException(Environment.GetResourceString("NotSupported_Method")); + } + + // [Obsolete] + public virtual byte[] EncryptValue(byte[] rgb) { + throw new NotSupportedException(Environment.GetResourceString("NotSupported_Method")); + } + + // + // These should also be obsolete (on the base). They aren't well defined nor are they used + // anywhere in the FX apart from checking that they're not null. + // + // For new derived RSA classes, we'll just return "RSA" which is analagous to what ECDsa + // and ECDiffieHellman do. + // + // Note that for compat, RSACryptoServiceProvider still overrides and returns RSA-PKCS1-KEYEX + // and http://www.w3.org/2000/09/xmldsig#rsa-sha1 + // + + public override string KeyExchangeAlgorithm { + get { return "RSA"; } + } + + public override string SignatureAlgorithm { + get { return "RSA"; } + } - // Apply the public key to the data. Again, this is a raw operation, no - // automatic padding. - abstract public byte[] EncryptValue(byte[] rgb); // Import/export functions diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsacryptoserviceprovider.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsacryptoserviceprovider.cs index fd285c5514a..e27577d7a9c 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsacryptoserviceprovider.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsacryptoserviceprovider.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -502,5 +502,145 @@ namespace System.Security.Cryptography { private static bool IsPublic(RSAParameters rsaParams) { return (rsaParams.P == null); } + + // + // Adapt new RSA abstraction to legacy RSACryptoServiceProvider surface area. + // + + // NOTE: For the new API, we go straight to CAPI for fixed set of hash algorithms and don't use crypto config here. + // + // Reasons: + // 1. We're moving away from crypto config and we won't have it when porting to .NET Core + // + // 2. It's slow to lookup and slow to use as the base HashAlgorithm adds considerable overhead + // (redundant defensive copy + double-initialization for the single-use case). + // + + [SecuritySafeCritical] + protected override byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) { + // we're sealed and the base should have checked this already + Contract.Assert(data != null); + Contract.Assert(offset >= 0 && offset <= data.Length); + Contract.Assert(count >= 0 && count <= data.Length); + Contract.Assert(!String.IsNullOrEmpty(hashAlgorithm.Name)); + + using (SafeHashHandle hashHandle = Utils.CreateHash(Utils.StaticProvHandle, GetAlgorithmId(hashAlgorithm))) { + Utils.HashData(hashHandle, data, offset, count); + return Utils.EndHash(hashHandle); + } + } + + [SecuritySafeCritical] + protected override byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) { + // we're sealed and the base should have checked this already + Contract.Assert(data != null); + Contract.Assert(!String.IsNullOrEmpty(hashAlgorithm.Name)); + + using (SafeHashHandle hashHandle = Utils.CreateHash(Utils.StaticProvHandle, GetAlgorithmId(hashAlgorithm))) { + // Read the data 4KB at a time, providing similar read characteristics to a standard HashAlgorithm + byte[] buffer = new byte[4096]; + int bytesRead = 0; + do { + bytesRead = data.Read(buffer, 0, buffer.Length); + if (bytesRead > 0) { + Utils.HashData(hashHandle, buffer, 0, bytesRead); + } + } while (bytesRead > 0); + + return Utils.EndHash(hashHandle); + } + } + + private static int GetAlgorithmId(HashAlgorithmName hashAlgorithm) { + switch (hashAlgorithm.Name) { + case "MD5": + return Constants.CALG_MD5; + case "SHA1": + return Constants.CALG_SHA1; + case "SHA256": + return Constants.CALG_SHA_256; + case "SHA384": + return Constants.CALG_SHA_384; + case "SHA512": + return Constants.CALG_SHA_512; + default: + throw new CryptographicException(Environment.GetResourceString("Cryptography_UnknownHashAlgorithm", hashAlgorithm.Name)); + } + } + + public override byte[] Encrypt(byte[] data, RSAEncryptionPadding padding) { + if (data == null) { + throw new ArgumentNullException("data"); + } + if (padding == null) { + throw new ArgumentNullException("padding"); + } + + if (padding == RSAEncryptionPadding.Pkcs1) { + return Encrypt(data, fOAEP: false); + } else if (padding == RSAEncryptionPadding.OaepSHA1) { + return Encrypt(data, fOAEP: true); + } else { + throw PaddingModeNotSupported(); + } + } + + public override byte[] Decrypt(byte[] data, RSAEncryptionPadding padding) { + if (data == null) { + throw new ArgumentNullException("data"); + } + if (padding == null) { + throw new ArgumentNullException("padding"); + } + + if (padding == RSAEncryptionPadding.Pkcs1) { + return Decrypt(data, fOAEP: false); + } else if (padding == RSAEncryptionPadding.OaepSHA1) { + return Decrypt(data, fOAEP: true); + } else { + throw PaddingModeNotSupported(); + } + } + + public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { + if (hash == null) { + throw new ArgumentNullException("hash"); + } + if (String.IsNullOrEmpty(hashAlgorithm.Name)) { + throw HashAlgorithmNameNullOrEmpty(); + } + if (padding == null) { + throw new ArgumentNullException("padding"); + } + if (padding != RSASignaturePadding.Pkcs1) { + throw PaddingModeNotSupported(); + } + + return SignHash(hash, GetAlgorithmId(hashAlgorithm)); + } + + public override bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { + if (hash == null) { + throw new ArgumentNullException("hash"); + } + if (signature == null) { + throw new ArgumentNullException("signature"); + } + if (String.IsNullOrEmpty(hashAlgorithm.Name)) { + throw HashAlgorithmNameNullOrEmpty(); + } + if (padding == null) { + throw new ArgumentNullException("padding"); + } + if (padding != RSASignaturePadding.Pkcs1) { + throw PaddingModeNotSupported(); + } + + return VerifyHash(hash, GetAlgorithmId(hashAlgorithm), signature); + } + + private static Exception PaddingModeNotSupported() { + return new CryptographicException(Environment.GetResourceString("Cryptography_InvalidPaddingMode")); + } } } diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsaoaepkeyexchangedeformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsaoaepkeyexchangedeformatter.cs index 416b29f5079..87910a4e171 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsaoaepkeyexchangedeformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsaoaepkeyexchangedeformatter.cs @@ -4,7 +4,7 @@ using System.Diagnostics.Contracts; // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Cryptography { diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsaoaepkeyexchangeformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsaoaepkeyexchangeformatter.cs index 68746fe1773..3162663047a 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsaoaepkeyexchangeformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsaoaepkeyexchangeformatter.cs @@ -4,7 +4,7 @@ using System.Diagnostics.Contracts; // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Cryptography { diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1keyexchangedeformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1keyexchangedeformatter.cs index ed412c64dba..3ea79366871 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1keyexchangedeformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1keyexchangedeformatter.cs @@ -4,7 +4,7 @@ using System.Diagnostics.Contracts; // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Cryptography { diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1keyexchangeformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1keyexchangeformatter.cs index 19f34b6d6fb..a741449a8bd 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1keyexchangeformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1keyexchangeformatter.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Cryptography { diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1signaturedeformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1signaturedeformatter.cs index 01363fefbdd..3c500c5fdb6 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1signaturedeformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1signaturedeformatter.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1signatureformatter.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1signatureformatter.cs index 249ea4b072c..9157b7bf243 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1signatureformatter.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/rsapkcs1signatureformatter.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/safecryptohandles.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/safecryptohandles.cs index 19b8885deef..e7dc76c0944 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/safecryptohandles.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/safecryptohandles.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1.cs index 772e725d66a..c1a4b21232c 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1cryptoserviceprovider.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1cryptoserviceprovider.cs index ed886250ff9..0b25472e251 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1cryptoserviceprovider.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1cryptoserviceprovider.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1managed.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1managed.cs index ef07a4b17c8..863cea2e183 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1managed.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha1managed.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha256.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha256.cs index e403045f332..5230a1eaebc 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha256.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha256.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha256managed.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha256managed.cs index 41711c80843..242bfff1b17 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha256managed.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha256managed.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha384.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha384.cs index 268be7eae9b..64036523daa 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha384.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha384.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha384managed.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha384managed.cs index d17eaaa5301..c10ab52f6d6 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha384managed.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha384managed.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha512.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha512.cs index cfff7e2bb3a..a5e1a9f80b4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha512.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha512.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha512managed.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha512managed.cs index 31641440b60..20ec6a6b7b7 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/sha512managed.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/sha512managed.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/signaturedescription.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/signaturedescription.cs index f115e8afc39..4f02d3702c8 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/signaturedescription.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/signaturedescription.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/symmetricalgorithm.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/symmetricalgorithm.cs index e1b332657ac..d2c2a022b20 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/symmetricalgorithm.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/symmetricalgorithm.cs @@ -4,7 +4,7 @@ using System.Diagnostics.Contracts; // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -41,9 +41,12 @@ namespace System.Security.Cryptography { // implementation. Post-Orcas the desktop has an implicit IDispoable implementation. #if FEATURE_CORECLR void IDisposable.Dispose() -#else - public void Dispose() + { + Dispose(); + } #endif // FEATURE_CORECLR + + public void Dispose() { Dispose(true); GC.SuppressFinalize(this); diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/tripledes.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/tripledes.cs index 2481830012f..c26517093e3 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/tripledes.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/tripledes.cs @@ -4,7 +4,7 @@ using System.Diagnostics.Contracts; // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/tripledescryptoserviceprovider.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/tripledescryptoserviceprovider.cs index aaa5948e46b..25e63a78a89 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/tripledescryptoserviceprovider.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/tripledescryptoserviceprovider.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/utils.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/utils.cs index f18ade9e402..c9677213bcc 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/utils.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/utils.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -87,7 +87,7 @@ namespace System.Security.Cryptography internal const int CALG_RC4 = (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_STREAM | 1); #endif // FEATURE_CRYPTO - internal const int PROV_RSA_FULL = 1; + internal const int PROV_RSA_FULL = 1; internal const int PROV_DSS_DH = 13; internal const int PROV_RSA_AES = 24; @@ -142,6 +142,10 @@ namespace System.Security.Cryptography { } + // Provider type to use by default for RSA operations. We want to use RSA-AES CSP + // since it enables access to SHA-2 operations. All currently supported OSes support RSA-AES. + internal const int DefaultRsaProviderType = Constants.PROV_RSA_AES; +#if !MONO #if FEATURE_CRYPTO || FEATURE_LEGACYNETCFCRYPTO // Private object for locking instead of locking on a public type for SQL reliability work. private static Object s_InternalSyncObject = new Object(); @@ -149,40 +153,7 @@ namespace System.Security.Cryptography private static Object InternalSyncObject { get { return s_InternalSyncObject; } } -#endif // FEATURE_CRYPTO || FEATURE_LEGACYNETCFCRYPTO - - // Provider type to use by default for RSA operations. On systems which support the RSA-AES CSP, we - // want to use that since it enables access to SHA-2 operations, downlevel we fall back to the - // RSA-FULL CSP. - private static volatile int _defaultRsaProviderType; - private static volatile bool _haveDefaultRsaProviderType; - internal static int DefaultRsaProviderType - { - get { - if (!_haveDefaultRsaProviderType) - { -#if MONO - // The default provider value must remain 1 for Mono, otherwise we won't be able - // to locate keypairs that were serialized by Mono versions 4.0 and lower. - // (The ProviderType property in the CspParameters class affects serialization) - _defaultRsaProviderType = 1; -#else - // The AES CSP is only supported on WinXP and higher - bool osSupportsAesCsp = Environment.OSVersion.Platform == PlatformID.Win32NT && - (Environment.OSVersion.Version.Major > 5 || - (Environment.OSVersion.Version.Major == 5 && Environment.OSVersion.Version.Minor >= 1)); - - _defaultRsaProviderType = osSupportsAesCsp ? Constants.PROV_RSA_AES : Constants.PROV_RSA_FULL; -#endif - _haveDefaultRsaProviderType = true; - } - return _defaultRsaProviderType; - } - } -#if !MONO -#if FEATURE_CRYPTO || FEATURE_LEGACYNETCFCRYPTO -#if !FEATURE_PAL [System.Security.SecurityCritical] // auto-generated private static volatile SafeProvHandle _safeProvHandle; internal static SafeProvHandle StaticProvHandle { @@ -191,16 +162,13 @@ namespace System.Security.Cryptography if (_safeProvHandle == null) { lock (InternalSyncObject) { if (_safeProvHandle == null) { - SafeProvHandle safeProvHandle = AcquireProvHandle(new CspParameters(DefaultRsaProviderType)); - Thread.MemoryBarrier(); - _safeProvHandle = safeProvHandle; + _safeProvHandle = AcquireProvHandle(new CspParameters(DefaultRsaProviderType)); } } } return _safeProvHandle; } } -#endif // !FEATURE_PAL [System.Security.SecurityCritical] // auto-generated private static volatile SafeProvHandle _safeDssProvHandle; @@ -210,9 +178,7 @@ namespace System.Security.Cryptography if (_safeDssProvHandle == null) { lock (InternalSyncObject) { if (_safeDssProvHandle == null) { - SafeProvHandle safeProvHandle = CreateProvHandle(new CspParameters(Constants.PROV_DSS_DH), true); - Thread.MemoryBarrier(); - _safeDssProvHandle = safeProvHandle; + _safeDssProvHandle = CreateProvHandle(new CspParameters(Constants.PROV_DSS_DH), true); } } } @@ -512,8 +478,9 @@ namespace System.Security.Cryptography } } #endif // FEATURE_CRYPTO + #endif - private static volatile RNGCryptoServiceProvider _rng = null; + private static volatile RNGCryptoServiceProvider _rng; internal static RNGCryptoServiceProvider StaticRandomNumberGenerator { get { if (_rng == null) diff --git a/mcs/class/referencesource/mscorlib/system/security/cryptography/x509certificates/x509certificate.cs b/mcs/class/referencesource/mscorlib/system/security/cryptography/x509certificates/x509certificate.cs index 114fbc7241b..31d9a126e94 100644 --- a/mcs/class/referencesource/mscorlib/system/security/cryptography/x509certificates/x509certificate.cs +++ b/mcs/class/referencesource/mscorlib/system/security/cryptography/x509certificates/x509certificate.cs @@ -26,9 +26,7 @@ namespace System.Security.Cryptography.X509Certificates { [System.Runtime.InteropServices.ComVisible(true)] public enum X509ContentType { Unknown = 0x00, - Cert = 0x01 -#if !FEATURE_CORECLR - , + Cert = 0x01, SerializedCert = 0x02, #if !FEATURE_PAL Pfx = 0x03, @@ -37,7 +35,6 @@ namespace System.Security.Cryptography.X509Certificates { SerializedStore = 0x04, Pkcs7 = 0x05, Authenticode = 0x06 -#endif // !FEATURE_CORECLR } // DefaultKeySet, UserKeySet and MachineKeySet are mutually exclusive @@ -45,20 +42,20 @@ namespace System.Security.Cryptography.X509Certificates { [Flags] [System.Runtime.InteropServices.ComVisible(true)] public enum X509KeyStorageFlags { - DefaultKeySet = 0x00 -#if !FEATURE_CORECLR - , + DefaultKeySet = 0x00, UserKeySet = 0x01, MachineKeySet = 0x02, Exportable = 0x04, UserProtected = 0x08, PersistKeySet = 0x10 -#endif // !FEATURE_CORECLR } [Serializable] [System.Runtime.InteropServices.ComVisible(true)] - public class X509Certificate : IDeserializationCallback, ISerializable { + public class X509Certificate : + IDisposable, + IDeserializationCallback, + ISerializable { private const string m_format = "X509"; private string m_subjectName; private string m_issuerName; @@ -416,7 +413,6 @@ namespace System.Security.Cryptography.X509Certificates { CultureInfo culture = CultureInfo.CurrentCulture; if (!culture.DateTimeFormat.Calendar.IsValidDay(date.Year, date.Month, date.Day, 0)) { -#if !FEATURE_ONLY_CORE_CALENDARS // The most common case of culture failing to work is in the Um-AlQuara calendar. In this case, // we can fall back to the Hijri calendar, otherwise fall back to the invariant culture. if (culture.DateTimeFormat.Calendar is UmAlQuraCalendar) { @@ -424,7 +420,6 @@ namespace System.Security.Cryptography.X509Certificates { culture.DateTimeFormat.Calendar = new HijriCalendar(); } else -#endif // !FEATURE_ONLY_CORE_CALENDARS { culture = CultureInfo.InvariantCulture; } @@ -577,6 +572,17 @@ namespace System.Security.Cryptography.X509Certificates { } m_certContextCloned = false; } + + public void Dispose() { + Dispose(true); + } + + [System.Security.SecuritySafeCritical] + protected virtual void Dispose(bool disposing) { + if (disposing) { + Reset(); + } + } #if FEATURE_SERIALIZATION /// <internalonly/> diff --git a/mcs/class/referencesource/mscorlib/system/security/framesecuritydescriptor.cs b/mcs/class/referencesource/mscorlib/system/security/framesecuritydescriptor.cs index 42b2db3370d..92f4f22dfa3 100644 --- a/mcs/class/referencesource/mscorlib/system/security/framesecuritydescriptor.cs +++ b/mcs/class/referencesource/mscorlib/system/security/framesecuritydescriptor.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> namespace System.Security { using System.Text; using System.Runtime.CompilerServices; @@ -45,10 +45,10 @@ namespace System.Security { // Used during exceptionstackwalks to revert impersonation before calling filters [System.Security.SecurityCritical] // auto-generated [NonSerialized] - private SafeTokenHandle m_callerToken; + private SafeAccessTokenHandle m_callerToken; [System.Security.SecurityCritical] // auto-generated [NonSerialized] - private SafeTokenHandle m_impToken; + private SafeAccessTokenHandle m_impToken; #endif private bool m_AssertFT; @@ -198,10 +198,10 @@ namespace System.Security { } #if !FEATURE_PAL //-----------------------------------------------------------+ - // SafeTokenHandle (Impersonation + EH purposes) + // SafeAccessTokenHandle (Impersonation + EH purposes) //-----------------------------------------------------------+ [System.Security.SecurityCritical] // auto-generated - internal void SetTokenHandles (SafeTokenHandle callerToken, SafeTokenHandle impToken) + internal void SetTokenHandles (SafeAccessTokenHandle callerToken, SafeAccessTokenHandle impToken) { m_callerToken = callerToken; m_impToken = impToken; diff --git a/mcs/class/referencesource/mscorlib/system/security/hostprotectionexception.cs b/mcs/class/referencesource/mscorlib/system/security/hostprotectionexception.cs index 638ddf75b44..ee480cb7f62 100644 --- a/mcs/class/referencesource/mscorlib/system/security/hostprotectionexception.cs +++ b/mcs/class/referencesource/mscorlib/system/security/hostprotectionexception.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // /*============================================================================= diff --git a/mcs/class/referencesource/mscorlib/system/security/hostsecuritymanager.cs b/mcs/class/referencesource/mscorlib/system/security/hostsecuritymanager.cs index 113a75e1fc3..4d90a44fc55 100644 --- a/mcs/class/referencesource/mscorlib/system/security/hostsecuritymanager.cs +++ b/mcs/class/referencesource/mscorlib/system/security/hostsecuritymanager.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/ievidencefactory.cs b/mcs/class/referencesource/mscorlib/system/security/ievidencefactory.cs index 87965215834..1e0a1e5d346 100644 --- a/mcs/class/referencesource/mscorlib/system/security/ievidencefactory.cs +++ b/mcs/class/referencesource/mscorlib/system/security/ievidencefactory.cs @@ -5,7 +5,7 @@ // ==--== // IEvidenceFactory.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // namespace System.Security { diff --git a/mcs/class/referencesource/mscorlib/system/security/ipermission.cs b/mcs/class/referencesource/mscorlib/system/security/ipermission.cs index 54b32bb8b8a..f88a7811c3c 100644 --- a/mcs/class/referencesource/mscorlib/system/security/ipermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/ipermission.cs @@ -5,7 +5,7 @@ // ==--== // IPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // Defines the interface that all Permission objects must support. // diff --git a/mcs/class/referencesource/mscorlib/system/security/isecurityencodable.cs b/mcs/class/referencesource/mscorlib/system/security/isecurityencodable.cs index 0a39aa5506f..8b22b5979ce 100644 --- a/mcs/class/referencesource/mscorlib/system/security/isecurityencodable.cs +++ b/mcs/class/referencesource/mscorlib/system/security/isecurityencodable.cs @@ -5,7 +5,7 @@ // ==--== // ISecurityEncodable.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // All encodable security classes that support encoding need to // implement this interface diff --git a/mcs/class/referencesource/mscorlib/system/security/isecuritypolicyencodable.cs b/mcs/class/referencesource/mscorlib/system/security/isecuritypolicyencodable.cs index 4b9d1df4118..9cfc6bbfa60 100644 --- a/mcs/class/referencesource/mscorlib/system/security/isecuritypolicyencodable.cs +++ b/mcs/class/referencesource/mscorlib/system/security/isecuritypolicyencodable.cs @@ -5,7 +5,7 @@ // ==--== // ISecurityPolicyEncodable.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // All encodable security classes that support encoding need to // implement this interface diff --git a/mcs/class/referencesource/mscorlib/system/security/istackwalk.cs b/mcs/class/referencesource/mscorlib/system/security/istackwalk.cs index adcec6d912e..d877e7927eb 100644 --- a/mcs/class/referencesource/mscorlib/system/security/istackwalk.cs +++ b/mcs/class/referencesource/mscorlib/system/security/istackwalk.cs @@ -5,7 +5,7 @@ // ==--== // IStackWalk.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // namespace System.Security diff --git a/mcs/class/referencesource/mscorlib/system/security/namedpermissionset.cs b/mcs/class/referencesource/mscorlib/system/security/namedpermissionset.cs index d2baa4899db..24629138dd9 100644 --- a/mcs/class/referencesource/mscorlib/system/security/namedpermissionset.cs +++ b/mcs/class/referencesource/mscorlib/system/security/namedpermissionset.cs @@ -5,7 +5,7 @@ // ==--== // NamedPermissionSet.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Extends PermissionSet to allow an associated name and description // diff --git a/mcs/class/referencesource/mscorlib/system/security/permissionlistset.cs b/mcs/class/referencesource/mscorlib/system/security/permissionlistset.cs index fa855d0fae0..27cf6cd5aa0 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissionlistset.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissionlistset.cs @@ -7,8 +7,8 @@ ** ** Class: PermissionListSet.cs ** -** <OWNER>[....]</OWNER> -** <OWNER>[....]</OWNER> +** <OWNER>Microsoft</OWNER> +** <OWNER>Microsoft</OWNER> ** ** Purpose: Holds state about A/G/R permissionsets in a callstack or appdomain ** (Replacement for PermissionListSet) diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/environmentpermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/environmentpermission.cs index 5da4d1999f3..9b86f00aaa8 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/environmentpermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/environmentpermission.cs @@ -5,7 +5,7 @@ // ==--== // EnvironmentPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions { diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/filedialogpermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/filedialogpermission.cs index a46bc0dc8ff..55308ce4e81 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/filedialogpermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/filedialogpermission.cs @@ -5,7 +5,7 @@ // ==--== // FileDialogPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions { diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/fileiopermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/fileiopermission.cs index c138bbefecc..a1861b1f478 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/fileiopermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/fileiopermission.cs @@ -5,7 +5,7 @@ // ==--== // FileIOPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions { @@ -940,6 +940,40 @@ namespace System.Security.Permissions { // This implementation is only to silence a compiler warning. return base.GetHashCode(); } + + /// <summary> + /// Call this method if you don't need a the FileIOPermission for anything other than calling Demand() once. + /// + /// This method tries to verify full access before allocating a FileIOPermission object. + /// If full access is there, then we still have to emulate the checks that creating the + /// FileIOPermission object would have performed. + /// + /// IMPORTANT: This method should only be used after calling GetFullPath on the path to verify + /// + /// </summary> + /// <param name="access"></param> + /// <param name="path"></param> + /// <param name="checkForDuplicates"></param> + /// <param name="needFullPath"></param> + [System.Security.SecuritySafeCritical] + internal static void QuickDemand(FileIOPermissionAccess access, string fullPath, bool checkForDuplicates, bool needFullPath) + { + if (!CodeAccessSecurityEngine.QuickCheckForAllDemands()) + { + new FileIOPermission(access, new string[] { fullPath }, checkForDuplicates, needFullPath).Demand(); + } + else + { + //Emulate FileIOPermission checks + Path.CheckInvalidPathChars(fullPath, true); + + if (fullPath.Length > 2 && fullPath.IndexOf(':', 2) != -1) + { + throw new NotSupportedException(Environment.GetResourceString("Argument_PathFormatNotSupported")); + } + } + } + } [Serializable] @@ -1214,13 +1248,8 @@ namespace System.Security.Permissions { private static String GetRoot( String path ) { -#if !PLATFORM_UNIX String str = path.Substring( 0, 3 ); if (str.EndsWith( ":\\", StringComparison.Ordinal)) -#else - String str = path.Substring( 0, 1 ); - if(str == "/") -#endif // !PLATFORM_UNIX { return str; } diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/gacidentitypermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/gacidentitypermission.cs index 0f130ad1339..df59f63a298 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/gacidentitypermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/gacidentitypermission.cs @@ -5,7 +5,7 @@ // ==--== // GacIdentityPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/hostprotectionpermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/hostprotectionpermission.cs index 9ade132ea2e..837cac3c1e0 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/hostprotectionpermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/hostprotectionpermission.cs @@ -5,7 +5,7 @@ // ==--== // HostProtectionPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions @@ -22,7 +22,7 @@ namespace System.Security.Permissions using System.Globalization; using System.Diagnostics.Contracts; - // Keep this enum in [....] with tools\ngen\ngen.cpp and inc\mscoree.idl + // Keep this enum in sync with tools\ngen\ngen.cpp and inc\mscoree.idl [Serializable] [Flags] @@ -47,6 +47,11 @@ namespace System.Security.Permissions [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor | AttributeTargets.Class | AttributeTargets.Struct | AttributeTargets.Assembly | AttributeTargets.Delegate, AllowMultiple = true, Inherited = false )] [System.Runtime.InteropServices.ComVisible(true)] [Serializable] +#if FEATURE_CORECLR + // This needs to be in the asmmeta to enable SecAnnotate to successfully resolve and run the security rules. It gets marked + // as internal by BCLRewriter so we are simply marking it as FriendAccessAllowed so it stays in the asmmeta. + [System.Runtime.CompilerServices.FriendAccessAllowedAttribute] +#endif // FEATURE_CORECLR #pragma warning disable 618 sealed public class HostProtectionAttribute : CodeAccessSecurityAttribute #pragma warning restore 618 diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/ibuiltinpermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/ibuiltinpermission.cs index 4ad75f52ed9..eb7a6ce1ad8 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/ibuiltinpermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/ibuiltinpermission.cs @@ -5,7 +5,7 @@ // ==--== // IBuiltInPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/isolatedstoragefilepermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/isolatedstoragefilepermission.cs index 031cf0983c5..e52c1caf1ef 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/isolatedstoragefilepermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/isolatedstoragefilepermission.cs @@ -4,7 +4,7 @@ // // ==--== // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Purpose : This permission is used to controls/administer access to // IsolatedStorageFile diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/isolatedstoragepermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/isolatedstoragepermission.cs index 7fad3c55ed3..69c7f743a89 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/isolatedstoragepermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/isolatedstoragepermission.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions { diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/iunrestrictedpermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/iunrestrictedpermission.cs index f1cc3cfa19c..5d8eb0a5922 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/iunrestrictedpermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/iunrestrictedpermission.cs @@ -5,7 +5,7 @@ // ==--== // IUnrestrictedPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // namespace System.Security.Permissions { diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/keycontainerpermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/keycontainerpermission.cs index a606bf2ca0e..0afd60558c8 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/keycontainerpermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/keycontainerpermission.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/permissionattributes.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/permissionattributes.cs index 09f2ae38647..1e36a44ecb4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/permissionattributes.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/permissionattributes.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> namespace System.Security.Permissions { diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/permissionstate.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/permissionstate.cs index b8b0b00ba50..c736ccc6aa2 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/permissionstate.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/permissionstate.cs @@ -5,7 +5,7 @@ // ==--== // PermissionState.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // The Runtime policy manager. Maintains a set of IdentityMapper objects that map // inbound evidence to groups. Resolves an identity into a set of permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/principalpermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/principalpermission.cs index 7598e6286ef..4ed6ff549dd 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/principalpermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/principalpermission.cs @@ -5,7 +5,7 @@ // ==--== // PrincipalPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/publisheridentitypermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/publisheridentitypermission.cs index 7c41b3be1cd..5f78b238df5 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/publisheridentitypermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/publisheridentitypermission.cs @@ -5,7 +5,7 @@ // ==--== // PublisherIdentityPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/reflectionpermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/reflectionpermission.cs index 00e79a1ee0c..7e0d2fd2762 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/reflectionpermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/reflectionpermission.cs @@ -5,7 +5,7 @@ // ==--== // ReflectionPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/registrypermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/registrypermission.cs index 0805d55ac21..1f7cfddeb89 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/registrypermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/registrypermission.cs @@ -5,7 +5,7 @@ // ==--== // RegistryPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/securitypermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/securitypermission.cs index 18b328f88fb..1e501c5997e 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/securitypermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/securitypermission.cs @@ -5,7 +5,7 @@ // ==--== // SecurityPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/siteidentitypermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/siteidentitypermission.cs index d08ccce13ca..a6c530be87e 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/siteidentitypermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/siteidentitypermission.cs @@ -5,7 +5,7 @@ // ==--== // SiteIdentityPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/strongnameidentitypermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/strongnameidentitypermission.cs index 31cbc12167b..1ab3804bdc1 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/strongnameidentitypermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/strongnameidentitypermission.cs @@ -6,7 +6,7 @@ // ==--== // StrongNameIdentityPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/strongnamepublickeyblob.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/strongnamepublickeyblob.cs index 2367f8ba842..ac3cac3e2c0 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/strongnamepublickeyblob.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/strongnamepublickeyblob.cs @@ -5,7 +5,7 @@ // ==--== // StrongNamePublicKeyBlob.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/uipermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/uipermission.cs index dea740ad6f7..6e34b862759 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/uipermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/uipermission.cs @@ -5,7 +5,7 @@ // ==--== // UIPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/urlidentitypermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/urlidentitypermission.cs index ce61fad8493..bab282e8893 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/urlidentitypermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/urlidentitypermission.cs @@ -5,7 +5,7 @@ // ==--== // UrlIdentityPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissions/zoneidentitypermission.cs b/mcs/class/referencesource/mscorlib/system/security/permissions/zoneidentitypermission.cs index 6b3f6c56be3..13574f3f265 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissions/zoneidentitypermission.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissions/zoneidentitypermission.cs @@ -5,7 +5,7 @@ // ==--== // ZoneIdentityPermission.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Permissions diff --git a/mcs/class/referencesource/mscorlib/system/security/permissionset.cs b/mcs/class/referencesource/mscorlib/system/security/permissionset.cs index 1edd3c8ad16..b7118829962 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissionset.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissionset.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security { diff --git a/mcs/class/referencesource/mscorlib/system/security/permissionsetenumerator.cs b/mcs/class/referencesource/mscorlib/system/security/permissionsetenumerator.cs index e65e24d5040..c8f04173903 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissionsetenumerator.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissionsetenumerator.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security diff --git a/mcs/class/referencesource/mscorlib/system/security/permissionsettriple.cs b/mcs/class/referencesource/mscorlib/system/security/permissionsettriple.cs index f319aa37114..170cd203378 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissionsettriple.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissionsettriple.cs @@ -7,7 +7,7 @@ ** ** Class: PermissionSetTriple ** -** <OWNER>[....]</OWNER> +** <OWNER>Microsoft</OWNER> ** ** Purpose: Container class for holding an AppDomain's Grantset and Refused sets. ** Also used for CompressedStacks which brings in the third PermissionSet. diff --git a/mcs/class/referencesource/mscorlib/system/security/permissiontoken.cs b/mcs/class/referencesource/mscorlib/system/security/permissiontoken.cs index bb328a7e669..92051b8ee6e 100644 --- a/mcs/class/referencesource/mscorlib/system/security/permissiontoken.cs +++ b/mcs/class/referencesource/mscorlib/system/security/permissiontoken.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> namespace System.Security { using System; using System.Security.Util; diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/allmembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/allmembershipcondition.cs index 9b517b50349..e6d327d14f2 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/allmembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/allmembershipcondition.cs @@ -5,7 +5,7 @@ // ==--== // AllMembershipCondition.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Simple IMembershipCondition implementation that always passes // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/applicationdirectory.cs b/mcs/class/referencesource/mscorlib/system/security/policy/applicationdirectory.cs index b521a618d22..3b568460ecd 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/applicationdirectory.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/applicationdirectory.cs @@ -5,7 +5,7 @@ // ==--== // ApplicationDirectory.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // ApplicationDirectory is an evidence type representing the directory the assembly // was loaded from. diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/applicationdirectorymembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/applicationdirectorymembershipcondition.cs index 97194d1142c..5bc3e8dffa8 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/applicationdirectorymembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/applicationdirectorymembershipcondition.cs @@ -5,7 +5,7 @@ // ==--== // ApplicationDirectoryMembershipCondition.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Implementation of membership condition for "application directories" // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/applicationsecurityinfo.cs b/mcs/class/referencesource/mscorlib/system/security/policy/applicationsecurityinfo.cs index 825d6b02787..477b44575ea 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/applicationsecurityinfo.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/applicationsecurityinfo.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/applicationsecuritymanager.cs b/mcs/class/referencesource/mscorlib/system/security/policy/applicationsecuritymanager.cs index 07c3d8267df..d3bbfbd9cd4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/applicationsecuritymanager.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/applicationsecuritymanager.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/applicationtrust.cs b/mcs/class/referencesource/mscorlib/system/security/policy/applicationtrust.cs index 11092a47e25..c93e68a367a 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/applicationtrust.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/applicationtrust.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -55,11 +55,11 @@ namespace System.Security.Policy { private IList<StrongName> m_fullTrustAssemblies; // Permission special flags for the default grant set in this ApplicationTrust. This should be - // updated in [....] with any updates to the default grant set. + // updated in sync with any updates to the default grant set. // // In the general case, these values cannot be trusted - we only store a reference to the // DefaultGrantSet, and return the reference directly, which means that code can update the - // permission set without our knowledge. That would lead to the flags getting out of [....] with the + // permission set without our knowledge. That would lead to the flags getting out of sync with the // grant set. // // However, we only care about these flags when we're creating a homogenous AppDomain, and in that diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/assemblyevidencefactory.cs b/mcs/class/referencesource/mscorlib/system/security/policy/assemblyevidencefactory.cs index cdd0434f7b7..df5f539e8af 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/assemblyevidencefactory.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/assemblyevidencefactory.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using System; diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/codegroup.cs b/mcs/class/referencesource/mscorlib/system/security/policy/codegroup.cs index d7e9a65339d..a6439b55253 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/codegroup.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/codegroup.cs @@ -5,7 +5,7 @@ // ==--== // CodeGroup.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Representation for code groups used for the policy mechanism // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/evidence.cs b/mcs/class/referencesource/mscorlib/system/security/policy/evidence.cs index 41cc55871e6..a3e9ab07c25 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/evidence.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/evidence.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Policy diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/evidencebase.cs b/mcs/class/referencesource/mscorlib/system/security/policy/evidencebase.cs index daf220938f1..30a8fbee735 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/evidencebase.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/evidencebase.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using System; @@ -166,7 +166,7 @@ namespace System.Security.Policy { Contract.Assert(evidence != null); Contract.Assert(m_legacyEvidenceList.Count == 0 || EvidenceType == evidence.GetType() || (evidence is LegacyEvidenceWrapper && (evidence as LegacyEvidenceWrapper).EvidenceType == EvidenceType), - "LegacyEvidenceList must be ----geonous"); + "LegacyEvidenceList must be homogeonous"); Contract.Assert(evidence.GetType() != typeof(LegacyEvidenceList), "Attempt to add a legacy evidence list to another legacy evidence list"); diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/evidencetypedescriptor.cs b/mcs/class/referencesource/mscorlib/system/security/policy/evidencetypedescriptor.cs index b45c5411321..ce063253c3e 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/evidencetypedescriptor.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/evidencetypedescriptor.cs @@ -2,7 +2,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using System; diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/filecodegroup.cs b/mcs/class/referencesource/mscorlib/system/security/policy/filecodegroup.cs index e3a2bb4879a..d36c6402a74 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/filecodegroup.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/filecodegroup.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/firstmatchcodegroup.cs b/mcs/class/referencesource/mscorlib/system/security/policy/firstmatchcodegroup.cs index 4700bbbe705..0afbd3c4c66 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/firstmatchcodegroup.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/firstmatchcodegroup.cs @@ -5,7 +5,7 @@ // ==--== // FirstMatchCodeGroup.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Representation for code groups used for the policy mechanism // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/gac.cs b/mcs/class/referencesource/mscorlib/system/security/policy/gac.cs index 78f0eea16dd..a6abea898e4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/gac.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/gac.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/gacmembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/gacmembershipcondition.cs index fc96793581a..84d65e5e3f7 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/gacmembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/gacmembershipcondition.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/hash.cs b/mcs/class/referencesource/mscorlib/system/security/policy/hash.cs index 9705ad9897f..184faec0ee7 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/hash.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/hash.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -424,25 +424,8 @@ namespace System.Security.Policy else if (hashAlgorithm.IsAssignableFrom(typeof(SHA256))) { // The managed SHA256 implementation is not a FIPS certified implementation, however on - // Windows 2003 and higher we have a FIPS alternative. If we're on Windows 2003 or better, - // use the CAPI implementation - otherwise, we fall back to the managed implementation if - // FIPS is not enabled. - Version osVersion = Environment.OSVersion.Version; - bool isWin2k3OrHigher = Environment.RunningOnWinNT && - (osVersion.Major > 5 || (osVersion.Major == 5 && osVersion.Minor >= 2)); - - if (isWin2k3OrHigher) - { - return Type.GetType("System.Security.Cryptography.SHA256CryptoServiceProvider, " + AssemblyRef.SystemCore); - } - else if (!CryptoConfig.AllowOnlyFipsAlgorithms) - { - return typeof(SHA256Managed); - } - else - { - return null; - } + // we have a FIPS alternative. + return Type.GetType("System.Security.Cryptography.SHA256CryptoServiceProvider, " + AssemblyRef.SystemCore); } else { diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/hashmembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/hashmembershipcondition.cs index befd3261ff2..690034bc65c 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/hashmembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/hashmembershipcondition.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/iapplicationtrustmanager.cs b/mcs/class/referencesource/mscorlib/system/security/policy/iapplicationtrustmanager.cs index 46990db4863..194bfbdce7a 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/iapplicationtrustmanager.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/iapplicationtrustmanager.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/iconstantmembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/iconstantmembershipcondition.cs index adec0e0b96c..fc1107a1d98 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/iconstantmembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/iconstantmembershipcondition.cs @@ -5,7 +5,7 @@ // ==--== // IConstantMembershipCondition.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // Interface that all constant membership conditions must implement // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/idelayevaluatedevidence.cs b/mcs/class/referencesource/mscorlib/system/security/policy/idelayevaluatedevidence.cs index e695ef7b33c..407a424e917 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/idelayevaluatedevidence.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/idelayevaluatedevidence.cs @@ -33,4 +33,4 @@ namespace System.Security.Policy { /// </summary> void MarkUsed(); } -} +}
\ No newline at end of file diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/iidentitypermissionfactory.cs b/mcs/class/referencesource/mscorlib/system/security/policy/iidentitypermissionfactory.cs index 88bfe5f1652..617328d6f4f 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/iidentitypermissionfactory.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/iidentitypermissionfactory.cs @@ -5,7 +5,7 @@ // ==--== // IIdentityPermissionFactory.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // All Identities will implement this interface. // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/imembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/imembershipcondition.cs index be9da01d7e9..5885ba1dc1a 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/imembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/imembershipcondition.cs @@ -5,7 +5,7 @@ // ==--== // IMembershipCondition.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // Interface that all MembershipConditions must implement // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/iruntimeevidencefactory.cs b/mcs/class/referencesource/mscorlib/system/security/policy/iruntimeevidencefactory.cs index 3acfbf41145..64b8f9a1482 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/iruntimeevidencefactory.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/iruntimeevidencefactory.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // using System; diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/netcodegroup.cs b/mcs/class/referencesource/mscorlib/system/security/policy/netcodegroup.cs index 17fe906c481..5916875e672 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/netcodegroup.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/netcodegroup.cs @@ -5,7 +5,7 @@ // ==--== // NetCodeGroup.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Representation for code groups used for the policy mechanism // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/pefileevidencefactory.cs b/mcs/class/referencesource/mscorlib/system/security/policy/pefileevidencefactory.cs index 266e7b5f9ca..b70b1d262c2 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/pefileevidencefactory.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/pefileevidencefactory.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using System; @@ -25,7 +25,7 @@ using Microsoft.Win32.SafeHandles; namespace System.Security.Policy { /// <summary> - /// Arguments to the ETW evidence generation event. This enumeration should be kept in [....] with + /// Arguments to the ETW evidence generation event. This enumeration should be kept in sync with /// the VM enumeration EvidenceType in SecurityPolicy.h. /// </summary> internal enum EvidenceTypeGenerated diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/permissionrequestevidence.cs b/mcs/class/referencesource/mscorlib/system/security/policy/permissionrequestevidence.cs index e4826330f82..ed71bdab120 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/permissionrequestevidence.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/permissionrequestevidence.cs @@ -5,7 +5,7 @@ // ==--== // PermissionRequestEvidence.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Encapsulation of permission request as an evidence type. // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/policyexception.cs b/mcs/class/referencesource/mscorlib/system/security/policy/policyexception.cs index c0716d3c61a..11ef230b648 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/policyexception.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/policyexception.cs @@ -5,7 +5,7 @@ // ==--== // PolicyException.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Use this class to throw a PolicyException // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/policylevel.cs b/mcs/class/referencesource/mscorlib/system/security/policy/policylevel.cs index 5a766ce01fb..10def8e6810 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/policylevel.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/policylevel.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/policystatement.cs b/mcs/class/referencesource/mscorlib/system/security/policy/policystatement.cs index 35e7033408c..9dbb1239fe2 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/policystatement.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/policystatement.cs @@ -6,7 +6,7 @@ using System.Diagnostics.Contracts; // ==--== // PolicyStatement.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Represents the policy associated with some piece of evidence // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/publisher.cs b/mcs/class/referencesource/mscorlib/system/security/policy/publisher.cs index b28e9c13bbb..1234d776ca7 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/publisher.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/publisher.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/publishermembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/publishermembershipcondition.cs index 3c6dda1f414..c3da15b832c 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/publishermembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/publishermembershipcondition.cs @@ -5,7 +5,7 @@ // ==--== // PublisherMembershipCondition.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Implementation of membership condition for X509 certificate based publishers // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/site.cs b/mcs/class/referencesource/mscorlib/system/security/policy/site.cs index 86ef1763ada..c18dc21604c 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/site.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/site.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/sitemembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/sitemembershipcondition.cs index 4dc9af6f3a0..067d63f24c1 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/sitemembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/sitemembershipcondition.cs @@ -6,7 +6,7 @@ using System.Diagnostics.Contracts; // ==--== // SiteMembershipCondition.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Implementation of membership condition for zones // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/strongname.cs b/mcs/class/referencesource/mscorlib/system/security/policy/strongname.cs index 775d5d75d96..4714828772d 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/strongname.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/strongname.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/strongnamemembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/strongnamemembershipcondition.cs index afd302a4950..c6470c861c6 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/strongnamemembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/strongnamemembershipcondition.cs @@ -5,7 +5,7 @@ // ==--== // StrongNameMembershipCondition.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Implementation of membership condition for zones // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/unioncodegroup.cs b/mcs/class/referencesource/mscorlib/system/security/policy/unioncodegroup.cs index 4d6570786dd..470d0fb8a6e 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/unioncodegroup.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/unioncodegroup.cs @@ -5,7 +5,7 @@ // ==--== // UnionCodeGroup.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Representation for code groups used for the policy mechanism // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/url.cs b/mcs/class/referencesource/mscorlib/system/security/policy/url.cs index b41f2cfe580..632d2ce3d7a 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/url.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/url.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/urlmembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/urlmembershipcondition.cs index 2891234f930..a8745a5cbb9 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/urlmembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/urlmembershipcondition.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/zone.cs b/mcs/class/referencesource/mscorlib/system/security/policy/zone.cs index 74f60e5ce9a..9942af9f271 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/zone.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/zone.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/policy/zonemembershipcondition.cs b/mcs/class/referencesource/mscorlib/system/security/policy/zonemembershipcondition.cs index 329ef5e6401..a9afd303393 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policy/zonemembershipcondition.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policy/zonemembershipcondition.cs @@ -6,7 +6,7 @@ using System.Diagnostics.Contracts; // ==--== // ZoneMembershipCondition.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Implementation of membership condition for zones // diff --git a/mcs/class/referencesource/mscorlib/system/security/policymanager.cs b/mcs/class/referencesource/mscorlib/system/security/policymanager.cs index ff35a450c87..814c460eed5 100644 --- a/mcs/class/referencesource/mscorlib/system/security/policymanager.cs +++ b/mcs/class/referencesource/mscorlib/system/security/policymanager.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -414,7 +414,7 @@ namespace System.Security { { if (FullTrustMap == null) { - // This mapping must stay in [....] with the SecurityZone enumeration in SecurityZone.cs + // This mapping must stay in sync with the SecurityZone enumeration in SecurityZone.cs FullTrustMap = new QuickCacheEntryType[] { QuickCacheEntryType.FullTrustZoneMyComputer, diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/genericidentity.cs b/mcs/class/referencesource/mscorlib/system/security/principal/genericidentity.cs index 02037c6391b..b771a70180f 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/genericidentity.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/genericidentity.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/genericprincipal.cs b/mcs/class/referencesource/mscorlib/system/security/principal/genericprincipal.cs index f2f6cacc626..ceac53d1bc2 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/genericprincipal.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/genericprincipal.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -63,7 +63,7 @@ namespace System.Security.Principal // // 4.5 4.5 Yes There should be a ClaimsIdentity, DebugAssert if this is not the case // If there are roles, attach them to the first ClaimsIdentity. - // If there is no non-null ClaimsIdentity, add one. However, this is unusual and may be a bug. + // If there is no non-null ClaimsIdentity, add one. However, this is unusual and may be a ClaimsIdentity firstNonNullIdentity = null; foreach (var identity in base.Identities) diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/identitynotmappedexception.cs b/mcs/class/referencesource/mscorlib/system/security/principal/identitynotmappedexception.cs index 8985f087ee9..f5f9bbabe9a 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/identitynotmappedexception.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/identitynotmappedexception.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using System; diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/identityreference.cs b/mcs/class/referencesource/mscorlib/system/security/principal/identityreference.cs index 3be7e0e96de..727c8ea733f 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/identityreference.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/identityreference.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using System; diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/iidentity.cs b/mcs/class/referencesource/mscorlib/system/security/principal/iidentity.cs index f73c0442b24..2601f13ed1a 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/iidentity.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/iidentity.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/iprincipal.cs b/mcs/class/referencesource/mscorlib/system/security/principal/iprincipal.cs index 045b8c001f9..82bc40bd85b 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/iprincipal.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/iprincipal.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/ircollection.cs b/mcs/class/referencesource/mscorlib/system/security/principal/ircollection.cs index 979704be569..3eff01e8d09 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/ircollection.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/ircollection.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> namespace System.Security.Principal { using System; @@ -212,9 +212,9 @@ namespace System.Security.Principal { // // Rare case that we have defined a type of identity reference and - // not included it in the code logic above (this is more like a bug in the implementation - // but only as long as we do not allow IdentityReference to be subclassed outside of the BCL) - // + // not included it in the code logic above (this is more like a + + Contract.Assert( false, "Source type is an IdentityReference type which has not been included in translation logic."); throw new SystemException(); } @@ -275,9 +275,9 @@ namespace System.Security.Principal { // // Rare case that we have defined a type of identity reference and - // not included it in the code logic above (this is more like a bug in the implementation - // but only as long as we do not allow IdentityReference to be subclassed outside of the BCL) - // + // not included it in the code logic above (this is more like a + + Contract.Assert( false, "Source type is an IdentityReference type which has not been included in translation logic."); throw new SystemException(); } @@ -372,9 +372,9 @@ namespace System.Security.Principal { // // Rare case that we have defined a type of identity reference and - // not included it in the code logic above (this is more like a bug in the implementation - // but only as long as we do not allow IdentityReference to be subclassed outside of the BCL) - // + // not included it in the code logic above (this is more like a + + Contract.Assert( false, "Source type is an IdentityReference type which has not been included in translation logic."); throw new SystemException(); } diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/ntaccount.cs b/mcs/class/referencesource/mscorlib/system/security/principal/ntaccount.cs index 291d56499dd..19b7ec76408 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/ntaccount.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/ntaccount.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using Microsoft.Win32; diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/principalpolicy.cs b/mcs/class/referencesource/mscorlib/system/security/principal/principalpolicy.cs index e29ba59d7c8..5d1ba55f0a4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/principalpolicy.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/principalpolicy.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/sid.cs b/mcs/class/referencesource/mscorlib/system/security/principal/sid.cs index bfc99ecf311..e8558b29568 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/sid.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/sid.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using System; diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/tokenaccesslevels.cs b/mcs/class/referencesource/mscorlib/system/security/principal/tokenaccesslevels.cs index 036fd811835..3e1d5392b48 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/tokenaccesslevels.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/tokenaccesslevels.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // namespace System.Security.Principal diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/tokenimpersonationlevel.cs b/mcs/class/referencesource/mscorlib/system/security/principal/tokenimpersonationlevel.cs index cf599ea99f2..90332cb5f8d 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/tokenimpersonationlevel.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/tokenimpersonationlevel.cs @@ -3,12 +3,12 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // namespace System.Security.Principal { -#if !FEATURE_NETCORE +#if !FEATURE_CORECLR [Serializable] [System.Runtime.InteropServices.ComVisible(true)] #endif @@ -19,4 +19,4 @@ namespace System.Security.Principal Impersonation = 3, Delegation = 4 } -} +}
\ No newline at end of file diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/win32.cs b/mcs/class/referencesource/mscorlib/system/security/principal/win32.cs index ec346c8450f..2aedb26bc2d 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/win32.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/win32.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using Microsoft.Win32; @@ -436,12 +436,12 @@ namespace System.Security.Principal [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.Process)] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity] - internal static extern int ImpersonateLoggedOnUser (SafeTokenHandle hToken); + internal static extern int ImpersonateLoggedOnUser (SafeAccessTokenHandle hToken); [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.Process)] [MethodImplAttribute(MethodImplOptions.InternalCall)] - internal static extern int OpenThreadToken (TokenAccessLevels dwDesiredAccess, WinSecurityContext OpenAs, out SafeTokenHandle phThreadToken); + internal static extern int OpenThreadToken (TokenAccessLevels dwDesiredAccess, WinSecurityContext OpenAs, out SafeAccessTokenHandle phThreadToken); [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.None)] @@ -451,7 +451,7 @@ namespace System.Security.Principal [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.None)] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity] - internal static extern int SetThreadToken(SafeTokenHandle hToken); + internal static extern int SetThreadToken(SafeAccessTokenHandle hToken); #endif } } diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/windowsidentity.cs b/mcs/class/referencesource/mscorlib/system/security/principal/windowsidentity.cs index 6ef59677443..87c57938e5b 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/windowsidentity.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/windowsidentity.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -46,7 +46,7 @@ namespace System.Security.Principal Anonymous = 3 } - // Keep in [....] with vm\comprincipal.h + // Keep in sync with vm\comprincipal.h internal enum WinSecurityContext { Thread = 1, // OpenAsSelf = false Process = 2, // OpenAsSelf = true @@ -67,13 +67,13 @@ namespace System.Security.Principal public class WindowsIdentity : IIdentity, ISerializable, IDeserializationCallback, IDisposable { #endif [System.Security.SecurityCritical] // auto-generated - static SafeTokenHandle s_invalidTokenHandle = SafeTokenHandle.InvalidHandle; + static SafeAccessTokenHandle s_invalidTokenHandle = SafeAccessTokenHandle.InvalidHandle; private string m_name = null; private SecurityIdentifier m_owner = null; private SecurityIdentifier m_user = null; private object m_groups = null; [System.Security.SecurityCritical] // auto-generated - private SafeTokenHandle m_safeTokenHandle = SafeTokenHandle.InvalidHandle; + private SafeAccessTokenHandle m_safeTokenHandle = SafeAccessTokenHandle.InvalidHandle; private string m_authType = null; private int m_isAuthenticated = -1; private volatile TokenImpersonationLevel m_impersonationLevel; @@ -125,7 +125,7 @@ namespace System.Security.Principal #endif [System.Security.SecurityCritical] // auto-generated - internal WindowsIdentity (SafeTokenHandle safeTokenHandle) : this (safeTokenHandle.DangerousGetHandle(), null, -1) { + internal WindowsIdentity (SafeAccessTokenHandle safeTokenHandle) : this (safeTokenHandle.DangerousGetHandle(), null, -1) { GC.KeepAlive(safeTokenHandle); } @@ -370,8 +370,8 @@ namespace System.Security.Principal get { if (m_isAuthenticated == -1) { - // There is a known bug where this approach will not work correctly for domain guests (will return false - // instead of true). But this is a corner-case that is not very interesting. + // There is a known + #if !FEATURE_CORECLR m_isAuthenticated = CheckNtTokenForSid(new SecurityIdentifier(IdentifierAuthority.NTAuthority, new int[] { Win32Native.SECURITY_AUTHENTICATED_USER_RID })) ? 1 : 0; @@ -400,7 +400,7 @@ namespace System.Security.Principal return false; // CheckTokenMembership expects an impersonation token - SafeTokenHandle token = SafeTokenHandle.InvalidHandle; + SafeAccessTokenHandle token = SafeAccessTokenHandle.InvalidHandle; TokenImpersonationLevel til = ImpersonationLevel; bool isMember = false; @@ -423,7 +423,7 @@ namespace System.Security.Principal throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error())); } finally { - if (token != SafeTokenHandle.InvalidHandle) { + if (token != SafeAccessTokenHandle.InvalidHandle) { token.Dispose(); } } @@ -562,9 +562,9 @@ namespace System.Security.Principal using (SafeLocalAllocHandle pGroups = GetTokenInformation(m_safeTokenHandle, TokenInformationClass.TokenGroups)) { uint groupCount = pGroups.Read<uint>(0); - // Work-around bug on WS03 that only populates the GroupCount field of TOKEN_GROUPS if the count is 0 - // In that situation, attempting to read the entire TOKEN_GROUPS structure will lead to InsufficientBuffer exception - // since the field is only 4 bytes long (uint only, for GroupCount), but we try to read more (including the pointer to GroupDetails). + // Work-around + + if (groupCount != 0) { @@ -608,6 +608,45 @@ namespace System.Security.Principal // // Public methods. // + [SecuritySafeCritical] + public static void RunImpersonated(SafeAccessTokenHandle safeAccessTokenHandle, Action action) + { + if (action == null) + throw new ArgumentNullException("action"); + + StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; + + WindowsIdentity wi = null; + if (!safeAccessTokenHandle.IsInvalid) + wi = new WindowsIdentity(safeAccessTokenHandle); + + using (WindowsImpersonationContext wiContext = SafeImpersonate(safeAccessTokenHandle, wi, ref stackMark)) + { + action(); + } + } + + [SecuritySafeCritical] + public static T RunImpersonated<T>(SafeAccessTokenHandle safeAccessTokenHandle, Func<T> func) + { + if (func == null) + throw new ArgumentNullException("func"); + + StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; + + WindowsIdentity wi = null; + if (!safeAccessTokenHandle.IsInvalid) + wi = new WindowsIdentity(safeAccessTokenHandle); + + T result = default(T); + using (WindowsImpersonationContext wiContext = SafeImpersonate(safeAccessTokenHandle, wi, ref stackMark)) + { + result = func(); + } + + return result; + } + [System.Security.SecuritySafeCritical] // auto-generated [DynamicSecurityMethodAttribute()] [ResourceExposure(ResourceScope.Process)] // Call from within a CER, or use a RunAsUser helper. @@ -658,17 +697,17 @@ namespace System.Security.Principal Dispose(true); } - // - // internal. - // - - internal SafeTokenHandle TokenHandle { + public SafeAccessTokenHandle AccessToken { [System.Security.SecurityCritical] // auto-generated get { return m_safeTokenHandle; } } + // + // internal. + // + [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.None)] [ResourceConsumption(ResourceScope.Process, ResourceScope.Process)] @@ -680,15 +719,15 @@ namespace System.Security.Principal [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.Process)] [ResourceConsumption(ResourceScope.Process)] - internal static WindowsImpersonationContext SafeImpersonate (SafeTokenHandle userToken, WindowsIdentity wi, ref StackCrawlMark stackMark) + internal static WindowsImpersonationContext SafeImpersonate (SafeAccessTokenHandle userToken, WindowsIdentity wi, ref StackCrawlMark stackMark) { bool isImpersonating; int hr = 0; - SafeTokenHandle safeTokenHandle = GetCurrentToken(TokenAccessLevels.MaximumAllowed, false, out isImpersonating, out hr); + SafeAccessTokenHandle safeTokenHandle = GetCurrentToken(TokenAccessLevels.MaximumAllowed, false, out isImpersonating, out hr); if (safeTokenHandle == null || safeTokenHandle.IsInvalid) throw new SecurityException(Win32Native.GetMessage(hr)); - // Set the SafeTokenHandle on the FSD: + // Set the SafeAccessTokenHandle on the FSD: FrameSecurityDescriptor secObj = SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true); if (secObj == null) { @@ -705,7 +744,7 @@ namespace System.Security.Principal Environment.FailFast(Win32Native.GetMessage(hr)); // update identity on the thread UpdateThreadWI(wi); - secObj.SetTokenHandles(safeTokenHandle, (wi == null?null:wi.TokenHandle)); + secObj.SetTokenHandles(safeTokenHandle, (wi == null?null:wi.AccessToken)); } else { hr = Win32.RevertToSelf(); if (hr < 0) @@ -716,7 +755,7 @@ namespace System.Security.Principal throw new SecurityException(Environment.GetResourceString("Argument_ImpersonateUser")); } UpdateThreadWI(wi); - secObj.SetTokenHandles(safeTokenHandle, (wi == null?null:wi.TokenHandle)); + secObj.SetTokenHandles(safeTokenHandle, (wi == null?null:wi.AccessToken)); } return context; @@ -758,7 +797,7 @@ namespace System.Security.Principal internal static WindowsIdentity GetCurrentInternal (TokenAccessLevels desiredAccess, bool threadOnly) { int hr = 0; bool isImpersonating; - SafeTokenHandle safeTokenHandle = GetCurrentToken(desiredAccess, threadOnly, out isImpersonating, out hr); + SafeAccessTokenHandle safeTokenHandle = GetCurrentToken(desiredAccess, threadOnly, out isImpersonating, out hr); if (safeTokenHandle == null || safeTokenHandle.IsInvalid) { // either we wanted only ThreadToken - return null if (threadOnly && !isImpersonating) @@ -803,9 +842,9 @@ namespace System.Security.Principal [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.Process)] [ResourceConsumption(ResourceScope.Process)] - private static SafeTokenHandle GetCurrentToken(TokenAccessLevels desiredAccess, bool threadOnly, out bool isImpersonating, out int hr) { + private static SafeAccessTokenHandle GetCurrentToken(TokenAccessLevels desiredAccess, bool threadOnly, out bool isImpersonating, out int hr) { isImpersonating = true; - SafeTokenHandle safeTokenHandle = GetCurrentThreadToken(desiredAccess, out hr); + SafeAccessTokenHandle safeTokenHandle = GetCurrentThreadToken(desiredAccess, out hr); if (safeTokenHandle == null && hr == GetHRForWin32Error(Win32Native.ERROR_NO_TOKEN)) { // No impersonation isImpersonating = false; @@ -818,9 +857,9 @@ namespace System.Security.Principal [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.Process)] [ResourceConsumption(ResourceScope.Process)] - private static SafeTokenHandle GetCurrentProcessToken (TokenAccessLevels desiredAccess, out int hr) { + private static SafeAccessTokenHandle GetCurrentProcessToken (TokenAccessLevels desiredAccess, out int hr) { hr = 0; - SafeTokenHandle safeTokenHandle; + SafeAccessTokenHandle safeTokenHandle; if (!Win32Native.OpenProcessToken(Win32Native.GetCurrentProcess(), desiredAccess, out safeTokenHandle)) hr = GetHRForWin32Error(Marshal.GetLastWin32Error()); return safeTokenHandle; @@ -829,8 +868,8 @@ namespace System.Security.Principal [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.Process)] [ResourceConsumption(ResourceScope.Process)] - internal static SafeTokenHandle GetCurrentThreadToken(TokenAccessLevels desiredAccess, out int hr) { - SafeTokenHandle safeTokenHandle; + internal static SafeAccessTokenHandle GetCurrentThreadToken(TokenAccessLevels desiredAccess, out int hr) { + SafeAccessTokenHandle safeTokenHandle; hr = Win32.OpenThreadToken(desiredAccess, WinSecurityContext.Both, out safeTokenHandle); return safeTokenHandle; } @@ -860,7 +899,7 @@ namespace System.Security.Principal [ResourceExposure(ResourceScope.Process)] [ResourceConsumption(ResourceScope.Process)] internal static ImpersonationQueryResult QueryImpersonation() { - SafeTokenHandle safeTokenHandle = null; + SafeAccessTokenHandle safeTokenHandle = null; int hr = Win32.OpenThreadToken(TokenAccessLevels.Query, WinSecurityContext.Thread, out safeTokenHandle); if (safeTokenHandle != null) { @@ -884,7 +923,7 @@ namespace System.Security.Principal } [System.Security.SecurityCritical] // auto-generated - private static Win32Native.LUID GetLogonAuthId (SafeTokenHandle safeTokenHandle) { + private static Win32Native.LUID GetLogonAuthId (SafeAccessTokenHandle safeTokenHandle) { using (SafeLocalAllocHandle pStatistics = GetTokenInformation(safeTokenHandle, TokenInformationClass.TokenStatistics)) { Win32Native.TOKEN_STATISTICS statistics = pStatistics.Read<Win32Native.TOKEN_STATISTICS>(0); return statistics.AuthenticationId; @@ -892,7 +931,7 @@ namespace System.Security.Principal } [System.Security.SecurityCritical] - private static SafeLocalAllocHandle GetTokenInformation (SafeTokenHandle tokenHandle, TokenInformationClass tokenInformationClass) { + private static SafeLocalAllocHandle GetTokenInformation (SafeAccessTokenHandle tokenHandle, TokenInformationClass tokenInformationClass) { SafeLocalAllocHandle safeLocalAllocHandle = SafeLocalAllocHandle.InvalidHandle; uint dwLength = (uint) Marshal.SizeOf(typeof(uint)); bool result = Win32Native.GetTokenInformation(tokenHandle, @@ -933,7 +972,7 @@ namespace System.Security.Principal #if FEATURE_CORRUPTING_EXCEPTIONS [HandleProcessCorruptedStateExceptions] // #endif // FEATURE_CORRUPTING_EXCEPTIONS - private unsafe static SafeTokenHandle KerbS4ULogon (string upn, ref SafeTokenHandle safeTokenHandle) + private unsafe static SafeAccessTokenHandle KerbS4ULogon (string upn, ref SafeAccessTokenHandle safeTokenHandle) { // source name byte[] sourceName = new byte[] { (byte)'C', (byte)'L', (byte)'R' }; // we set the source name to "CLR". @@ -1119,7 +1158,7 @@ namespace System.Security.Principal RuntimeHelpers.PrepareConstrainedRegions(); try { - if (!identity.m_safeTokenHandle.IsInvalid && identity.m_safeTokenHandle != SafeTokenHandle.InvalidHandle && identity.m_safeTokenHandle.DangerousGetHandle() != IntPtr.Zero) + if (!identity.m_safeTokenHandle.IsInvalid && identity.m_safeTokenHandle != SafeAccessTokenHandle.InvalidHandle && identity.m_safeTokenHandle.DangerousGetHandle() != IntPtr.Zero) { identity.m_safeTokenHandle.DangerousAddRef(ref mustDecrement); diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/windowsimpersonationcontext.cs b/mcs/class/referencesource/mscorlib/system/security/principal/windowsimpersonationcontext.cs index 0343e877711..5315ae7ba39 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/windowsimpersonationcontext.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/windowsimpersonationcontext.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -28,7 +28,7 @@ namespace System.Security.Principal [System.Runtime.InteropServices.ComVisible(true)] public class WindowsImpersonationContext : IDisposable { [System.Security.SecurityCritical] // auto-generated - private SafeTokenHandle m_safeTokenHandle = SafeTokenHandle.InvalidHandle; + private SafeAccessTokenHandle m_safeTokenHandle = SafeAccessTokenHandle.InvalidHandle; private WindowsIdentity m_wi; private FrameSecurityDescriptor m_fsd; @@ -38,7 +38,7 @@ namespace System.Security.Principal [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.None)] [ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)] - internal WindowsImpersonationContext (SafeTokenHandle safeTokenHandle, WindowsIdentity wi, bool isImpersonating, FrameSecurityDescriptor fsd) { + internal WindowsImpersonationContext (SafeAccessTokenHandle safeTokenHandle, WindowsIdentity wi, bool isImpersonating, FrameSecurityDescriptor fsd) { if (safeTokenHandle.IsInvalid) throw new ArgumentException(Environment.GetResourceString("Argument_InvalidImpersonationToken")); Contract.EndContractBlock(); diff --git a/mcs/class/referencesource/mscorlib/system/security/principal/windowsprincipal.cs b/mcs/class/referencesource/mscorlib/system/security/principal/windowsprincipal.cs index 12f44f8c588..6e60e7de374 100644 --- a/mcs/class/referencesource/mscorlib/system/security/principal/windowsprincipal.cs +++ b/mcs/class/referencesource/mscorlib/system/security/principal/windowsprincipal.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // @@ -232,13 +232,13 @@ namespace System.Security.Principal Contract.EndContractBlock(); // special case the anonymous identity. - if (m_identity.TokenHandle.IsInvalid) + if (m_identity.AccessToken.IsInvalid) return false; // CheckTokenMembership expects an impersonation token - SafeTokenHandle token = SafeTokenHandle.InvalidHandle; + SafeAccessTokenHandle token = SafeAccessTokenHandle.InvalidHandle; if (m_identity.ImpersonationLevel == TokenImpersonationLevel.None) { - if (!Win32Native.DuplicateTokenEx(m_identity.TokenHandle, + if (!Win32Native.DuplicateTokenEx(m_identity.AccessToken, (uint) TokenAccessLevels.Query, IntPtr.Zero, (uint) TokenImpersonationLevel.Identification, @@ -249,7 +249,7 @@ namespace System.Security.Principal bool isMember = false; // CheckTokenMembership will check if the SID is both present and enabled in the access token. - if (!Win32Native.CheckTokenMembership((m_identity.ImpersonationLevel != TokenImpersonationLevel.None ? m_identity.TokenHandle : token), + if (!Win32Native.CheckTokenMembership((m_identity.ImpersonationLevel != TokenImpersonationLevel.None ? m_identity.AccessToken : token), sid.BinaryForm, ref isMember)) throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error())); diff --git a/mcs/class/referencesource/mscorlib/system/security/readonlypermissionset.cs b/mcs/class/referencesource/mscorlib/system/security/readonlypermissionset.cs index 1b9e0ae98ed..8bb357870dd 100644 --- a/mcs/class/referencesource/mscorlib/system/security/readonlypermissionset.cs +++ b/mcs/class/referencesource/mscorlib/system/security/readonlypermissionset.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // using System; diff --git a/mcs/class/referencesource/mscorlib/system/security/safesecurityhandles.cs b/mcs/class/referencesource/mscorlib/system/security/safesecurityhandles.cs index 474c5c85441..460d619947d 100644 --- a/mcs/class/referencesource/mscorlib/system/security/safesecurityhandles.cs +++ b/mcs/class/referencesource/mscorlib/system/security/safesecurityhandles.cs @@ -1,4 +1,4 @@ -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> namespace Microsoft.Win32.SafeHandles { using System; using System.Runtime.CompilerServices; @@ -7,6 +7,41 @@ namespace Microsoft.Win32.SafeHandles { using System.Runtime.Versioning; using System.Security; + // Introduce this handle to replace internal SafeTokenHandle, + // which is mainly used to hold Windows thread or process access token + [SecurityCritical] + public sealed class SafeAccessTokenHandle : SafeHandle + { + private SafeAccessTokenHandle() + : base(IntPtr.Zero, true) + { } + + // 0 is an Invalid Handle + public SafeAccessTokenHandle(IntPtr handle) + : base(IntPtr.Zero, true) + { + SetHandle(handle); + } + + public static SafeAccessTokenHandle InvalidHandle + { + [SecurityCritical] + get { return new SafeAccessTokenHandle(IntPtr.Zero); } + } + + public override bool IsInvalid + { + [SecurityCritical] + get { return handle == IntPtr.Zero || handle == new IntPtr(-1); } + } + + [SecurityCritical] + protected override bool ReleaseHandle() + { + return Win32Native.CloseHandle(handle); + } + } + #if !FEATURE_PAL [System.Security.SecurityCritical] // auto-generated internal sealed class SafeLsaLogonProcessHandle : SafeHandleZeroOrMinusOneIsInvalid { @@ -130,27 +165,5 @@ namespace Microsoft.Win32.SafeHandles { } } - [System.Security.SecurityCritical] // auto-generated - internal sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid { - private SafeTokenHandle() : base (true) {} - - // 0 is an Invalid Handle - internal SafeTokenHandle(IntPtr handle) : base (true) { - SetHandle(handle); - } - - internal static SafeTokenHandle InvalidHandle { - get { return new SafeTokenHandle(IntPtr.Zero); } - } - - [System.Security.SecurityCritical] - [ResourceExposure(ResourceScope.None)] - [ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)] - override protected bool ReleaseHandle() - { - return Win32Native.CloseHandle(handle); - } - } - #endif // !FEATURE_PAL } diff --git a/mcs/class/referencesource/mscorlib/system/security/securestring.cs b/mcs/class/referencesource/mscorlib/system/security/securestring.cs index 6d06b7ce3eb..ca2e8aea6c1 100644 --- a/mcs/class/referencesource/mscorlib/system/security/securestring.cs +++ b/mcs/class/referencesource/mscorlib/system/security/securestring.cs @@ -1,4 +1,4 @@ -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> namespace System.Security { using System.Security.Cryptography; using System.Runtime.InteropServices; @@ -14,7 +14,6 @@ namespace System.Security { using Microsoft.Win32.SafeHandles; using System.Diagnostics.Contracts; -#if FEATURE_CRYPTO || FEATURE_X509_SECURESTRINGS || FEATURE_CORESYSTEM public sealed class SecureString: IDisposable { [System.Security.SecurityCritical] // auto-generated private SafeBSTRHandle m_buffer; @@ -544,12 +543,7 @@ namespace System.Security { ptr = Marshal.AllocHGlobal((length + 1) * 2); } else { -#if FEATURE_COMINTEROP ptr = Marshal.AllocCoTaskMem((length + 1) * 2); -#else // FEATURE_COMINTEROP - Contract.Assert(false, "allocateFromHeap must never be set to false when FEATURE_COMINTEROP isn't enabled!"); - throw new NotSupportedException(); -#endif // FEATURE_COMINTEROP } } @@ -579,12 +573,7 @@ namespace System.Security { Marshal.FreeHGlobal(ptr); } else { -#if FEATURE_COMINTEROP Marshal.FreeCoTaskMem(ptr); -#else // FEATURE_COMINTEROP - Contract.Assert(false, "allocateFromHeap must never be set to false when FEATURE_COMINTEROP isn't enabled!"); - throw new NotSupportedException(); -#endif // FEATURE_COMINTEROP } } } @@ -622,13 +611,8 @@ namespace System.Security { ptr = Marshal.AllocHGlobal(byteCount); } else { -#if FEATURE_COMINTEROP ptr = Marshal.AllocCoTaskMem(byteCount); -#else // FEATURE_COMINTEROP - Contract.Assert(false, "allocateFromHeap must never be set to false when FEATURE_COMINTEROP isn't enabled!"); - throw new NotSupportedException(); -#endif // FEATURE_COMINTEROP - } + } } if (ptr == IntPtr.Zero) { @@ -652,12 +636,7 @@ namespace System.Security { Marshal.FreeHGlobal(ptr); } else { -#if FEATURE_COMINTEROP Marshal.FreeCoTaskMem(ptr); -#else // FEATURE_COMINTEROP - Contract.Assert(false, "allocateFromHeap must never be set to false when FEATURE_COMINTEROP isn't enabled!"); - throw new NotSupportedException(); -#endif // FEATURE_COMINTEROP } } } @@ -696,7 +675,6 @@ namespace System.Security { } } } -#endif // FEATURE_CRYPTO || FEATURE_X509_SECURESTRINGS || FEATURE_CORESYSTEM [System.Security.SecurityCritical] // auto-generated [SuppressUnmanagedCodeSecurityAttribute()] diff --git a/mcs/class/referencesource/mscorlib/system/security/securitycontext.cs b/mcs/class/referencesource/mscorlib/system/security/securitycontext.cs index fa2785a6d32..2f3268e234c 100644 --- a/mcs/class/referencesource/mscorlib/system/security/securitycontext.cs +++ b/mcs/class/referencesource/mscorlib/system/security/securitycontext.cs @@ -6,7 +6,7 @@ ** ** Class: SecurityContext ** -** <OWNER>[....]</OWNER> +** <OWNER>Microsoft</OWNER> ** ** ** Purpose: Capture security context for a thread @@ -32,7 +32,7 @@ namespace System.Security using System.Runtime.Versioning; using System.Diagnostics.Contracts; - // This enum must be kept in [....] with the SecurityContextSource enum in the VM + // This enum must be kept in sync with the SecurityContextSource enum in the VM public enum SecurityContextSource { CurrentAppDomain = 0, @@ -519,7 +519,7 @@ namespace System.Security #if !FEATURE_PAL && FEATURE_IMPERSONATION if (WindowsIdentity != null) - sc._windowsIdentity = new WindowsIdentity(WindowsIdentity.TokenHandle); + sc._windowsIdentity = new WindowsIdentity(WindowsIdentity.AccessToken); #endif //!FEATURE_PAL && FEATURE_IMPERSONATION if (_compressedStack != null) @@ -539,7 +539,7 @@ namespace System.Security #if !FEATURE_PAL && FEATURE_IMPERSONATION if (this.WindowsIdentity != null) - sc._windowsIdentity = new WindowsIdentity(this.WindowsIdentity.TokenHandle); + sc._windowsIdentity = new WindowsIdentity(this.WindowsIdentity.AccessToken); #endif //!FEATURE_PAL && FEATURE_IMPERSONATION // @@ -592,7 +592,7 @@ namespace System.Security { WindowsIdentity currentIdentity = GetCurrentWI(currThreadEC); if (currentIdentity != null) - sc._windowsIdentity = new WindowsIdentity(currentIdentity.TokenHandle); + sc._windowsIdentity = new WindowsIdentity(currentIdentity.AccessToken); } else { @@ -685,7 +685,7 @@ namespace System.Security if (targetWI != null) { - SafeTokenHandle tokenHandle = targetWI.TokenHandle; + SafeAccessTokenHandle tokenHandle = targetWI.AccessToken; if (tokenHandle != null && !tokenHandle.IsInvalid) { hr = Win32.ImpersonateLoggedOnUser(tokenHandle); diff --git a/mcs/class/referencesource/mscorlib/system/security/securitydocument.cs b/mcs/class/referencesource/mscorlib/system/security/securitydocument.cs index fffcf0cbfdb..f0c95e2abab 100644 --- a/mcs/class/referencesource/mscorlib/system/security/securitydocument.cs +++ b/mcs/class/referencesource/mscorlib/system/security/securitydocument.cs @@ -7,7 +7,7 @@ // // CLASS: SecurityDocument.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // PURPOSE: Represent an XML document // diff --git a/mcs/class/referencesource/mscorlib/system/security/securityelement.cs b/mcs/class/referencesource/mscorlib/system/security/securityelement.cs index 8715f42ce95..e238ae5d77b 100644 --- a/mcs/class/referencesource/mscorlib/system/security/securityelement.cs +++ b/mcs/class/referencesource/mscorlib/system/security/securityelement.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security diff --git a/mcs/class/referencesource/mscorlib/system/security/securityexception.cs b/mcs/class/referencesource/mscorlib/system/security/securityexception.cs index 4b3a571a88d..d5fe3578526 100644 --- a/mcs/class/referencesource/mscorlib/system/security/securityexception.cs +++ b/mcs/class/referencesource/mscorlib/system/security/securityexception.cs @@ -7,7 +7,7 @@ ** ** Class: SecurityException ** -** <OWNER>[....]</OWNER> +** <OWNER>Microsoft</OWNER> ** ** ** Purpose: Exception class for security diff --git a/mcs/class/referencesource/mscorlib/system/security/securitymanager.cs b/mcs/class/referencesource/mscorlib/system/security/securitymanager.cs index 1a60f9bc4d2..777eb6ebfb4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/securitymanager.cs +++ b/mcs/class/referencesource/mscorlib/system/security/securitymanager.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/securityruntime.cs b/mcs/class/referencesource/mscorlib/system/security/securityruntime.cs index 1c874c24365..7989ee4dbd5 100644 --- a/mcs/class/referencesource/mscorlib/system/security/securityruntime.cs +++ b/mcs/class/referencesource/mscorlib/system/security/securityruntime.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security { diff --git a/mcs/class/referencesource/mscorlib/system/security/securitystate.cs b/mcs/class/referencesource/mscorlib/system/security/securitystate.cs index 126860c0008..0670730089d 100644 --- a/mcs/class/referencesource/mscorlib/system/security/securitystate.cs +++ b/mcs/class/referencesource/mscorlib/system/security/securitystate.cs @@ -2,7 +2,7 @@ // // Copyright (c) Microsoft Corporation. All rights reserved. // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> using System; using System.Security; @@ -22,7 +22,13 @@ namespace System.Security public bool IsStateAvailable() { AppDomainManager domainManager = AppDomainManager.CurrentAppDomainManager; +#if FEATURE_CORECLR + // CheckSecuritySettings only when appdomainManager is present. So if there is no + // appDomain Manager return true as by default coreclr runs in fulltrust. + return domainManager != null ? domainManager.CheckSecuritySettings(this) : true; +#else return domainManager != null ? domainManager.CheckSecuritySettings(this) : false; +#endif } // override this function and throw the appropriate public abstract void EnsureState(); diff --git a/mcs/class/referencesource/mscorlib/system/security/securityzone.cs b/mcs/class/referencesource/mscorlib/system/security/securityzone.cs index 8ed882510f6..8ed3f12767e 100644 --- a/mcs/class/referencesource/mscorlib/system/security/securityzone.cs +++ b/mcs/class/referencesource/mscorlib/system/security/securityzone.cs @@ -5,7 +5,7 @@ // ==--== // SecurityZone.cs // -// <OWNER>[....]</OWNER> +// <OWNER>ShawnFa</OWNER> // // Enumeration of the zones code can come from // diff --git a/mcs/class/referencesource/mscorlib/system/security/util/config.cs b/mcs/class/referencesource/mscorlib/system/security/util/config.cs index 135979dce40..3ddf27c3cfc 100644 --- a/mcs/class/referencesource/mscorlib/system/security/util/config.cs +++ b/mcs/class/referencesource/mscorlib/system/security/util/config.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/util/hex.cs b/mcs/class/referencesource/mscorlib/system/security/util/hex.cs index 9a7d22d4d5b..c072698526b 100644 --- a/mcs/class/referencesource/mscorlib/system/security/util/hex.cs +++ b/mcs/class/referencesource/mscorlib/system/security/util/hex.cs @@ -6,7 +6,7 @@ /* * Hex.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> * * Operations to convert to and from Hex * diff --git a/mcs/class/referencesource/mscorlib/system/security/util/parser.cs b/mcs/class/referencesource/mscorlib/system/security/util/parser.cs index 10b7aa70259..ef53c555fe4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/util/parser.cs +++ b/mcs/class/referencesource/mscorlib/system/security/util/parser.cs @@ -7,7 +7,7 @@ ** ** CLASS: Parser ** -** <OWNER>[....]</OWNER> +** <OWNER>Microsoft</OWNER> ** ** ** PURPOSE: Parse "Elementary XML", that is, XML without diff --git a/mcs/class/referencesource/mscorlib/system/security/util/sitestring.cs b/mcs/class/referencesource/mscorlib/system/security/util/sitestring.cs index 7e705d7cbd4..f78b85ba71b 100644 --- a/mcs/class/referencesource/mscorlib/system/security/util/sitestring.cs +++ b/mcs/class/referencesource/mscorlib/system/security/util/sitestring.cs @@ -5,7 +5,7 @@ // ==--== // SiteString // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Util { diff --git a/mcs/class/referencesource/mscorlib/system/security/util/stringexpressionset.cs b/mcs/class/referencesource/mscorlib/system/security/util/stringexpressionset.cs index 0d60a87d38b..ce34f9d68e9 100644 --- a/mcs/class/referencesource/mscorlib/system/security/util/stringexpressionset.cs +++ b/mcs/class/referencesource/mscorlib/system/security/util/stringexpressionset.cs @@ -5,7 +5,7 @@ // ==--== // StringExpressionSet // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Util { @@ -44,13 +44,9 @@ namespace System.Security.Util { protected static readonly char[] m_separators = { ';' }; protected static readonly char[] m_trimChars = { ' ' }; -#if !PLATFORM_UNIX + protected static readonly char m_directorySeparator = '\\'; protected static readonly char m_alternateDirectorySeparator = '/'; -#else - protected static readonly char m_directorySeparator = '/'; - protected static readonly char m_alternateDirectorySeparator = '\\'; -#endif // !PLATFORM_UNIX public StringExpressionSet() : this( true, null, false ) @@ -653,14 +649,10 @@ namespace System.Security.Util { return false; } -#if !PLATFORM_UNIX if (shortString.Length == 3 && shortString.EndsWith( ":\\", StringComparison.Ordinal ) && ((shortString[0] >= 'A' && shortString[0] <= 'Z') || (shortString[0] >= 'a' && shortString[0] <= 'z'))) -#else - if (shortString.Length == 1 && shortString[0]== m_directorySeparator) -#endif // !PLATFORM_UNIX return true; return longString[shortString.Length] == m_directorySeparator; @@ -756,8 +748,6 @@ namespace System.Security.Util { [ResourceConsumption(ResourceScope.Machine)] internal static String CanonicalizePath( String path, bool needFullPath ) { - -#if !PLATFORM_UNIX if (path.IndexOf( '~' ) != -1) { string longPath = null; @@ -767,7 +757,6 @@ namespace System.Security.Util { if (path.IndexOf( ':', 2 ) != -1) throw new NotSupportedException( Environment.GetResourceString( "Argument_PathFormatNotSupported" ) ); -#endif // !PLATFORM_UNIX if (needFullPath) { diff --git a/mcs/class/referencesource/mscorlib/system/security/util/tokenbasedset.cs b/mcs/class/referencesource/mscorlib/system/security/util/tokenbasedset.cs index 6f7fe1de29d..cbbb43c6398 100644 --- a/mcs/class/referencesource/mscorlib/system/security/util/tokenbasedset.cs +++ b/mcs/class/referencesource/mscorlib/system/security/util/tokenbasedset.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // diff --git a/mcs/class/referencesource/mscorlib/system/security/util/tokenbasedsetenumerator.cs b/mcs/class/referencesource/mscorlib/system/security/util/tokenbasedsetenumerator.cs index 4c18c5bcee5..a9dd114ddb9 100644 --- a/mcs/class/referencesource/mscorlib/system/security/util/tokenbasedsetenumerator.cs +++ b/mcs/class/referencesource/mscorlib/system/security/util/tokenbasedsetenumerator.cs @@ -5,7 +5,7 @@ // ==--== // TokenBasedSetEnumerator.cs // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security.Util diff --git a/mcs/class/referencesource/mscorlib/system/security/util/tokenizer.cs b/mcs/class/referencesource/mscorlib/system/security/util/tokenizer.cs index 3a9ab669422..f942b027ca3 100644 --- a/mcs/class/referencesource/mscorlib/system/security/util/tokenizer.cs +++ b/mcs/class/referencesource/mscorlib/system/security/util/tokenizer.cs @@ -7,7 +7,7 @@ ** ** CLASS: Tokenizer.cs ** -** <OWNER>[....]</OWNER> +** <OWNER>Microsoft</OWNER> ** ** ** PURPOSE: Tokenize "Elementary XML", that is, XML without diff --git a/mcs/class/referencesource/mscorlib/system/security/util/urlstring.cs b/mcs/class/referencesource/mscorlib/system/security/util/urlstring.cs index f879223682c..c97e70efcde 100644 --- a/mcs/class/referencesource/mscorlib/system/security/util/urlstring.cs +++ b/mcs/class/referencesource/mscorlib/system/security/util/urlstring.cs @@ -5,7 +5,7 @@ // ==--== // URLString // -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // // Implementation of membership condition for zones // @@ -32,9 +32,7 @@ namespace System.Security.Util { private String m_userpass; private SiteString m_siteString; private int m_port; -#if !PLATFORM_UNIX private LocalSiteString m_localSite; -#endif // !PLATFORM_UNIX private DirectoryString m_directory; private const String m_defaultProtocol = "file"; @@ -92,9 +90,7 @@ namespace System.Security.Util { m_userpass = ""; m_siteString = new SiteString(); m_port = -1; -#if !PLATFORM_UNIX m_localSite = null; -#endif // !PLATFORM_UNIX m_directory = new DirectoryString(); m_parseDeferred = false; } @@ -237,14 +233,9 @@ namespace System.Security.Util { } else if (url[index+1] != '\\') { -#if !PLATFORM_UNIX if (url.Length > index + 2 && url[index+1] == '/' && url[index+2] == '/') -#else - if (url.Length > index + 1 && - url[index+1] == '/' ) // UNIX style "file:/home/me" is allowed, so account for that -#endif // !PLATFORM_UNIX { m_protocol = url.Substring( 0, index ); @@ -266,23 +257,7 @@ namespace System.Security.Util { throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); } } -#if !PLATFORM_UNIX temp = url.Substring( index + 3 ); -#else - // In UNIX, we don't know how many characters we'll have to skip past. - // Skip past \, /, and : - // - for ( int j=index ; j<url.Length ; j++ ) - { - if ( url[j] != '\\' && url[j] != '/' && url[j] != ':' ) - { - index = j; - break; - } - } - - temp = url.Substring( index ); -#endif // !PLATFORM_UNIX } else { @@ -472,9 +447,7 @@ namespace System.Security.Util { // Do any misc massaging of data in the URL private String PreProcessURL(String url, bool isFileURL) { - -#if !PLATFORM_UNIX - if (isFileURL) { + if (isFileURL) { // Remove when the Path class supports "\\?\" url = PreProcessForExtendedPathRemoval(url, true, ref m_isUncShare); } @@ -482,34 +455,12 @@ namespace System.Security.Util { url = url.Replace('\\', '/'); } return url; -#else - // Remove superfluous '/' - // For UNIX, the file path would look something like: - // file:///home/johndoe/here - // file:/home/johndoe/here - // file:../johndoe/here - // file:~/johndoe/here - String temp = url; - int nbSlashes = 0; - while(nbSlashes<temp.Length && '/'==temp[nbSlashes]) - nbSlashes++; - - // if we get a path like file:///directory/name we need to convert - // this to /directory/name. - if(nbSlashes > 2) - temp = temp.Substring(nbSlashes-1, temp.Length - (nbSlashes-1)); - else if (2 == nbSlashes) /* it's a relative path */ - temp = temp.Substring(nbSlashes, temp.Length - nbSlashes); - return temp; -#endif // !PLATFORM_UNIX - } private void ParseFileURL(String url) { - String temp = url; -#if !PLATFORM_UNIX + int index = temp.IndexOf( '/'); if (index != -1 && @@ -604,9 +555,6 @@ namespace System.Security.Util { m_directory = new DirectoryString( directoryString, true); } } -#else // !PLATFORM_UNIX - m_directory = new DirectoryString( temp, true); -#endif // !PLATFORM_UNIX m_siteString = null; return; @@ -619,15 +567,12 @@ namespace System.Security.Util { if (index == -1) { -#if !PLATFORM_UNIX m_localSite = null; // for drive letter -#endif // !PLATFORM_UNIX m_siteString = new SiteString( temp ); m_directory = new DirectoryString(); } else { -#if !PLATFORM_UNIX String site = temp.Substring( 0, index ); m_localSite = null; m_siteString = new SiteString( site ); @@ -642,12 +587,6 @@ namespace System.Security.Util { { m_directory = new DirectoryString( directoryString, false ); } -#else - String directoryString = temp.Substring( index + 1 ); - String site = temp.Substring( 0, index ); - m_directory = new DirectoryString( directoryString, false ); - m_siteString = new SiteString( site ); -#endif //!PLATFORM_UNIX } return; } @@ -736,11 +675,7 @@ namespace System.Security.Util { } else { -#if !PLATFORM_UNIX return m_localSite.ToString(); -#else - return( "" ); -#endif // !PLATFORM_UNIX } } } @@ -791,22 +726,15 @@ namespace System.Security.Util { if (String.Equals(m_protocol, "file", StringComparison.OrdinalIgnoreCase) && !m_isUncShare) { -#if !PLATFORM_UNIX string host = m_localSite != null ? m_localSite.ToString() : null; // If the host name ends with the * character, treat this as an absolute URL since the * // could represent the rest of the full path. if (host.EndsWith('*')) return false; -#endif // !PLATFORM_UNIX string directory = m_directory != null ? m_directory.ToString() : null; -#if !PLATFORM_UNIX return host == null || host.Length < 2 || !host.EndsWith(':') || String.IsNullOrEmpty(directory); -#else - return String.IsNullOrEmpty(directory); -#endif // !PLATFORM_UNIX - } // Since this is not a local URL, it cannot be relative @@ -818,7 +746,6 @@ namespace System.Security.Util { { DoDeferredParse(); -#if !PLATFORM_UNIX if (String.Compare( m_protocol, "file", StringComparison.OrdinalIgnoreCase) != 0) return null; @@ -844,14 +771,6 @@ namespace System.Security.Util { directory += "\\" + intermediateDirectory; return directory; -#else - // In Unix, directory contains the full pathname - // (this is what we get in Win32) - if (String.Compare( m_protocol, "file", StringComparison.OrdinalIgnoreCase ) != 0) - return null; - - return this.Directory; -#endif // !PLATFORM_UNIX } @@ -859,7 +778,6 @@ namespace System.Security.Util { { DoDeferredParse(); -#if !PLATFORM_UNIX if (String.Compare( m_protocol, "file", StringComparison.OrdinalIgnoreCase ) != 0) return null; @@ -900,28 +818,6 @@ namespace System.Security.Util { } return directory; -#else - if (String.Compare( m_protocol, "file", StringComparison.OrdinalIgnoreCase) != 0) - return null; - - String directory = this.Directory.ToString(); - int slashIndex = 0; - for (int i = directory.Length; i > 0; i--) - { - if (directory[i-1] == '/') - { - slashIndex = i; - break; - } - } - - if (slashIndex > 0) - { - directory = directory.Substring( 0, slashIndex ); - } - - return directory; -#endif // !PLATFORM_UNIX } public override SiteString Copy() @@ -954,7 +850,6 @@ namespace System.Security.Util { if (String.Compare( normalUrl1.m_protocol, normalUrl2.m_protocol, StringComparison.OrdinalIgnoreCase) == 0 && normalUrl1.m_directory.IsSubsetOf( normalUrl2.m_directory )) { -#if !PLATFORM_UNIX if (normalUrl1.m_localSite != null) { // We do a little extra processing in here for local files since we allow @@ -963,7 +858,6 @@ namespace System.Security.Util { return normalUrl1.m_localSite.IsSubsetOf( normalUrl2.m_localSite ); } else -#endif // !PLATFORM_UNIX { if (normalUrl1.m_port != normalUrl2.m_port) return false; @@ -1002,7 +896,6 @@ namespace System.Security.Util { if (this.m_protocol != null) accumulator = info.GetCaseInsensitiveHashCode( this.m_protocol ); -#if !PLATFORM_UNIX if (this.m_localSite != null) { accumulator = accumulator ^ this.m_localSite.GetHashCode(); @@ -1012,11 +905,6 @@ namespace System.Security.Util { accumulator = accumulator ^ this.m_siteString.GetHashCode(); } accumulator = accumulator ^ this.m_directory.GetHashCode(); -#else - accumulator = accumulator ^ info.GetCaseInsensitiveHashCode(this.m_urlOriginal); -#endif // !PLATFORM_UNIX - - return accumulator; } @@ -1051,14 +939,9 @@ namespace System.Security.Util { if (String.Compare( normalUrl1.m_protocol, "file", StringComparison.OrdinalIgnoreCase) == 0) { -#if !PLATFORM_UNIX if (!normalUrl1.m_localSite.IsSubsetOf( normalUrl2.m_localSite ) || !normalUrl2.m_localSite.IsSubsetOf( normalUrl1.m_localSite )) return false; -#else - return url1.IsSubsetOf( url2 ) && - url2.IsSubsetOf( url1 ); -#endif // !PLATFORM_UNIX } else { @@ -1087,11 +970,7 @@ namespace System.Security.Util { if (String.Compare( m_protocol, "file", StringComparison.OrdinalIgnoreCase) == 0) { -#if !PLATFORM_UNIX builtUrl = builtUrl.AppendFormat("FILE:///{0}/{1}", m_localSite.ToString(), m_directory.ToString()); -#else - builtUrl = builtUrl.AppendFormat("FILE:///{0}", m_directory.ToString()); -#endif // !PLATFORM_UNIX } else { @@ -1105,8 +984,7 @@ namespace System.Security.Util { return StringBuilderCache.GetStringAndRelease(builtUrl).ToUpper(CultureInfo.InvariantCulture); } - -#if !PLATFORM_UNIX + [System.Security.SecuritySafeCritical] // auto-generated [ResourceExposure(ResourceScope.Machine)] [ResourceConsumption(ResourceScope.Machine)] @@ -1164,14 +1042,6 @@ namespace System.Security.Util { [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SuppressUnmanagedCodeSecurity] private static extern void GetDeviceName( String driveLetter, StringHandleOnStack retDeviceName ); - -#else - internal URLString SpecialNormalizeUrl() - { - return this; - } -#endif // !PLATFORM_UNIX - } @@ -1262,7 +1132,6 @@ namespace System.Security.Util { } } -#if !PLATFORM_UNIX [Serializable] internal class LocalSiteString : SiteString { @@ -1345,5 +1214,4 @@ namespace System.Security.Util { } } } -#endif // !PLATFORM_UNIX } diff --git a/mcs/class/referencesource/mscorlib/system/security/util/xmlutil.cs b/mcs/class/referencesource/mscorlib/system/security/util/xmlutil.cs index 936eaff9e40..ad0a9cb25a4 100644 --- a/mcs/class/referencesource/mscorlib/system/security/util/xmlutil.cs +++ b/mcs/class/referencesource/mscorlib/system/security/util/xmlutil.cs @@ -7,7 +7,7 @@ ** ** CLASS: XMLUtil ** -** <OWNER>[....]</OWNER> +** <OWNER>Microsoft</OWNER> ** ** PURPOSE: Helpers for XML input & output ** diff --git a/mcs/class/referencesource/mscorlib/system/security/verificationexception.cs b/mcs/class/referencesource/mscorlib/system/security/verificationexception.cs index 2e799519b29..90fc2eb72d6 100644 --- a/mcs/class/referencesource/mscorlib/system/security/verificationexception.cs +++ b/mcs/class/referencesource/mscorlib/system/security/verificationexception.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security { diff --git a/mcs/class/referencesource/mscorlib/system/security/xmlsyntaxexception.cs b/mcs/class/referencesource/mscorlib/system/security/xmlsyntaxexception.cs index 0ec69646c8a..2c64008ef87 100644 --- a/mcs/class/referencesource/mscorlib/system/security/xmlsyntaxexception.cs +++ b/mcs/class/referencesource/mscorlib/system/security/xmlsyntaxexception.cs @@ -3,7 +3,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== -// <OWNER>[....]</OWNER> +// <OWNER>Microsoft</OWNER> // namespace System.Security { |