2 // System.Security.Policy.Evidence
5 // Sean MacIsaac (macisaac@ximian.com)
6 // Nick Drochak (ndrochak@gol.com)
7 // Jackson Harper (Jackson@LatitudeGeo.com)
8 // Sebastien Pouliot <sebastien@ximian.com>
10 // (C) 2001 Ximian, Inc.
11 // Portions (C) 2003, 2004 Motus Technologies Inc. (http://www.motus.com)
12 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
14 // Permission is hereby granted, free of charge, to any person obtaining
15 // a copy of this software and associated documentation files (the
16 // "Software"), to deal in the Software without restriction, including
17 // without limitation the rights to use, copy, modify, merge, publish,
18 // distribute, sublicense, and/or sell copies of the Software, and to
19 // permit persons to whom the Software is furnished to do so, subject to
20 // the following conditions:
22 // The above copyright notice and this permission notice shall be
23 // included in all copies or substantial portions of the Software.
25 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
29 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
30 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
31 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using System.Collections;
35 using System.Globalization;
36 using System.Reflection;
37 using System.Runtime.CompilerServices;
38 using System.Runtime.InteropServices;
39 using System.Security.Permissions;
40 using System.Security.Cryptography.X509Certificates;
42 #if !NET_2_1 || MONOTOUCH
43 using Mono.Security.Authenticode;
46 namespace System.Security.Policy {
49 [MonoTODO ("Serialization format not compatible with .NET")]
51 public sealed class Evidence : ICollection, IEnumerable {
54 private ArrayList hostEvidenceList;
55 private ArrayList assemblyEvidenceList;
56 private int _hashCode;
62 public Evidence (Evidence evidence)
68 public Evidence (object[] hostEvidence, object[] assemblyEvidence)
70 if (null != hostEvidence)
71 HostEvidenceList.AddRange (hostEvidence);
72 if (null != assemblyEvidence)
73 AssemblyEvidenceList.AddRange (assemblyEvidence);
83 if (hostEvidenceList != null)
84 count += hostEvidenceList.Count;
85 if (assemblyEvidenceList!= null)
86 count += assemblyEvidenceList.Count;
91 public bool IsReadOnly {
95 public bool IsSynchronized {
100 get { return _locked; }
101 [SecurityPermission (SecurityAction.Demand, ControlEvidence = true)]
107 public object SyncRoot {
111 internal ArrayList HostEvidenceList {
113 if (hostEvidenceList == null)
114 hostEvidenceList = ArrayList.Synchronized (new ArrayList ());
115 return hostEvidenceList;
119 internal ArrayList AssemblyEvidenceList {
121 if (assemblyEvidenceList == null)
122 assemblyEvidenceList = ArrayList.Synchronized (new ArrayList ());
123 return assemblyEvidenceList;
131 public void AddAssembly (object id)
133 AssemblyEvidenceList.Add (id);
137 public void AddHost (object id)
139 if (_locked && SecurityManager.SecurityEnabled) {
140 new SecurityPermission (SecurityPermissionFlag.ControlEvidence).Demand ();
142 HostEvidenceList.Add (id);
149 if (hostEvidenceList != null)
150 hostEvidenceList.Clear ();
151 if (assemblyEvidenceList != null)
152 assemblyEvidenceList.Clear ();
156 public void CopyTo (Array array, int index)
159 if (hostEvidenceList != null) {
160 hc = hostEvidenceList.Count;
162 hostEvidenceList.CopyTo (array, index);
164 if ((assemblyEvidenceList != null) && (assemblyEvidenceList.Count > 0))
165 assemblyEvidenceList.CopyTo (array, index + hc);
169 public override bool Equals (object obj)
173 Evidence e = (obj as Evidence);
177 if (HostEvidenceList.Count != e.HostEvidenceList.Count)
179 if (AssemblyEvidenceList.Count != e.AssemblyEvidenceList.Count)
182 for (int i = 0; i < hostEvidenceList.Count; i++) {
184 for (int j = 0; j < e.hostEvidenceList.Count; i++) {
185 if (hostEvidenceList [i].Equals (e.hostEvidenceList [j])) {
193 for (int i = 0; i < assemblyEvidenceList.Count; i++) {
195 for (int j = 0; j < e.assemblyEvidenceList.Count; i++) {
196 if (assemblyEvidenceList [i].Equals (e.assemblyEvidenceList [j])) {
208 public IEnumerator GetEnumerator ()
210 IEnumerator he = null;
211 if (hostEvidenceList != null)
212 he = hostEvidenceList.GetEnumerator ();
213 IEnumerator ae = null;
214 if (assemblyEvidenceList != null)
215 ae = assemblyEvidenceList.GetEnumerator ();
216 return new EvidenceEnumerator (he, ae);
219 public IEnumerator GetAssemblyEnumerator ()
221 return AssemblyEvidenceList.GetEnumerator ();
225 public override int GetHashCode ()
227 // kind of long so we cache it
228 if (_hashCode == 0) {
229 if (hostEvidenceList != null) {
230 for (int i = 0; i < hostEvidenceList.Count; i++)
231 _hashCode ^= hostEvidenceList [i].GetHashCode ();
233 if (assemblyEvidenceList != null) {
234 for (int i = 0; i < assemblyEvidenceList.Count; i++)
235 _hashCode ^= assemblyEvidenceList [i].GetHashCode ();
241 public IEnumerator GetHostEnumerator ()
243 return HostEvidenceList.GetEnumerator ();
246 public void Merge (Evidence evidence)
248 if ((evidence != null) && (evidence.Count > 0)) {
249 if (evidence.hostEvidenceList != null) {
250 foreach (object o in evidence.hostEvidenceList)
253 if (evidence.assemblyEvidenceList != null) {
254 foreach (object o in evidence.assemblyEvidenceList)
262 public void RemoveType (Type t)
264 for (int i = hostEvidenceList.Count; i >= 0; i--) {
265 if (hostEvidenceList.GetType () == t) {
266 hostEvidenceList.RemoveAt (i);
270 for (int i = assemblyEvidenceList.Count; i >= 0; i--) {
271 if (assemblyEvidenceList.GetType () == t) {
272 assemblyEvidenceList.RemoveAt (i);
278 // Use an icall to avoid multiple file i/o to detect the
279 // "possible" presence of an Authenticode signature
280 [MethodImplAttribute (MethodImplOptions.InternalCall)]
281 static extern bool IsAuthenticodePresent (Assembly a);
283 static internal Evidence GetDefaultHostEvidence (Assembly a)
285 return new Evidence ();
288 // this avoid us to build all evidences from the runtime
289 // (i.e. multiple unmanaged->managed calls) and also allows
290 // to delay their creation until (if) needed
291 [FileIOPermission (SecurityAction.Assert, Unrestricted = true)]
292 static internal Evidence GetDefaultHostEvidence (Assembly a)
294 Evidence e = new Evidence ();
295 string aname = a.EscapedCodeBase;
297 // by default all assembly have the Zone, Url and Hash evidences
298 e.AddHost (Zone.CreateFromUrl (aname));
299 e.AddHost (new Url (aname));
300 e.AddHost (new Hash (a));
302 // non local files (e.g. http://) also get a Site evidence
303 if (String.Compare ("FILE://", 0, aname, 0, 7, true, CultureInfo.InvariantCulture) != 0) {
304 e.AddHost (Site.CreateFromUrl (aname));
307 // strongnamed assemblies gets a StrongName evidence
308 AssemblyName an = a.UnprotectedGetName ();
309 byte[] pk = an.GetPublicKey ();
310 if ((pk != null) && (pk.Length > 0)) {
311 StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob (pk);
312 e.AddHost (new StrongName (blob, an.Name, an.Version));
315 // Authenticode(r) signed assemblies get a Publisher evidence
316 if (IsAuthenticodePresent (a)) {
317 // Note: The certificate is part of the evidences even if it is not trusted!
318 // so we can't call X509Certificate.CreateFromSignedFile
319 AuthenticodeDeformatter ad = new AuthenticodeDeformatter (a.Location);
320 if (ad.SigningCertificate != null) {
321 X509Certificate x509 = new X509Certificate (ad.SigningCertificate.RawData);
322 if (x509.GetHashCode () != 0) {
323 e.AddHost (new Publisher (x509));
327 // assemblies loaded from the GAC also get a Gac evidence (new in Fx 2.0)
328 if (a.GlobalAssemblyCache) {
329 e.AddHost (new GacInstalled ());
332 // the current HostSecurityManager may add/remove some evidence
333 AppDomainManager dommgr = AppDomain.CurrentDomain.DomainManager;
334 if (dommgr != null) {
335 if ((dommgr.HostSecurityManager.Flags & HostSecurityManagerOptions.HostAssemblyEvidence) ==
336 HostSecurityManagerOptions.HostAssemblyEvidence) {
337 e = dommgr.HostSecurityManager.ProvideAssemblyEvidence (a, e);
346 private class EvidenceEnumerator : IEnumerator {
348 private IEnumerator currentEnum, hostEnum, assemblyEnum;
350 public EvidenceEnumerator (IEnumerator hostenum, IEnumerator assemblyenum)
352 this.hostEnum = hostenum;
353 this.assemblyEnum = assemblyenum;
354 currentEnum = hostEnum;
357 public bool MoveNext ()
359 if (currentEnum == null)
362 bool ret = currentEnum.MoveNext ();
364 if (!ret && (hostEnum == currentEnum) && (assemblyEnum != null)) {
365 currentEnum = assemblyEnum;
366 ret = assemblyEnum.MoveNext ();
374 if (hostEnum != null) {
376 currentEnum = hostEnum;
378 currentEnum = assemblyEnum;
380 if (assemblyEnum != null)
381 assemblyEnum.Reset ();
384 public object Current {
386 return currentEnum.Current;