2 // System.Security.Policy.Evidence
5 // Sean MacIsaac (macisaac@ximian.com)
6 // Nick Drochak (ndrochak@gol.com)
7 // Jackson Harper (Jackson@LatitudeGeo.com)
8 // Sebastien Pouliot <sebastien@ximian.com>
10 // (C) 2001 Ximian, Inc.
11 // Portions (C) 2003, 2004 Motus Technologies Inc. (http://www.motus.com)
12 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
14 // Permission is hereby granted, free of charge, to any person obtaining
15 // a copy of this software and associated documentation files (the
16 // "Software"), to deal in the Software without restriction, including
17 // without limitation the rights to use, copy, modify, merge, publish,
18 // distribute, sublicense, and/or sell copies of the Software, and to
19 // permit persons to whom the Software is furnished to do so, subject to
20 // the following conditions:
22 // The above copyright notice and this permission notice shall be
23 // included in all copies or substantial portions of the Software.
25 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
29 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
30 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
31 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using System.Collections;
35 using System.Globalization;
36 using System.Reflection;
37 using System.Runtime.CompilerServices;
38 using System.Runtime.InteropServices;
39 using System.Security.Permissions;
40 using System.Security.Cryptography.X509Certificates;
42 using Mono.Security.Authenticode;
44 namespace System.Security.Policy {
47 [MonoTODO ("Fix serialization compatibility with MS.NET")]
48 public sealed class Evidence : ICollection, IEnumerable {
51 private ArrayList hostEvidenceList;
52 private ArrayList assemblyEvidenceList;
53 private int _hashCode;
57 hostEvidenceList = ArrayList.Synchronized (new ArrayList ());
58 assemblyEvidenceList = ArrayList.Synchronized (new ArrayList ());
61 public Evidence (Evidence evidence) : this ()
67 public Evidence (object[] hostEvidence, object[] assemblyEvidence) : this ()
69 if (null != hostEvidence)
70 hostEvidenceList.AddRange (hostEvidence);
71 if (null != assemblyEvidence)
72 assemblyEvidenceList.AddRange (assemblyEvidence);
81 return (hostEvidenceList.Count + assemblyEvidenceList.Count);
85 public bool IsReadOnly {
89 public bool IsSynchronized {
93 // LAMESPEC: Always TRUE (not FALSE)
99 get { return _locked; }
101 new SecurityPermission (SecurityPermissionFlag.ControlEvidence).Demand ();
106 public object SyncRoot {
114 public void AddAssembly (object id)
116 assemblyEvidenceList.Add (id);
120 public void AddHost (object id)
123 new SecurityPermission (SecurityPermissionFlag.ControlEvidence).Demand ();
125 hostEvidenceList.Add (id);
133 hostEvidenceList.Clear ();
134 assemblyEvidenceList.Clear ();
139 public void CopyTo (Array array, int index)
141 if (hostEvidenceList.Count > 0)
142 hostEvidenceList.CopyTo (array, index);
143 if (assemblyEvidenceList.Count > 0)
144 assemblyEvidenceList.CopyTo (array, index + hostEvidenceList.Count);
149 public override bool Equals (object obj)
153 Evidence e = (obj as Evidence);
157 if (hostEvidenceList.Count != e.hostEvidenceList.Count)
159 if (assemblyEvidenceList.Count != e.assemblyEvidenceList.Count)
162 for (int i = 0; i < hostEvidenceList.Count; i++) {
164 for (int j = 0; j < e.hostEvidenceList.Count; i++) {
165 if (hostEvidenceList [i].Equals (e.hostEvidenceList [j])) {
173 for (int i = 0; i < assemblyEvidenceList.Count; i++) {
175 for (int j = 0; j < e.assemblyEvidenceList.Count; i++) {
176 if (assemblyEvidenceList [i].Equals (e.assemblyEvidenceList [j])) {
189 public IEnumerator GetEnumerator ()
191 return new EvidenceEnumerator (hostEvidenceList.GetEnumerator (),
192 assemblyEvidenceList.GetEnumerator ());
195 public IEnumerator GetAssemblyEnumerator ()
197 return assemblyEvidenceList.GetEnumerator ();
202 public override int GetHashCode ()
204 // kind of long so we cache it
205 if (_hashCode == 0) {
206 for (int i = 0; i < hostEvidenceList.Count; i++)
207 _hashCode ^= hostEvidenceList [i].GetHashCode ();
208 for (int i = 0; i < assemblyEvidenceList.Count; i++)
209 _hashCode ^= assemblyEvidenceList [i].GetHashCode ();
215 public IEnumerator GetHostEnumerator ()
217 return hostEvidenceList.GetEnumerator ();
220 public void Merge (Evidence evidence)
222 if ((evidence != null) && (evidence.Count > 0)) {
223 IEnumerator hostenum = evidence.GetHostEnumerator ();
224 while (hostenum.MoveNext ()) {
225 AddHost (hostenum.Current);
228 IEnumerator assemblyenum = evidence.GetAssemblyEnumerator ();
229 while (assemblyenum.MoveNext ()) {
230 AddAssembly (assemblyenum.Current);
238 public void RemoveType (Type t)
240 for (int i = hostEvidenceList.Count; i >= 0; i--) {
241 if (hostEvidenceList.GetType () == t) {
242 hostEvidenceList.RemoveAt (i);
246 for (int i = assemblyEvidenceList.Count; i >= 0; i--) {
247 if (assemblyEvidenceList.GetType () == t) {
248 assemblyEvidenceList.RemoveAt (i);
255 // Use an icall to avoid multiple file i/o to detect the
256 // "possible" presence of an Authenticode signature
257 [MethodImplAttribute (MethodImplOptions.InternalCall)]
258 static extern bool IsAuthenticodePresent (Assembly a);
260 // this avoid us to build all evidences from the runtime
261 // (i.e. multiple unmanaged->managed calls) and also allows
262 // to delay their creation until (if) needed
263 [FileIOPermission (SecurityAction.Assert, Unrestricted = true)]
264 static internal Evidence GetDefaultHostEvidence (Assembly a)
266 Evidence e = new Evidence ();
267 string aname = a.CodeBase;
269 // by default all assembly have the Zone, Url and Hash evidences
270 e.AddHost (Zone.CreateFromUrl (aname));
271 e.AddHost (new Url (aname));
272 e.AddHost (new Hash (a));
274 // non local files (e.g. http://) also get a Site evidence
275 if (String.Compare ("FILE://", 0, aname, 0, 7, true, CultureInfo.InvariantCulture) != 0) {
276 e.AddHost (Site.CreateFromUrl (aname));
279 // strongnamed assemblies gets a StrongName evidence
280 AssemblyName an = a.GetName ();
281 byte[] pk = an.GetPublicKey ();
282 if ((pk != null) && (pk.Length > 0)) {
283 StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob (pk);
284 e.AddHost (new StrongName (blob, an.Name, an.Version));
287 // Authenticode(r) signed assemblies get a Publisher evidence
288 if (IsAuthenticodePresent (a)) {
289 // Note: The certificate is part of the evidences even if it is not trusted!
290 // so we can't call X509Certificate.CreateFromSignedFile
291 AuthenticodeDeformatter ad = new AuthenticodeDeformatter (a.Location);
292 if (ad.SigningCertificate != null) {
293 X509Certificate x509 = new X509Certificate (ad.SigningCertificate.RawData);
294 if (x509.GetHashCode () != 0) {
295 e.AddHost (new Publisher (x509));
300 // assemblies loaded from the GAC also get a Gac evidence (new in Fx 2.0)
301 if (a.GlobalAssemblyCache) {
302 e.AddHost (new Gac ());
305 // the current HostSecurityManager may add/remove some evidence
306 AppDomainManager dommgr = AppDomain.CurrentDomain.DomainManager;
307 if (dommgr != null) {
308 if ((dommgr.HostSecurityManager.Flags & HostSecurityManagerFlags.HostAssemblyEvidence) ==
309 HostSecurityManagerFlags.HostAssemblyEvidence) {
310 e = dommgr.HostSecurityManager.ProvideAssemblyEvidence (a, e);
317 private class EvidenceEnumerator : IEnumerator {
319 private IEnumerator currentEnum, hostEnum, assemblyEnum;
321 public EvidenceEnumerator (IEnumerator hostenum, IEnumerator assemblyenum)
323 this.hostEnum = hostenum;
324 this.assemblyEnum = assemblyenum;
325 currentEnum = hostEnum;
328 public bool MoveNext ()
330 bool ret = currentEnum.MoveNext ();
332 if ( !ret && hostEnum == currentEnum ) {
333 currentEnum = assemblyEnum;
334 ret = assemblyEnum.MoveNext ();
343 assemblyEnum.Reset ();
344 currentEnum = hostEnum;
347 public object Current {
349 return currentEnum.Current;