MalwareSourceCode/MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-69bb73081eac86b8cf86f45e33515d0095855636967076e2b593d7a30cd80a07/Microsoft/InfoCards/InfoCardPolicy.cs
2022-08-18 06:28:56 -05:00

238 lines
10 KiB
C#

// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.InfoCardPolicy
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: 516D8B44-4448-4D2C-8B8E-FFBB3FFE472B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Expiro.w-69bb73081eac86b8cf86f45e33515d0095855636967076e2b593d7a30cd80a07.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.IO;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.Xml;
using System.Xml.Schema;
namespace Microsoft.InfoCards
{
internal class InfoCardPolicy
{
private static XmlNamespaceManager m_defNamespaces = XmlNames.CreateNamespaceManager((XmlNameTable) new NameTable());
private EndpointAddress m_issuer;
private string m_privacyPolicyLink = string.Empty;
private uint m_privacyPolicyVersion;
private bool m_isManaged;
private bool m_requiresManagedCard;
private RecipientIdentity m_immediateTokenRecipientIdentity;
private RecipientIdentity m_recipientIdentity;
private Policy m_policyPrimary;
private Policy m_policySecondary;
private Policy m_policyMerged;
private readonly PolicyUsageContext m_policyUsageContext;
public InfoCardPolicy(
EndpointAddress immediateTokenRecipient,
EndpointAddress issuer,
ParsedPolicy policy,
PolicyUsageContext policyUsageContext,
string privacyUrl,
uint privacyVersion,
RecipientIdentity recipientIdentity,
bool isManaged)
{
this.m_policyUsageContext = policyUsageContext;
this.m_issuer = issuer;
this.m_recipientIdentity = recipientIdentity;
this.m_immediateTokenRecipientIdentity = RecipientIdentity.CreateIdentity(immediateTokenRecipient, false);
this.m_isManaged = isManaged;
if (policy != null)
this.ParseIncomingPolicy(policy);
if (!InfoCardPolicy.IsSelfIssuedUriPresent(this.m_issuer) && issuer != (EndpointAddress) null && !Utility.CompareUri(issuer.Uri, new Uri("http://schemas.microsoft.com/2005/12/ServiceModel/Addressing/Anonymous")))
this.m_requiresManagedCard = true;
this.m_privacyPolicyLink = privacyUrl;
this.m_privacyPolicyVersion = privacyVersion;
}
private void ParseIncomingPolicy(ParsedPolicy parsedPolicy)
{
if (PolicyType.Composite == parsedPolicy.PolicyType)
{
try
{
this.m_policyPrimary = PolicyFactory.CreatePolicyFromUnwrappedPolicyXml(parsedPolicy.PolicyXmlPrimary);
this.m_policySecondary = PolicyFactory.CreatePolicyFromUnwrappedPolicyXml(parsedPolicy.PolicyXmlSecondary);
this.m_policyMerged = Policy.CreateMergedPolicy(parsedPolicy.PolicyXmlOriginal, this.m_policyPrimary, this.m_policySecondary);
}
catch (XmlSchemaValidationException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("SchemaValidationFailed"), (Exception) ex));
}
}
else if (parsedPolicy.PolicyType == PolicyType.PrimaryOnly)
{
try
{
this.m_policyPrimary = PolicyFactory.CreatePolicyFromUnwrappedPolicyXml(parsedPolicy.PolicyXmlPrimary);
this.m_policyMerged = this.m_policyPrimary;
}
catch (XmlSchemaValidationException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("SchemaValidationFailed"), (Exception) ex));
}
}
else
{
if (PolicyType.SecondaryOnly != parsedPolicy.PolicyType)
return;
try
{
this.m_policySecondary = PolicyFactory.CreatePolicyFromUnwrappedPolicyXml(parsedPolicy.PolicyXmlSecondary);
this.m_policyMerged = this.m_policySecondary;
}
catch (XmlSchemaValidationException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("SchemaValidationFailed"), (Exception) ex));
}
}
}
public Policy MergedPolicy => this.m_policyMerged;
public string RequestType => this.m_policyMerged.RequestType;
public Policy ClientPolicy => this.m_policyPrimary;
public Policy RelyingPartyPolicy => this.m_policySecondary;
public OptionalRstParameters OptionalRstParams => this.m_policyMerged.OptionalRstParams;
public string[] RequiredClaims => this.m_policyMerged.RequiredClaims;
public string[] OptionalClaims => this.m_policyMerged.OptionalClaims;
public SecurityKeyTypeInternal KeyType => this.m_policyMerged.KeyType;
public bool KeyTypeSpecified => this.m_policyMerged.KeyTypeSpecified;
public EndpointAddress PolicyAppliesTo => this.m_policyMerged.PolicyAppliesTo;
public MemoryStream UnprocessedPolicyElements => this.m_policyMerged.UnprocessedPolicyElements;
public bool KeySizeSpecified => this.m_policyMerged.KeySizeSpecified;
public uint KeySize => this.m_policyMerged.KeySize;
public bool NonWhiteListElementsFound => this.m_policyMerged.NonWhiteListElementsFound;
public List<string> NonWhiteListElements => this.m_policyMerged.NonWhiteListElements;
public ProtocolProfile ProtocolVersionProfile => this.m_policyMerged.ProtocolVersionProfile;
public RecipientIdentity ImmediateTokenRecipient => this.m_immediateTokenRecipientIdentity;
public EndpointAddress Issuer => this.m_issuer;
public RecipientIdentity Recipient => this.m_recipientIdentity;
public uint GetIntelligentKeySize(bool isSelfIssuedCardSelected)
{
if (isSelfIssuedCardSelected)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException());
if (SecurityKeyTypeInternal.AsymmetricKey == this.KeyType)
return 2048;
if (this.KeyType == SecurityKeyTypeInternal.SymmetricKey)
return !this.KeySizeSpecified ? (uint) SecurityAlgorithmSuite.Default.DefaultSymmetricKeyLength : this.KeySize;
InfoCardTrace.Assert(false, "Should access this property only in managed card non-no proof key scenario");
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException());
}
public string GetKeyTypeString()
{
switch (this.KeyType)
{
case SecurityKeyTypeInternal.SymmetricKey:
return this.m_policyMerged.ProtocolVersionProfile.WSTrust.KeyTypeSymmetric.ToString();
case SecurityKeyTypeInternal.AsymmetricKey:
return this.m_policyMerged.ProtocolVersionProfile.WSTrust.KeyTypeAsymmetric.ToString();
case SecurityKeyTypeInternal.NoKey:
return this.m_policyMerged.ProtocolVersionProfile.WSTrust.KeyTypeBearer.ToString();
default:
InfoCardTrace.Assert(false, "Impossible condition in code");
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException());
}
}
public string PrivacyPolicyLink => this.m_privacyPolicyLink;
public uint PrivacyPolicyVersion => this.m_privacyPolicyVersion;
public bool IsManaged => this.m_isManaged;
public bool RequiresManagedCard => this.m_requiresManagedCard;
public bool RequiresSelfIssuedCard => !((EndpointAddress) null == this.m_issuer) && Utility.CompareUri(this.m_issuer.Uri, new Uri("http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self"));
public void SetRecipientInfo(
RecipientIdentity recipientIdentity,
string privacyUrl,
uint privacyVersion)
{
this.m_recipientIdentity = recipientIdentity;
this.m_privacyPolicyLink = privacyUrl;
this.m_privacyPolicyVersion = privacyVersion;
}
private void ComputeRequiresManagedCardFlag()
{
if (this.m_policyMerged.NonWhiteListElementsFound)
this.m_requiresManagedCard = true;
foreach (string requiredClaim in this.m_policyMerged.RequiredClaims)
{
if (!PolicyUtility.IsSelfIssuedClaim(requiredClaim))
this.m_requiresManagedCard = true;
}
if (!string.IsNullOrEmpty(this.m_policyMerged.OptionalRstParams.TokenType) && !PolicyUtility.IsSelfIssuedTokenType(this.m_policyMerged.OptionalRstParams.TokenType))
this.m_requiresManagedCard = true;
if (!(this.m_immediateTokenRecipientIdentity is X509RecipientIdentity) && this.m_policyMerged.KeyType == SecurityKeyTypeInternal.SymmetricKey)
this.m_requiresManagedCard = true;
if (string.IsNullOrEmpty(this.m_policyMerged.OptionalRstParams.KeyWrapAlgorithm) || !(this.m_policyMerged.OptionalRstParams.KeyWrapAlgorithm != SecurityAlgorithmSuite.Default.DefaultAsymmetricKeyWrapAlgorithm))
return;
this.m_requiresManagedCard = true;
}
private void FillComputedPolicy() => this.ComputeRequiresManagedCardFlag();
public void Validate()
{
bool flag = this.m_policyMerged.RequiredClaims == null || 0 == this.m_policyMerged.RequiredClaims.Length;
PolicyValidator policyValidator;
if (this.m_policyUsageContext == PolicyUsageContext.Browser)
{
if (flag)
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("NoClaimsFoundInPolicy")));
this.FillComputedPolicy();
policyValidator = (PolicyValidator) new BrowserPolicyValidator(this);
}
else if (PolicyUsageContext.GetToken == this.m_policyUsageContext)
{
if (flag)
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("NoClaimsFoundInPolicy")));
this.FillComputedPolicy();
policyValidator = new PolicyValidator(this);
}
else
policyValidator = (PolicyValidator) new IntermediatePolicyValidator(this);
policyValidator.Validate();
}
public void ThrowIfNonPpidClaimsPresent()
{
InfoCardTrace.ThrowInvalidArgumentConditional(this.m_policyMerged.RequiredClaims == null || this.m_policyMerged.OptionalClaims == null, "claims");
if (this.m_policyMerged.RequiredClaims.Length != 1 || !(this.m_policyMerged.RequiredClaims[0] == InfoCardConstants.PPIDClaimsUri) || this.m_policyMerged.OptionalClaims.Length != 0)
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("IPStsPolicyRequestingNonPpidClaims")));
}
public static bool IsSelfIssuedUriPresent(EndpointAddress address) => !((EndpointAddress) null == address) && Utility.CompareUri(address.Uri, XmlNames.WSIdentity.SelfIssuerUriValue);
}
}