mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-19 09:56:10 +00:00
f2ac1ece55
add
238 lines
10 KiB
C#
238 lines
10 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: Microsoft.InfoCards.InfoCardPolicy
|
|
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
|
|
// MVID: 516D8B44-4448-4D2C-8B8E-FFBB3FFE472B
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Expiro.w-69bb73081eac86b8cf86f45e33515d0095855636967076e2b593d7a30cd80a07.exe
|
|
|
|
using Microsoft.InfoCards.Diagnostics;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.IO;
|
|
using System.ServiceModel;
|
|
using System.ServiceModel.Security;
|
|
using System.Xml;
|
|
using System.Xml.Schema;
|
|
|
|
namespace Microsoft.InfoCards
|
|
{
|
|
internal class InfoCardPolicy
|
|
{
|
|
private static XmlNamespaceManager m_defNamespaces = XmlNames.CreateNamespaceManager((XmlNameTable) new NameTable());
|
|
private EndpointAddress m_issuer;
|
|
private string m_privacyPolicyLink = string.Empty;
|
|
private uint m_privacyPolicyVersion;
|
|
private bool m_isManaged;
|
|
private bool m_requiresManagedCard;
|
|
private RecipientIdentity m_immediateTokenRecipientIdentity;
|
|
private RecipientIdentity m_recipientIdentity;
|
|
private Policy m_policyPrimary;
|
|
private Policy m_policySecondary;
|
|
private Policy m_policyMerged;
|
|
private readonly PolicyUsageContext m_policyUsageContext;
|
|
|
|
public InfoCardPolicy(
|
|
EndpointAddress immediateTokenRecipient,
|
|
EndpointAddress issuer,
|
|
ParsedPolicy policy,
|
|
PolicyUsageContext policyUsageContext,
|
|
string privacyUrl,
|
|
uint privacyVersion,
|
|
RecipientIdentity recipientIdentity,
|
|
bool isManaged)
|
|
{
|
|
this.m_policyUsageContext = policyUsageContext;
|
|
this.m_issuer = issuer;
|
|
this.m_recipientIdentity = recipientIdentity;
|
|
this.m_immediateTokenRecipientIdentity = RecipientIdentity.CreateIdentity(immediateTokenRecipient, false);
|
|
this.m_isManaged = isManaged;
|
|
if (policy != null)
|
|
this.ParseIncomingPolicy(policy);
|
|
if (!InfoCardPolicy.IsSelfIssuedUriPresent(this.m_issuer) && issuer != (EndpointAddress) null && !Utility.CompareUri(issuer.Uri, new Uri("http://schemas.microsoft.com/2005/12/ServiceModel/Addressing/Anonymous")))
|
|
this.m_requiresManagedCard = true;
|
|
this.m_privacyPolicyLink = privacyUrl;
|
|
this.m_privacyPolicyVersion = privacyVersion;
|
|
}
|
|
|
|
private void ParseIncomingPolicy(ParsedPolicy parsedPolicy)
|
|
{
|
|
if (PolicyType.Composite == parsedPolicy.PolicyType)
|
|
{
|
|
try
|
|
{
|
|
this.m_policyPrimary = PolicyFactory.CreatePolicyFromUnwrappedPolicyXml(parsedPolicy.PolicyXmlPrimary);
|
|
this.m_policySecondary = PolicyFactory.CreatePolicyFromUnwrappedPolicyXml(parsedPolicy.PolicyXmlSecondary);
|
|
this.m_policyMerged = Policy.CreateMergedPolicy(parsedPolicy.PolicyXmlOriginal, this.m_policyPrimary, this.m_policySecondary);
|
|
}
|
|
catch (XmlSchemaValidationException ex)
|
|
{
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("SchemaValidationFailed"), (Exception) ex));
|
|
}
|
|
}
|
|
else if (parsedPolicy.PolicyType == PolicyType.PrimaryOnly)
|
|
{
|
|
try
|
|
{
|
|
this.m_policyPrimary = PolicyFactory.CreatePolicyFromUnwrappedPolicyXml(parsedPolicy.PolicyXmlPrimary);
|
|
this.m_policyMerged = this.m_policyPrimary;
|
|
}
|
|
catch (XmlSchemaValidationException ex)
|
|
{
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("SchemaValidationFailed"), (Exception) ex));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (PolicyType.SecondaryOnly != parsedPolicy.PolicyType)
|
|
return;
|
|
try
|
|
{
|
|
this.m_policySecondary = PolicyFactory.CreatePolicyFromUnwrappedPolicyXml(parsedPolicy.PolicyXmlSecondary);
|
|
this.m_policyMerged = this.m_policySecondary;
|
|
}
|
|
catch (XmlSchemaValidationException ex)
|
|
{
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("SchemaValidationFailed"), (Exception) ex));
|
|
}
|
|
}
|
|
}
|
|
|
|
public Policy MergedPolicy => this.m_policyMerged;
|
|
|
|
public string RequestType => this.m_policyMerged.RequestType;
|
|
|
|
public Policy ClientPolicy => this.m_policyPrimary;
|
|
|
|
public Policy RelyingPartyPolicy => this.m_policySecondary;
|
|
|
|
public OptionalRstParameters OptionalRstParams => this.m_policyMerged.OptionalRstParams;
|
|
|
|
public string[] RequiredClaims => this.m_policyMerged.RequiredClaims;
|
|
|
|
public string[] OptionalClaims => this.m_policyMerged.OptionalClaims;
|
|
|
|
public SecurityKeyTypeInternal KeyType => this.m_policyMerged.KeyType;
|
|
|
|
public bool KeyTypeSpecified => this.m_policyMerged.KeyTypeSpecified;
|
|
|
|
public EndpointAddress PolicyAppliesTo => this.m_policyMerged.PolicyAppliesTo;
|
|
|
|
public MemoryStream UnprocessedPolicyElements => this.m_policyMerged.UnprocessedPolicyElements;
|
|
|
|
public bool KeySizeSpecified => this.m_policyMerged.KeySizeSpecified;
|
|
|
|
public uint KeySize => this.m_policyMerged.KeySize;
|
|
|
|
public bool NonWhiteListElementsFound => this.m_policyMerged.NonWhiteListElementsFound;
|
|
|
|
public List<string> NonWhiteListElements => this.m_policyMerged.NonWhiteListElements;
|
|
|
|
public ProtocolProfile ProtocolVersionProfile => this.m_policyMerged.ProtocolVersionProfile;
|
|
|
|
public RecipientIdentity ImmediateTokenRecipient => this.m_immediateTokenRecipientIdentity;
|
|
|
|
public EndpointAddress Issuer => this.m_issuer;
|
|
|
|
public RecipientIdentity Recipient => this.m_recipientIdentity;
|
|
|
|
public uint GetIntelligentKeySize(bool isSelfIssuedCardSelected)
|
|
{
|
|
if (isSelfIssuedCardSelected)
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException());
|
|
if (SecurityKeyTypeInternal.AsymmetricKey == this.KeyType)
|
|
return 2048;
|
|
if (this.KeyType == SecurityKeyTypeInternal.SymmetricKey)
|
|
return !this.KeySizeSpecified ? (uint) SecurityAlgorithmSuite.Default.DefaultSymmetricKeyLength : this.KeySize;
|
|
InfoCardTrace.Assert(false, "Should access this property only in managed card non-no proof key scenario");
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException());
|
|
}
|
|
|
|
public string GetKeyTypeString()
|
|
{
|
|
switch (this.KeyType)
|
|
{
|
|
case SecurityKeyTypeInternal.SymmetricKey:
|
|
return this.m_policyMerged.ProtocolVersionProfile.WSTrust.KeyTypeSymmetric.ToString();
|
|
case SecurityKeyTypeInternal.AsymmetricKey:
|
|
return this.m_policyMerged.ProtocolVersionProfile.WSTrust.KeyTypeAsymmetric.ToString();
|
|
case SecurityKeyTypeInternal.NoKey:
|
|
return this.m_policyMerged.ProtocolVersionProfile.WSTrust.KeyTypeBearer.ToString();
|
|
default:
|
|
InfoCardTrace.Assert(false, "Impossible condition in code");
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException());
|
|
}
|
|
}
|
|
|
|
public string PrivacyPolicyLink => this.m_privacyPolicyLink;
|
|
|
|
public uint PrivacyPolicyVersion => this.m_privacyPolicyVersion;
|
|
|
|
public bool IsManaged => this.m_isManaged;
|
|
|
|
public bool RequiresManagedCard => this.m_requiresManagedCard;
|
|
|
|
public bool RequiresSelfIssuedCard => !((EndpointAddress) null == this.m_issuer) && Utility.CompareUri(this.m_issuer.Uri, new Uri("http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self"));
|
|
|
|
public void SetRecipientInfo(
|
|
RecipientIdentity recipientIdentity,
|
|
string privacyUrl,
|
|
uint privacyVersion)
|
|
{
|
|
this.m_recipientIdentity = recipientIdentity;
|
|
this.m_privacyPolicyLink = privacyUrl;
|
|
this.m_privacyPolicyVersion = privacyVersion;
|
|
}
|
|
|
|
private void ComputeRequiresManagedCardFlag()
|
|
{
|
|
if (this.m_policyMerged.NonWhiteListElementsFound)
|
|
this.m_requiresManagedCard = true;
|
|
foreach (string requiredClaim in this.m_policyMerged.RequiredClaims)
|
|
{
|
|
if (!PolicyUtility.IsSelfIssuedClaim(requiredClaim))
|
|
this.m_requiresManagedCard = true;
|
|
}
|
|
if (!string.IsNullOrEmpty(this.m_policyMerged.OptionalRstParams.TokenType) && !PolicyUtility.IsSelfIssuedTokenType(this.m_policyMerged.OptionalRstParams.TokenType))
|
|
this.m_requiresManagedCard = true;
|
|
if (!(this.m_immediateTokenRecipientIdentity is X509RecipientIdentity) && this.m_policyMerged.KeyType == SecurityKeyTypeInternal.SymmetricKey)
|
|
this.m_requiresManagedCard = true;
|
|
if (string.IsNullOrEmpty(this.m_policyMerged.OptionalRstParams.KeyWrapAlgorithm) || !(this.m_policyMerged.OptionalRstParams.KeyWrapAlgorithm != SecurityAlgorithmSuite.Default.DefaultAsymmetricKeyWrapAlgorithm))
|
|
return;
|
|
this.m_requiresManagedCard = true;
|
|
}
|
|
|
|
private void FillComputedPolicy() => this.ComputeRequiresManagedCardFlag();
|
|
|
|
public void Validate()
|
|
{
|
|
bool flag = this.m_policyMerged.RequiredClaims == null || 0 == this.m_policyMerged.RequiredClaims.Length;
|
|
PolicyValidator policyValidator;
|
|
if (this.m_policyUsageContext == PolicyUsageContext.Browser)
|
|
{
|
|
if (flag)
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("NoClaimsFoundInPolicy")));
|
|
this.FillComputedPolicy();
|
|
policyValidator = (PolicyValidator) new BrowserPolicyValidator(this);
|
|
}
|
|
else if (PolicyUsageContext.GetToken == this.m_policyUsageContext)
|
|
{
|
|
if (flag)
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("NoClaimsFoundInPolicy")));
|
|
this.FillComputedPolicy();
|
|
policyValidator = new PolicyValidator(this);
|
|
}
|
|
else
|
|
policyValidator = (PolicyValidator) new IntermediatePolicyValidator(this);
|
|
policyValidator.Validate();
|
|
}
|
|
|
|
public void ThrowIfNonPpidClaimsPresent()
|
|
{
|
|
InfoCardTrace.ThrowInvalidArgumentConditional(this.m_policyMerged.RequiredClaims == null || this.m_policyMerged.OptionalClaims == null, "claims");
|
|
if (this.m_policyMerged.RequiredClaims.Length != 1 || !(this.m_policyMerged.RequiredClaims[0] == InfoCardConstants.PPIDClaimsUri) || this.m_policyMerged.OptionalClaims.Length != 0)
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("IPStsPolicyRequestingNonPpidClaims")));
|
|
}
|
|
|
|
public static bool IsSelfIssuedUriPresent(EndpointAddress address) => !((EndpointAddress) null == address) && Utility.CompareUri(address.Uri, XmlNames.WSIdentity.SelfIssuerUriValue);
|
|
}
|
|
}
|