Imported Upstream version 4.6.0.125

Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4
2016-08-03 10:59:49 +00:00
parent a569aebcfd
commit e79aa3c0ed
17047 changed files with 3137615 additions and 392334 deletions
--- a/mcs/class/referencesource/System.Web/Security/Cryptography/DataProtectorCryptoService.cs
+++ b/mcs/class/referencesource/System.Web/Security/Cryptography/DataProtectorCryptoService.cs
@ -0,0 +1,56 @@
+//------------------------------------------------------------------------------
+// <copyright file="DataProtectorCryptoService.cs" company="Microsoft">
+//     Copyright (c) Microsoft Corporation.  All rights reserved.
+// </copyright>                                                                
+//------------------------------------------------------------------------------
+
+namespace System.Web.Security.Cryptography {
+    using System;
+    using System.Security.Cryptography;
+
+    // Uses the DataProtector class to protect sensitive information
+
+    internal sealed class DataProtectorCryptoService : ICryptoService {
+
+        private readonly IDataProtectorFactory _dataProtectorFactory;
+        private readonly Purpose _purpose;
+
+        public DataProtectorCryptoService(IDataProtectorFactory dataProtectorFactory, Purpose purpose) {
+            _dataProtectorFactory = dataProtectorFactory;
+            _purpose = purpose;
+        }
+
+        // Wraps the common logic of working with a DataProtector instance.
+        // 'protect' is TRUE if we're calling Protect, FALSE if we're calling Unprotect.
+        private byte[] PerformOperation(byte[] data, bool protect) {
+            // Since the DataProtector might depend on the impersonated context, we must
+            // work with it only under app-level impersonation. The idea behind this is
+            // that if the cryptographic routine is provided by an OS-level implementation
+            // (like DPAPI), any keys will be locked to the account of the web application
+            // itself.
+            using (new ApplicationImpersonationContext()) {
+                DataProtector dataProtector = null;
+                try {
+                    dataProtector = _dataProtectorFactory.GetDataProtector(_purpose);
+                    return (protect) ? dataProtector.Protect(data) : dataProtector.Unprotect(data);
+                }
+                finally {
+                    // These instances are transient
+                    IDisposable disposable = dataProtector as IDisposable;
+                    if (disposable != null) {
+                        disposable.Dispose();
+                    }
+                }
+            }
+        }
+
+        public byte[] Protect(byte[] clearData) {
+            return PerformOperation(clearData, protect: true);
+        }
+
+        public byte[] Unprotect(byte[] protectedData) {
+            return PerformOperation(protectedData, protect: false);
+        }
+
+    }
+}