269 lines
12 KiB
C#
269 lines
12 KiB
C#
//------------------------------------------------------------------------------
|
|
// <copyright file="DpapiProtectedConfigurationProvider.cs" company="Microsoft">
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
// </copyright>
|
|
//------------------------------------------------------------------------------
|
|
|
|
namespace System.Configuration
|
|
{
|
|
using System.Collections.Specialized;
|
|
using System.Runtime.Serialization;
|
|
using System.Configuration.Provider;
|
|
using System.Xml;
|
|
using System.Text;
|
|
using System.Runtime.InteropServices;
|
|
using Microsoft.Win32;
|
|
using System.Security.Permissions;
|
|
using Microsoft.Win32.SafeHandles;
|
|
using System.Runtime.CompilerServices;
|
|
|
|
[PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
|
|
public sealed class DpapiProtectedConfigurationProvider : ProtectedConfigurationProvider
|
|
{
|
|
public override XmlNode Decrypt(XmlNode encryptedNode)
|
|
{
|
|
if (encryptedNode.NodeType != XmlNodeType.Element ||
|
|
encryptedNode.Name != "EncryptedData") {
|
|
throw new ConfigurationErrorsException(SR.GetString(SR.DPAPI_bad_data));
|
|
}
|
|
|
|
XmlNode cipherNode = TraverseToChild(encryptedNode, "CipherData", false);
|
|
if (cipherNode == null)
|
|
throw new ConfigurationErrorsException(SR.GetString(SR.DPAPI_bad_data));
|
|
|
|
XmlNode cipherValue = TraverseToChild(cipherNode, "CipherValue", true);
|
|
if (cipherValue == null)
|
|
throw new ConfigurationErrorsException(SR.GetString(SR.DPAPI_bad_data));
|
|
|
|
string encText = cipherValue.InnerText;
|
|
if (encText == null)
|
|
throw new ConfigurationErrorsException(SR.GetString(SR.DPAPI_bad_data));
|
|
|
|
string decText = DecryptText(encText);
|
|
XmlDocument xmlDocument = new XmlDocument();
|
|
xmlDocument.PreserveWhitespace = true;
|
|
xmlDocument.LoadXml(decText);
|
|
return xmlDocument.DocumentElement;
|
|
}
|
|
|
|
public override XmlNode Encrypt(XmlNode node)
|
|
{
|
|
string text = node.OuterXml;
|
|
string encText = EncryptText(text);
|
|
string pre = @"<EncryptedData><CipherData><CipherValue>";
|
|
string post = @"</CipherValue></CipherData></EncryptedData>";
|
|
string xmlText = pre + encText + post;
|
|
|
|
XmlDocument xmlDocument = new XmlDocument();
|
|
xmlDocument.PreserveWhitespace = true;
|
|
xmlDocument.LoadXml(xmlText);
|
|
return xmlDocument.DocumentElement;
|
|
}
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////
|
|
private string EncryptText(string clearText)
|
|
{
|
|
if (clearText == null || clearText.Length < 1)
|
|
return clearText;
|
|
|
|
DATA_BLOB inputData, entData, outputData;
|
|
SafeNativeMemoryHandle safeInputDataHandle = new SafeNativeMemoryHandle();
|
|
SafeNativeMemoryHandle safeOutputDataHandle = new SafeNativeMemoryHandle(true);
|
|
SafeNativeMemoryHandle safeEntDataHandle = new SafeNativeMemoryHandle();
|
|
|
|
inputData.pbData = entData.pbData = outputData.pbData = IntPtr.Zero;
|
|
inputData.cbData = entData.cbData = outputData.cbData = 0;
|
|
try {
|
|
|
|
RuntimeHelpers.PrepareConstrainedRegions();
|
|
try {
|
|
}
|
|
finally {
|
|
inputData = PrepareDataBlob(clearText);
|
|
safeInputDataHandle.SetDataHandle(inputData.pbData);
|
|
|
|
entData = PrepareDataBlob(_KeyEntropy);
|
|
safeEntDataHandle.SetDataHandle(entData.pbData);
|
|
}
|
|
|
|
CRYPTPROTECT_PROMPTSTRUCT prompt = PreparePromptStructure();
|
|
UInt32 dwFlags = CRYPTPROTECT_UI_FORBIDDEN;
|
|
if (UseMachineProtection)
|
|
dwFlags |= CRYPTPROTECT_LOCAL_MACHINE;
|
|
bool success = false;
|
|
|
|
RuntimeHelpers.PrepareConstrainedRegions();
|
|
try {
|
|
}
|
|
finally {
|
|
success = UnsafeNativeMethods.CryptProtectData(ref inputData, "", ref entData,
|
|
IntPtr.Zero, ref prompt,
|
|
dwFlags, ref outputData);
|
|
safeOutputDataHandle.SetDataHandle(outputData.pbData);
|
|
}
|
|
if (!success || outputData.pbData == IntPtr.Zero) {
|
|
outputData.pbData = IntPtr.Zero;
|
|
Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error());
|
|
}
|
|
byte[] buf = new byte[outputData.cbData];
|
|
Marshal.Copy(outputData.pbData, buf, 0, buf.Length);
|
|
return Convert.ToBase64String(buf);
|
|
} finally {
|
|
if (!(safeOutputDataHandle == null || safeOutputDataHandle.IsInvalid)) {
|
|
safeOutputDataHandle.Dispose();
|
|
outputData.pbData = IntPtr.Zero;
|
|
}
|
|
if (!(safeEntDataHandle == null || safeEntDataHandle.IsInvalid)) {
|
|
safeEntDataHandle.Dispose();
|
|
entData.pbData = IntPtr.Zero;
|
|
}
|
|
if (!(safeInputDataHandle == null || safeInputDataHandle.IsInvalid)) {
|
|
safeInputDataHandle.Dispose();
|
|
inputData.pbData = IntPtr.Zero;
|
|
}
|
|
}
|
|
}
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////
|
|
private string DecryptText(string encText)
|
|
{
|
|
if (encText == null || encText.Length < 1)
|
|
return encText;
|
|
|
|
DATA_BLOB inputData, entData, outputData;
|
|
SafeNativeMemoryHandle safeInputDataHandle = new SafeNativeMemoryHandle();
|
|
SafeNativeMemoryHandle safeOutputDataHandle = new SafeNativeMemoryHandle(true);
|
|
SafeNativeMemoryHandle safeEntDataHandle = new SafeNativeMemoryHandle();
|
|
|
|
inputData.pbData = entData.pbData = outputData.pbData = IntPtr.Zero;
|
|
inputData.cbData = entData.cbData = outputData.cbData = 0;
|
|
|
|
try {
|
|
RuntimeHelpers.PrepareConstrainedRegions();
|
|
try {
|
|
}
|
|
finally {
|
|
inputData = PrepareDataBlob(Convert.FromBase64String(encText));
|
|
safeInputDataHandle.SetDataHandle(inputData.pbData);
|
|
|
|
entData = PrepareDataBlob(_KeyEntropy);
|
|
safeEntDataHandle.SetDataHandle(entData.pbData);
|
|
}
|
|
|
|
CRYPTPROTECT_PROMPTSTRUCT prompt = PreparePromptStructure();
|
|
UInt32 dwFlags = CRYPTPROTECT_UI_FORBIDDEN;
|
|
|
|
if (UseMachineProtection)
|
|
dwFlags |= CRYPTPROTECT_LOCAL_MACHINE;
|
|
bool success = false;
|
|
RuntimeHelpers.PrepareConstrainedRegions();
|
|
try {
|
|
}
|
|
finally {
|
|
success = UnsafeNativeMethods.CryptUnprotectData(ref inputData, IntPtr.Zero,
|
|
ref entData, IntPtr.Zero,
|
|
ref prompt, dwFlags, ref outputData);
|
|
safeOutputDataHandle.SetDataHandle(outputData.pbData);
|
|
}
|
|
|
|
if (!success || outputData.pbData == IntPtr.Zero) {
|
|
outputData.pbData = IntPtr.Zero;
|
|
Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error());
|
|
}
|
|
byte[] buf = new byte[outputData.cbData];
|
|
Marshal.Copy(outputData.pbData, buf, 0, buf.Length);
|
|
return Encoding.Unicode.GetString(buf);
|
|
} finally {
|
|
if (!(safeOutputDataHandle == null || safeOutputDataHandle.IsInvalid)) {
|
|
safeOutputDataHandle.Dispose();
|
|
outputData.pbData = IntPtr.Zero;
|
|
}
|
|
if (!(safeEntDataHandle == null || safeEntDataHandle.IsInvalid)) {
|
|
safeEntDataHandle.Dispose();
|
|
entData.pbData = IntPtr.Zero;
|
|
}
|
|
if (!(safeInputDataHandle == null || safeInputDataHandle.IsInvalid)) {
|
|
safeInputDataHandle.Dispose();
|
|
inputData.pbData = IntPtr.Zero;
|
|
}
|
|
}
|
|
}
|
|
|
|
public bool UseMachineProtection { get { return _UseMachineProtection; }}
|
|
//private virtual string KeyEntropy { get { return _KeyEntropy; } }
|
|
|
|
public override void Initialize(string name, NameValueCollection configurationValues)
|
|
{
|
|
base.Initialize(name, configurationValues);
|
|
_UseMachineProtection = GetBooleanValue(configurationValues, "useMachineProtection", true);
|
|
_KeyEntropy = configurationValues["keyEntropy"];
|
|
configurationValues.Remove("keyEntropy");
|
|
if (configurationValues.Count > 0)
|
|
throw new ConfigurationErrorsException(SR.GetString(SR.Unrecognized_initialization_value, configurationValues.GetKey(0)));
|
|
}
|
|
|
|
private const int CRYPTPROTECT_UI_FORBIDDEN = 0x1;
|
|
private const int CRYPTPROTECT_LOCAL_MACHINE = 0x4;
|
|
private bool _UseMachineProtection = true;
|
|
private string _KeyEntropy;
|
|
|
|
private static XmlNode TraverseToChild(XmlNode node, string name, bool onlyChild)
|
|
{
|
|
foreach (XmlNode child in node.ChildNodes)
|
|
{
|
|
if (child.NodeType != XmlNodeType.Element)
|
|
continue;
|
|
|
|
if (child.Name == name)
|
|
return child; // found it!
|
|
|
|
if (onlyChild)
|
|
return null;
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
private static DATA_BLOB PrepareDataBlob(byte[] buf)
|
|
{
|
|
if (buf == null)
|
|
buf = new byte[0];
|
|
DATA_BLOB db = new DATA_BLOB();
|
|
db.cbData = buf.Length;
|
|
db.pbData = Marshal.AllocHGlobal(db.cbData);
|
|
Marshal.Copy(buf, 0, db.pbData, db.cbData);
|
|
return db;
|
|
}
|
|
private static DATA_BLOB PrepareDataBlob(string s)
|
|
{
|
|
return PrepareDataBlob((s != null) ? Encoding.Unicode.GetBytes(s) : new byte[0]);
|
|
}
|
|
private static CRYPTPROTECT_PROMPTSTRUCT PreparePromptStructure()
|
|
{
|
|
CRYPTPROTECT_PROMPTSTRUCT cps = new CRYPTPROTECT_PROMPTSTRUCT();
|
|
cps.cbSize = Marshal.SizeOf(typeof(CRYPTPROTECT_PROMPTSTRUCT));
|
|
cps.dwPromptFlags = 0;
|
|
cps.hwndApp = IntPtr.Zero;
|
|
cps.szPrompt = null;
|
|
return cps;
|
|
}
|
|
private static bool GetBooleanValue(NameValueCollection configurationValues, string valueName, bool defaultValue) {
|
|
string s = configurationValues[valueName];
|
|
if (s == null)
|
|
return defaultValue;
|
|
configurationValues.Remove(valueName);
|
|
if (s == "true")
|
|
return true;
|
|
if (s == "false")
|
|
return false;
|
|
throw new ConfigurationErrorsException(SR.GetString(SR.Config_invalid_boolean_attribute, valueName));
|
|
}
|
|
}
|
|
|
|
}
|