1 // OpenTween - Client of Twitter
2 // Copyright (c) 2007-2011 kiri_feather (@kiri_feather) <kiri.feather@gmail.com>
3 // (c) 2008-2011 Moz (@syo68k)
4 // (c) 2008-2011 takeshik (@takeshik) <http://www.takeshik.org/>
5 // (c) 2010-2011 anis774 (@anis774) <http://d.hatena.ne.jp/anis774/>
6 // (c) 2010-2011 fantasticswallow (@f_swallow) <http://twitter.com/f_swallow>
7 // (c) 2011 Egtra (@egtra) <http://dev.activebasic.com/egtra/>
8 // All rights reserved.
10 // This file is part of OpenTween.
12 // This program is free software; you can redistribute it and/or modify it
13 // under the terms of the GNU General Public License as published by the Free
14 // Software Foundation; either version 3 of the License, or (at your option)
17 // This program is distributed in the hope that it will be useful, but
18 // WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 // or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 // You should have received a copy of the GNU General Public License along
23 // with this program. If not, see <http://www.gnu.org/licenses/>, or write to
24 // the Free Software Foundation, Inc., 51 Franklin Street - Fifth Floor,
25 // Boston, MA 02110-1301, USA.
28 #pragma warning disable SA1310
31 using System.Collections.Generic;
33 using System.Runtime.InteropServices;
34 using System.Runtime.InteropServices.ComTypes;
36 using System.Text.RegularExpressions;
37 using System.Threading;
38 using System.Windows.Forms;
42 public class InternetSecurityManager : WebBrowserAPI.IServiceProvider, WebBrowserAPI.IInternetSecurityManager
49 E_NOTIMPL = unchecked((int)0x80004001),
50 E_NOINTERFACE = unchecked((int)0x80004002),
61 private readonly object ocx = new();
62 private readonly WebBrowserAPI.IServiceProvider ocxServiceProvider;
63 private readonly IntPtr profferServicePtr = new();
64 private readonly WebBrowserAPI.IProfferService profferService = null!;
66 public POLICY SecurityPolicy { get; set; } = 0;
68 public InternetSecurityManager(WebBrowser webBrowser)
71 webBrowser.Url = new Uri("about:blank"); // ActiveXを初期化する
76 Application.DoEvents();
78 while (webBrowser.ReadyState != WebBrowserReadyState.Complete);
80 this.ocx = webBrowser.ActiveXInstance;
82 // IServiceProvider.QueryService() を使って IProfferService を取得
83 this.ocxServiceProvider = (WebBrowserAPI.IServiceProvider)this.ocx;
87 this.ocxServiceProvider.QueryService(
88 ref WebBrowserAPI.SID_SProfferService,
89 ref WebBrowserAPI.IID_IProfferService,
90 out this.profferServicePtr);
92 catch (SEHException ex)
94 MyCommon.TraceOut(ex, "ocxServiceProvider.QueryService() HRESULT:" + ex.ErrorCode.ToString("X8") + Environment.NewLine);
97 catch (ExternalException ex)
99 MyCommon.TraceOut(ex, "ocxServiceProvider.QueryService() HRESULT:" + ex.ErrorCode.ToString("X8") + Environment.NewLine);
103 this.profferService = (WebBrowserAPI.IProfferService)Marshal.GetObjectForIUnknown(this.profferServicePtr);
105 // IProfferService.ProfferService() を使って
106 // 自分を IInternetSecurityManager として提供
109 this.profferService.ProfferService(
110 ref WebBrowserAPI.IID_IInternetSecurityManager, this, out var cookie);
112 catch (SEHException ex)
114 MyCommon.TraceOut(ex, "IProfferSerive.ProfferService() HRESULT:" + ex.ErrorCode.ToString("X8") + Environment.NewLine);
117 catch (ExternalException ex)
119 MyCommon.TraceOut(ex, "IProfferSerive.ProfferService() HRESULT:" + ex.ErrorCode.ToString("X8") + Environment.NewLine);
124 int WebBrowserAPI.IServiceProvider.QueryService(
125 ref Guid guidService,
127 out IntPtr ppvObject)
129 ppvObject = IntPtr.Zero;
130 if (guidService.CompareTo(
131 WebBrowserAPI.IID_IInternetSecurityManager) == 0)
133 // 自分から IID_IInternetSecurityManager を
134 // QueryInterface して返す
135 var punk = Marshal.GetIUnknownForObject(this);
136 return Marshal.QueryInterface(punk, ref riid, out ppvObject);
138 return (int)HRESULT.E_NOINTERFACE;
141 int WebBrowserAPI.IInternetSecurityManager.GetSecurityId(string pwszUrl, byte[] pbSecurityId, ref uint pcbSecurityId, uint dwReserved)
142 => WebBrowserAPI.INET_E_DEFAULT_ACTION;
144 int WebBrowserAPI.IInternetSecurityManager.GetSecuritySite(out WebBrowserAPI.IInternetSecurityMgrSite? pSite)
147 return WebBrowserAPI.INET_E_DEFAULT_ACTION;
150 int WebBrowserAPI.IInternetSecurityManager.GetZoneMappings(int dwZone, ref IEnumString? ppenumstring, int dwFlags)
153 return WebBrowserAPI.INET_E_DEFAULT_ACTION;
156 int WebBrowserAPI.IInternetSecurityManager.MapUrlToZone(string pwszUrl, out int pdwZone, int dwFlags)
159 if (pwszUrl == "about:blank") return WebBrowserAPI.INET_E_DEFAULT_ACTION;
162 var urlStr = MyCommon.IDNEncode(pwszUrl);
163 if (urlStr == null) return WebBrowserAPI.URLPOLICY_DISALLOW;
164 var url = new Uri(urlStr);
165 if (url.Scheme == "data")
167 return WebBrowserAPI.URLPOLICY_DISALLOW;
172 return WebBrowserAPI.URLPOLICY_DISALLOW;
174 return WebBrowserAPI.INET_E_DEFAULT_ACTION;
177 private const byte URLPOLICY_ALLOW = 0;
179 int WebBrowserAPI.IInternetSecurityManager.ProcessUrlAction(string pwszUrl, int dwAction, out byte pPolicy, int cbPolicy, byte pContext, int cbContext, int dwFlags, int dwReserved)
181 pPolicy = URLPOLICY_ALLOW;
182 // スクリプト実行状態かを検査しポリシー設定
183 if (WebBrowserAPI.URLACTION_SCRIPT_MIN <= dwAction &
184 dwAction <= WebBrowserAPI.URLACTION_SCRIPT_MAX)
187 if ((this.SecurityPolicy & POLICY.ALLOW_SCRIPT) == POLICY.ALLOW_SCRIPT)
189 pPolicy = WebBrowserAPI.URLPOLICY_ALLOW;
193 pPolicy = WebBrowserAPI.URLPOLICY_DISALLOW;
195 if (Regex.IsMatch(pwszUrl, @"^https?://((api\.)?twitter\.com/|([a-zA-Z0-9]+\.)?twimg\.com/)")) pPolicy = WebBrowserAPI.URLPOLICY_ALLOW;
196 return (int)HRESULT.S_OK;
198 // ActiveX実行状態かを検査しポリシー設定
199 if (WebBrowserAPI.URLACTION_ACTIVEX_MIN <= dwAction &
200 dwAction <= WebBrowserAPI.URLACTION_ACTIVEX_MAX)
203 if ((this.SecurityPolicy & POLICY.ALLOW_ACTIVEX) == POLICY.ALLOW_ACTIVEX)
205 pPolicy = WebBrowserAPI.URLPOLICY_ALLOW;
209 pPolicy = WebBrowserAPI.URLPOLICY_DISALLOW;
211 return (int)HRESULT.S_OK;
214 return WebBrowserAPI.INET_E_DEFAULT_ACTION;
217 int WebBrowserAPI.IInternetSecurityManager.QueryCustomPolicy(string pwszUrl, ref Guid guidKey, byte ppPolicy, int pcbPolicy, byte pContext, int cbContext, int dwReserved)
218 => WebBrowserAPI.INET_E_DEFAULT_ACTION;
220 int WebBrowserAPI.IInternetSecurityManager.SetSecuritySite(WebBrowserAPI.IInternetSecurityMgrSite pSite)
221 => WebBrowserAPI.INET_E_DEFAULT_ACTION;
223 int WebBrowserAPI.IInternetSecurityManager.SetZoneMapping(int dwZone, string lpszPattern, int dwFlags)
224 => WebBrowserAPI.INET_E_DEFAULT_ACTION;
227 #region "WebBrowserAPI"
228 internal static class WebBrowserAPI
230 public static int INET_E_DEFAULT_ACTION = unchecked((int)0x800C0011);
234 URLZONE_LOCAL_MACHINE = 0,
235 URLZONE_INTRANET = URLZONE_LOCAL_MACHINE + 1,
236 URLZONE_TRUSTED = URLZONE_INTRANET + 1,
237 URLZONE_INTERNET = URLZONE_TRUSTED + 1,
238 URLZONE_UNTRUSTED = URLZONE_INTERNET + 1,
241 public static int URLACTION_MIN = 0x1000;
243 public static int URLACTION_DOWNLOAD_MIN = 0x1000;
244 public static int URLACTION_DOWNLOAD_SIGNED_ACTIVEX = 0x1001;
245 public static int URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX = 0x1004;
246 public static int URLACTION_DOWNLOAD_CURR_MAX = 0x1004;
247 public static int URLACTION_DOWNLOAD_MAX = 0x11FF;
249 public static int URLACTION_ACTIVEX_MIN = 0x1200;
250 public static int URLACTION_ACTIVEX_RUN = 0x1200;
251 public static int URLPOLICY_ACTIVEX_CHECK_LIST = 0x10000;
252 public static int URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY = 0x1201;
253 public static int URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY = 0x1202;
254 public static int URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY = 0x1203;
255 public static int URLACTION_SCRIPT_OVERRIDE_SAFETY = 0x1401;
256 public static int URLACTION_ACTIVEX_CONFIRM_NOOBJECTSAFETY = 0x1204;
257 public static int URLACTION_ACTIVEX_TREATASUNTRUSTED = 0x1205;
258 public static int URLACTION_ACTIVEX_NO_WEBOC_SCRIPT = 0x1206;
259 public static int URLACTION_ACTIVEX_CURR_MAX = 0x1206;
260 public static int URLACTION_ACTIVEX_MAX = 0x13FF;
262 public static int URLACTION_SCRIPT_MIN = 0x1400;
263 public static int URLACTION_SCRIPT_RUN = 0x1400;
264 public static int URLACTION_SCRIPT_JAVA_USE = 0x1402;
265 public static int URLACTION_SCRIPT_SAFE_ACTIVEX = 0x1405;
266 public static int URLACTION_CROSS_DOMAIN_DATA = 0x1406;
267 public static int URLACTION_SCRIPT_PASTE = 0x1407;
268 public static int URLACTION_SCRIPT_CURR_MAX = 0x1407;
269 public static int URLACTION_SCRIPT_MAX = 0x15FF;
271 public static int URLACTION_HTML_MIN = 0x1600;
272 public static int URLACTION_HTML_SUBMIT_FORMS = 0x1601; // aggregate next two
273 public static int URLACTION_HTML_SUBMIT_FORMS_FROM = 0x1602;
274 public static int URLACTION_HTML_SUBMIT_FORMS_TO = 0x1603;
275 public static int URLACTION_HTML_FONT_DOWNLOAD = 0x1604;
276 public static int URLACTION_HTML_JAVA_RUN = 0x1605; // derive from Java custom policy
277 public static int URLACTION_HTML_USERDATA_SAVE = 0x1606;
278 public static int URLACTION_HTML_SUBFRAME_NAVIGATE = 0x1607;
279 public static int URLACTION_HTML_META_REFRESH = 0x1608;
280 public static int URLACTION_HTML_MIXED_CONTENT = 0x1609;
281 public static int URLACTION_HTML_MAX = 0x17FF;
283 public static int URLACTION_SHELL_MIN = 0x1800;
284 public static int URLACTION_SHELL_INSTALL_DTITEMS = 0x1800;
285 public static int URLACTION_SHELL_MOVE_OR_COPY = 0x1802;
286 public static int URLACTION_SHELL_FILE_DOWNLOAD = 0x1803;
287 public static int URLACTION_SHELL_VERB = 0x1804;
288 public static int URLACTION_SHELL_WEBVIEW_VERB = 0x1805;
289 public static int URLACTION_SHELL_SHELLEXECUTE = 0x1806;
290 public static int URLACTION_SHELL_CURR_MAX = 0x1806;
291 public static int URLACTION_SHELL_MAX = 0x19FF;
293 public static int URLACTION_NETWORK_MIN = 0x1A00;
295 public static int URLACTION_CREDENTIALS_USE = 0x1A00;
296 public static int URLPOLICY_CREDENTIALS_SILENT_LOGON_OK = 0x0;
297 public static int URLPOLICY_CREDENTIALS_MUST_PROMPT_USER = 0x10000;
298 public static int URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT = 0x20000;
299 public static int URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY = 0x30000;
301 public static int URLACTION_AUTHENTICATE_CLIENT = 0x1A01;
302 public static int URLPOLICY_AUTHENTICATE_CLEARTEXT_OK = 0x0;
303 public static int URLPOLICY_AUTHENTICATE_CHALLENGE_RESPONSE = 0x10000;
304 public static int URLPOLICY_AUTHENTICATE_MUTUAL_ONLY = 0x30000;
306 public static int URLACTION_COOKIES = 0x1A02;
307 public static int URLACTION_COOKIES_SESSION = 0x1A03;
309 public static int URLACTION_CLIENT_CERT_PROMPT = 0x1A04;
311 public static int URLACTION_COOKIES_THIRD_PARTY = 0x1A05;
312 public static int URLACTION_COOKIES_SESSION_THIRD_PARTY = 0x1A06;
314 public static int URLACTION_COOKIES_ENABLED = 0x1A10;
316 public static int URLACTION_NETWORK_CURR_MAX = 0x1A10;
317 public static int URLACTION_NETWORK_MAX = 0x1BFF;
319 public static int URLACTION_JAVA_MIN = 0x1C00;
320 public static int URLACTION_JAVA_PERMISSIONS = 0x1C00;
321 public static int URLPOLICY_JAVA_PROHIBIT = 0x0;
322 public static int URLPOLICY_JAVA_HIGH = 0x10000;
323 public static int URLPOLICY_JAVA_MEDIUM = 0x20000;
324 public static int URLPOLICY_JAVA_LOW = 0x30000;
325 public static int URLPOLICY_JAVA_CUSTOM = 0x800000;
326 public static int URLACTION_JAVA_CURR_MAX = 0x1C00;
327 public static int URLACTION_JAVA_MAX = 0x1CFF;
329 // The following Infodelivery actions should have no default policies
330 // in the registry. They assume that no default policy means fall
331 // back to the global restriction. If an admin sets a policy per
332 // zone, then it overrides the global restriction.
334 public static int URLACTION_INFODELIVERY_MIN = 0x1D00;
335 public static int URLACTION_INFODELIVERY_NO_ADDING_CHANNELS = 0x1D00;
336 public static int URLACTION_INFODELIVERY_NO_EDITING_CHANNELS = 0x1D01;
337 public static int URLACTION_INFODELIVERY_NO_REMOVING_CHANNELS = 0x1D02;
338 public static int URLACTION_INFODELIVERY_NO_ADDING_SUBSCRIPTIONS = 0x1D03;
339 public static int URLACTION_INFODELIVERY_NO_EDITING_SUBSCRIPTIONS = 0x1D04;
340 public static int URLACTION_INFODELIVERY_NO_REMOVING_SUBSCRIPTIONS = 0x1D05;
341 public static int URLACTION_INFODELIVERY_NO_CHANNEL_LOGGING = 0x1D06;
342 public static int URLACTION_INFODELIVERY_CURR_MAX = 0x1D06;
343 public static int URLACTION_INFODELIVERY_MAX = 0x1DFF;
344 public static int URLACTION_CHANNEL_SOFTDIST_MIN = 0x1E00;
345 public static int URLACTION_CHANNEL_SOFTDIST_PERMISSIONS = 0x1E05;
346 public static int URLPOLICY_CHANNEL_SOFTDIST_PROHIBIT = 0x10000;
347 public static int URLPOLICY_CHANNEL_SOFTDIST_PRECACHE = 0x20000;
348 public static int URLPOLICY_CHANNEL_SOFTDIST_AUTOINSTALL = 0x30000;
349 public static int URLACTION_CHANNEL_SOFTDIST_MAX = 0x1EFF;
351 // For each action specified above the system maintains
352 // a set of policies for the action.
353 // The only policies supported currently are permissions (i.e. is something allowed)
354 // and logging status.
355 // IMPORTANT: If you are defining your own policies don't overload the meaning of the
356 // loword of the policy. You can use the hiword to store any policy bits which are only
357 // meaningful to your action.
358 // For an example of how to do this look at the URLPOLICY_JAVA above
361 public static byte URLPOLICY_ALLOW = 0x0;
362 public static byte URLPOLICY_QUERY = 0x1;
363 public static byte URLPOLICY_DISALLOW = 0x3;
365 // Notifications are not done when user already queried.
366 public static int URLPOLICY_NOTIFY_ON_ALLOW = 0x10;
367 public static int URLPOLICY_NOTIFY_ON_DISALLOW = 0x20;
369 // Logging is done regardless of whether user was queried.
370 public static int URLPOLICY_LOG_ON_ALLOW = 0x40;
371 public static int URLPOLICY_LOG_ON_DISALLOW = 0x80;
373 public static int URLPOLICY_MASK_PERMISSIONS = 0xF;
375 public static int URLPOLICY_DONTCHECKDLGBOX = 0x100;
377 // ----------------------------------------------------------------------
378 // ここ以下は COM Interface の宣言です。
379 public static Guid IID_IProfferService = new("cb728b20-f786-11ce-92ad-00aa00a74cd0");
380 public static Guid SID_SProfferService = new("cb728b20-f786-11ce-92ad-00aa00a74cd0");
381 public static Guid IID_IInternetSecurityManager = new("79eac9ee-baf9-11ce-8c82-00aa004ba90b");
384 [Guid("6d5140c1-7436-11ce-8034-00aa006009fa")]
385 [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
386 public interface IServiceProvider
389 int QueryService([In] ref Guid guidService, [In] ref Guid riid, out IntPtr ppvObject);
393 [Guid("cb728b20-f786-11ce-92ad-00aa00a74cd0")]
394 [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
395 public interface IProfferService
398 int ProfferService([In] ref Guid guidService, [In] IServiceProvider psp, out int cookie);
401 int RevokeService([In] int cookie);
405 [Guid("79eac9ed-baf9-11ce-8c82-00aa004ba90b")]
406 [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
407 public interface IInternetSecurityMgrSite
410 int GetWindow(out IntPtr hwnd);
413 int EnableModeless([In, MarshalAs(UnmanagedType.Bool)] bool fEnable);
417 [Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b")]
418 [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
419 public interface IInternetSecurityManager
422 int SetSecuritySite([In] IInternetSecurityMgrSite pSite);
425 int GetSecuritySite(out IInternetSecurityMgrSite? pSite);
428 int MapUrlToZone([In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, out int pdwZone, int dwFlags);
431 int GetSecurityId([MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, [MarshalAs(UnmanagedType.LPArray)] byte[] pbSecurityId, ref uint pcbSecurityId, uint dwReserved);
434 int ProcessUrlAction([In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, int dwAction, out byte pPolicy, int cbPolicy, byte pContext, int cbContext, int dwFlags, int dwReserved);
437 int QueryCustomPolicy([In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, ref Guid guidKey, byte ppPolicy, int pcbPolicy, byte pContext, int cbContext, int dwReserved);
440 int SetZoneMapping(int dwZone, [In, MarshalAs(UnmanagedType.LPWStr)] string lpszPattern, int dwFlags);
443 int GetZoneMappings(int dwZone, ref IEnumString? ppenumstring, int dwFlags);