Imported Upstream version 2.0.0.11353upstream/2.0.0.11353

1 files changed, 0 insertions, 240 deletions

diff --git a/src/mscorlib/src/System/Runtime/Serialization/SafeSerializationManager.cs b/src/mscorlib/src/System/Runtime/Serialization/SafeSerializationManager.cs
deleted file mode 100644
index 260e873bc7..0000000000
--- a/src/mscorlib/src/System/Runtime/Serialization/SafeSerializationManager.cs
+++ /dev/null
@@ -1,240 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-// See the LICENSE file in the project root for more information.
-using System;
-using System.Collections;
-using System.Collections.Generic;
-using System.Diagnostics.Contracts;
-using System.Reflection;
-using System.Security;
-
-namespace System.Runtime.Serialization
-{
-    //
-    // #SafeSerialization
-    // 
-    // Types which are serializable via the ISerializable interface have a problem when it comes to allowing
-    // transparent subtypes which can allow themselves to serialize since the GetObjectData method is
-    // SecurityCritical.
-    // 
-    // For instance, System.Exception implements ISerializable, however it is also desirable to have
-    // transparent exceptions with their own fields that need to be serialized.  (For instance, in transparent
-    // assemblies such as the DLR and F#, or even in partial trust application code).  Since overriding
-    // GetObjectData requires that the overriding method be security critical, this won't work directly.
-    //
-    // SafeSerializationManager solves this problem by allowing any partial trust code to contribute
-    // individual chunks of serializable data to be included in the serialized version of the derived class. 
-    // These chunks are then deserialized back out of the serialized type and notified that they should
-    // populate the fields of the deserialized object when serialization is complete.  This allows partial
-    // trust or transparent code to participate in serialization of an ISerializable type without having to
-    // override GetObjectData or implement the ISerializable constructor.
-    //
-    // On the serialization side, SafeSerializationManager has an event SerializeObjectState which it will
-    // fire in response to serialization in order to gather the units of serializable data that should be
-    // stored with the rest of the object during serialization.  Methods which respond to these events
-    // create serializable objects which implement the ISafeSerializationData interface and add them to the
-    // collection of other serialized data by calling AddSerializedState on the SafeSerializationEventArgs
-    // passed into the event.
-    // 
-    // By using an event rather than a virtual method on the base ISerializable object, we allow multiple
-    // potentially untrusted subclasses to participate in serialization, without each one having to ensure
-    // that it calls up to the base type in order for the whole system to work.  (For instance Exception :
-    // TrustedException : UntrustedException, in this scenario UntrustedException would be able to override
-    // the virtual method an prevent TrustedException from ever seeing the method call, either accidentally
-    // or maliciously).
-    // 
-    // Further, by only allowing additions of new chunks of serialization state rather than exposing the
-    // whole underlying list, we avoid exposing potentially sensitive serialized state to any of the
-    // potentially untrusted subclasses.
-    // 
-    // At deserialization time, SafeSerializationManager performs the reverse operation.  It deserializes the
-    // chunks of serialized state, and then notifies them that the object they belong to is deserialized by
-    // calling their CompleteSerialization method. In repsonse to this call, the state objects populate the
-    // fields of the object being deserialized with the state that they held.
-    // 
-    // From a security perspective, the chunks of serialized state can only contain data that the specific
-    // subclass itself had access to read (otherwise it wouldn't be able to populate the type with that
-    // data), as opposed to having access to far more data in the SerializationInfo that GetObjectData uses.
-    // Similarly, at deserialization time, the serialized state can only modify fields that the type itself
-    // has access to (again, as opposed to the full SerializationInfo which could be modified).
-    // 
-    // Individual types which wish to participate in safe serialization do so by containing an instance of a
-    // SafeSerializationManager and exposing its serialization event.  During GetObjectData, the
-    // SafeSerializationManager is serialized just like any other field of the containing type.  However, at
-    // the end of serialization it is called back one last time to CompleteSerialization.
-    // 
-    // In CompleteSerialization, if the SafeSerializationManager detects that it has extra chunks of
-    // data to handle, it substitutes the root type being serialized (formerly the real type hosting the
-    // SafeSerializationManager) with itself.  This allows it to gain more control over the deserialization
-    // process.  It also saves away an extra bit of state in the serialization info indicating the real type
-    // of object that should be recreated during deserialization.
-    //
-    // At this point the serialized state looks like this:
-    //   Data:
-    //     realSerializedData1
-    //       ...
-    //     realSerializedDataN
-    //     safeSerializationData     -> this is the serialization data member of the parent type
-    //       m_serializedState       -> list of saved serialized states from subclasses responding to the safe
-    //                                  serialization event
-    //     RealTypeSerializationName -> type which is using safe serialization
-    //   Type:
-    //     SafeSerializationManager
-    //
-    //  That is, the serialized data claims to be of type SafeSerializationManager, however contains only the
-    //  data from the real object being serialized along with one bit of safe serialization metadata.
-    //  
-    //  At deserialization time, since the serialized data claims to be of type SafeSerializationManager, the
-    //  root object being created is an instance of the SafeSerializationManager class.  However, it detects
-    //  that this isn't a real SafeSerializationManager (by looking for the real type field in the metadata),
-    //  and simply saves away the SerializationInfo and the real type being deserialized.
-    //  
-    //  Since SafeSerializationManager implements IObjectReference, the next step of deserialization is the
-    //  GetRealObject callback.  This callback is the one responsible for getting the
-    //  SafeSerializationManager out of the way and instead creating an instance of the actual type which was
-    //  serialized.
-    //  
-    //  It does this by first creating an instance of the real type being deserialzed (saved away in the
-    //  deserialzation constructor), but not running any of its constructors.  Instead, it walks the
-    //  inheritance hierarchy (moving toward the most derived type) looking for the last full trust type to
-    //  implement the standard ISerializable constructor before any type does not implement the constructor. 
-    //  It is this last type's deserialization constructor which is then invoked, passing in the saved
-    //  SerializationInfo.  Once the constructors are run, we return this object as the real deserialized
-    //  object.
-    //  
-    //  The reason that we do this walk is so that ISerializable types can protect themselves from malicious
-    //  input during deserialization by making their deserialization constructors unavailable to partial
-    //  trust code.  By not requiring every type have a copy of this constructor, partial trust code can
-    //  participate in safe serialization and not be required to have access to the parent's constructor. 
-    //  
-    //  It should be noted however, that this heuristic means that if a full trust type does derive from
-    //  a transparent or partial trust type using this safe serialization mechanism, that full trust type
-    //  will not have its constructor called. Further, the protection of not invoking partial trust
-    //  deserialization constructors only comes into play if SafeSerializationManager is in control of
-    //  deserialization, which means there must be at least one (even empty) safe serialization event
-    //  handler registered.
-    //  
-    //  Another interesting note is that at this point there are now two SafeSerializationManagers alive for
-    //  this deserialization.  The first object is the one which is controlling the deserialization and was
-    //  created as the root object of the deserialization.  The second one is the object which contains the
-    //  serialized data chunks and is a data member of the real object being deserialized.  For this reason,
-    //  the data objects cannot be notified that the deserialization is complete during GetRealObject since
-    //  the ISafeSerializationData objects are not members of the active SafeSerializationManager instance.
-    //  
-    //  The next step is the OnDeserialized callback, which comes to SafeSerializableObject since it was
-    //  pretending to be the root object of the deserialization.  It responds to this callback by calling
-    //  any existing OnDeserialized callback on the real type that was deserialized.
-    //  
-    //  The real type needs to call its data member SafeSerializationData object's CompleteDeserialization
-    //  method in response to the OnDeserialized call.  This CompleteDeserialization call will then iterate
-    //  through the ISafeSerializationData objects calling each of their CompleteDeserialization methods so
-    //  that they can plug the nearly-complete object with their saved data.
-    //  
-    //  The reason for having a new ISafeSerializationData interface which is basically identical to
-    //  IDeserializationCallback is that IDeserializationCallback will be called on the stored data chunks
-    //  by the serialization code when they are deserialized, and that's not a desirable behavior. 
-    //  Essentially, we need to change the meaning of the object parameter to mean "parent object which
-    //  participated in safe serialization", rather than "this object".
-    //  
-    //  Implementing safe serialization on an ISerialiable type is relatively straight forward.  (For an
-    //  example, see System.Exception):
-    //  
-    //    1. Include a data member of type SafeSerializationManager:
-    //  
-    //       private SafeSerializationManager m_safeSerializationManager;
-    //     
-    //    2. Add a protected SerializeObjectState event, which passes through to the SafeSerializationManager:
-    //  
-    //       protected event EventHandler<SafeSerializationEventArgs> SerializeObjectState
-    //       {
-    //           add { m_safeSerializationManager.SerializeObjectState += value; }
-    //           remove { m_safeSerializationManager.SerializeObjectState -= value; }
-    //       }
-    //
-    //    3. Serialize the safe serialization object in GetObjectData, and call its CompleteSerialization method:
-    //  
-    //       {
-    //           info.AddValue("m_safeSerializationManager", m_safeSerializationManager, typeof(SafeSerializationManager));
-    //           m_safeSerializationManager.CompleteSerialization(this, info, context);
-    //       }
-    //
-    //    4. Add an OnDeserialized handler if one doesn't already exist, and call CompleteDeserialization in it:
-    //  
-    //       [OnDeserialized]
-    //       private void OnDeserialized(StreamingContext context)
-    //       {
-    //           m_safeSerializationManager.CompleteDeserialization(this);
-    //       }
-    //
-    // On the client side, using safe serialization is also pretty easy.  For example:
-    // 
-    //   [Serializable]
-    //   public class TransparentException : Exception
-    //   {
-    //       [Serializable]
-    //       private struct TransparentExceptionState : ISafeSerializationData
-    //       {
-    //           public string m_extraData;
-    //
-    //           void ISafeSerializationData.CompleteDeserialization(object obj)
-    //           {
-    //               TransparentException exception = obj as TransparentException;
-    //               exception.m_state = this;
-    //           }
-    //       }
-    //
-    //       [NonSerialized]
-    //       private TransparentExceptionState m_state = new TransparentExceptionState();
-    //
-    //       public TransparentException()
-    //       {
-    //           SerializeObjectState += delegate(object exception, SafeSerializationEventArgs eventArgs)
-    //           {
-    //               eventArgs.AddSerializedState(m_state);
-    //           };
-    //       }
-    //
-    //       public string ExtraData
-    //       {
-    //           get { return m_state.m_extraData; }
-    //           set { m_state.m_extraData = value; }
-    //       }
-    //   }
-    // 
-
-    // SafeSerializationEventArgs are provided to the delegates which do safe serialization.  Each delegate
-    // serializes its own state into an IDeserializationCallback instance which must, itself, be serializable.
-    // These indivdiual states are then added to the SafeSerializationEventArgs in order to be saved away when
-    // the original ISerializable type is serialized.
-    public sealed class SafeSerializationEventArgs : EventArgs
-    {
-        private StreamingContext m_streamingContext;
-        private List<object> m_serializedStates = new List<object>();
-
-        internal SafeSerializationEventArgs() {}
-
-        public void AddSerializedState(ISafeSerializationData serializedState)
-        {
-            if (serializedState == null)
-                throw new ArgumentNullException(nameof(serializedState));
-            if (!serializedState.GetType().IsSerializable)
-                throw new ArgumentException(Environment.GetResourceString("Serialization_NonSerType", serializedState.GetType(), serializedState.GetType().Assembly.FullName));
-
-            m_serializedStates.Add(serializedState);
-        }
-
-        public StreamingContext StreamingContext
-        {
-            get { return m_streamingContext; }
-        }
-    }
-
-    // Interface to be supported by objects which are stored in safe serialization stores
-    public interface ISafeSerializationData
-    {
-        // CompleteDeserialization is called when the object to which the extra serialized data was attached
-        // has completed its deserialization, and now needs to be populated with the extra data stored in
-        // this object.
-        void CompleteDeserialization(object deserialized);
-    }
-}