IList <Claim> InitializeClaimsCore()
{
List <Claim> claims = new List <Claim>();
byte[] thumbprint = this.certificate.GetCertHash();
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity));
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty));
// Ordering SubjectName, Dns, SimpleName, Email, Upn
string value = this.certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName));
}
claims.AddRange(GetDnsClaims(this.certificate));
value = this.certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateNameClaim(value));
}
value = this.certificate.GetNameInfo(X509NameType.EmailName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateMailAddressClaim(new MailAddress(value)));
}
value = this.certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUpnClaim(value));
}
value = this.certificate.GetNameInfo(X509NameType.UrlName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUriClaim(new Uri(value)));
}
RSA rsa;
if (LocalAppContextSwitches.DisableCngCertificates)
{
rsa = this.certificate.PublicKey.Key as RSA;
}
else
{
rsa = CngLightup.GetRSAPublicKey(this.certificate);
}
if (rsa != null)
{
claims.Add(Claim.CreateRsaClaim(rsa));
}
return(claims);
}
public static IEnumerable <Claim> GetClaimsFromCertificate(X509Certificate2 certificate, string issuer)
{
if (certificate == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate");
}
ICollection <Claim> claimsCollection = new Collection <Claim>();
string thumbprint = Convert.ToBase64String(certificate.GetCertHash());
claimsCollection.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, ClaimValueTypes.Base64Binary, issuer));
string value = certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
{
claimsCollection.Add(new Claim(ClaimTypes.X500DistinguishedName, value, ClaimValueTypes.String, issuer));
}
value = certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
{
claimsCollection.Add(new Claim(ClaimTypes.Dns, value, ClaimValueTypes.String, issuer));
}
value = certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
{
claimsCollection.Add(new Claim(ClaimTypes.Name, value, ClaimValueTypes.String, issuer));
}
value = certificate.GetNameInfo(X509NameType.EmailName, false);
if (!string.IsNullOrEmpty(value))
{
claimsCollection.Add(new Claim(ClaimTypes.Email, value, ClaimValueTypes.String, issuer));
}
value = certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
{
claimsCollection.Add(new Claim(ClaimTypes.Upn, value, ClaimValueTypes.String, issuer));
}
value = certificate.GetNameInfo(X509NameType.UrlName, false);
if (!string.IsNullOrEmpty(value))
{
claimsCollection.Add(new Claim(ClaimTypes.Uri, value, ClaimValueTypes.String, issuer));
}
RSA rsa;
if (LocalAppContextSwitches.DisableCngCertificates)
{
rsa = certificate.PublicKey.Key as RSA;
}
else
{
rsa = CngLightup.GetRSAPublicKey(certificate);
}
if (rsa != null)
{
claimsCollection.Add(new Claim(ClaimTypes.Rsa, rsa.ToXmlString(false), ClaimValueTypes.RsaKeyValue, issuer));
}
DSA dsa;
if (LocalAppContextSwitches.DisableCngCertificates)
{
dsa = certificate.PublicKey.Key as DSA;
}
else
{
dsa = CngLightup.GetDSAPublicKey(certificate);
}
if (dsa != null)
{
claimsCollection.Add(new Claim(ClaimTypes.Dsa, dsa.ToXmlString(false), ClaimValueTypes.DsaKeyValue, issuer));
}
value = certificate.SerialNumber;
if (!string.IsNullOrEmpty(value))
{
claimsCollection.Add(new Claim(ClaimTypes.SerialNumber, value, ClaimValueTypes.String, issuer));
}
return(claimsCollection);
}
public static RSA GetRSAPublicKey(this X509Certificate2 certificate)
{
return(CngLightup.GetRSAPublicKey(certificate));
}
