/// <summary> /// parse string into claim union /// </summary> /// <param name="type">claim value type</param> /// <param name="unobjected_values">the string</param> /// <returns>union</returns> public static object[] ConvertStringToEntryUnion(CLAIM_TYPE type, string unobjected_values) { string[] unparsed = unobjected_values.Split(new string[] { spliter }, StringSplitOptions.RemoveEmptyEntries); object[] values = new object[unparsed.Length]; for (int i = 0; i < values.Length; i++) { switch (type) { case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN: values[i] = bool.Parse(unparsed[i]); break; case CLAIM_TYPE.CLAIM_TYPE_INT64: values[i] = long.Parse(unparsed[i]); break; case CLAIM_TYPE.CLAIM_TYPE_STRING: values[i] = unparsed[i]; break; case CLAIM_TYPE.CLAIM_TYPE_UINT64: values[i] = ulong.Parse(unparsed[i]); break; } } return(values); }
/// <summary> /// convert unions into a string /// </summary> /// <param name="type">claim value type</param> /// <param name="values">the union</param> /// <returns>result string</returns> public static string ConvertEntryUniontoString(CLAIM_TYPE type, CLAIM_ENTRY_VALUE_UNION values) { string ret = ""; switch (type) { case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN: for (int i = 0; i < values.Struct4.BooleanValues.Length; i++) { ret += values.Struct4.BooleanValues[i].ToString(); ret += spliter; } break; case CLAIM_TYPE.CLAIM_TYPE_INT64: for (int i = 0; i < values.Struct1.Int64Values.Length; i++) { ret += values.Struct1.Int64Values[i].ToString(); ret += spliter; } break; case CLAIM_TYPE.CLAIM_TYPE_UINT64: for (int i = 0; i < values.Struct2.Uint64Values.Length; i++) { ret += values.Struct2.Uint64Values[i].ToString(); ret += spliter; } break; case CLAIM_TYPE.CLAIM_TYPE_STRING: for (int i = 0; i < values.Struct3.StringValues.Length; i++) { ret += values.Struct3.StringValues[i].ToString(); ret += spliter; } break; } return(ret); }
/// <summary> /// Find same claim record from internal database /// </summary> /// <param name="principalDN">Distinguished Name of principal</param> /// <param name="principalClass">principal type</param> /// <param name="sourceType">claim source type, AD or certificate</param> /// <param name="claimID">ID of claim</param> /// <param name="valueType">claim value type</param> /// <param name="unobjected_values">values parsed into string and split with |ClaimUtilitySpliter|</param> /// <returns>true if found matched</returns> public static bool FoundMatchedClaim(string principalDN, ClaimsPrincipalClass principalClass, CLAIMS_SOURCE_TYPE sourceType, string claimID, CLAIM_TYPE valueType, string unobjected_values) { #region parse values from the string object[] values = ClaimUtility.ConvertStringToEntryUnion(valueType, unobjected_values); #endregion #region find same claim record for (int i = 0; i < sourceClaims.Length; i++) { if (sourceClaims[i].usClaimsSourceType == (short)sourceType) { for (int j = 0; j < sourceClaims[i].ClaimEntries.Length; j++) { CLAIM_ENTRY entry = sourceClaims[i].ClaimEntries[j]; if (entry.Id == claimID && entry.Type == valueType) { //found claim with same ID and value type, need to check values switch (valueType) { case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN: { if (entry.Values.Struct4.BooleanValues.Length != values.Length) return false; for (int k = 0; k < entry.Values.Struct4.BooleanValues.Length; k++) { if ((bool)values[k] != entry.Values.Struct4.BooleanValues[k]) return false; } return true; } case CLAIM_TYPE.CLAIM_TYPE_INT64: { if (entry.Values.Struct1.Int64Values.Length != values.Length) return false; for (int k = 0; k < entry.Values.Struct1.Int64Values.Length; k++) { if ((int)values[k] != entry.Values.Struct1.Int64Values[k]) return false; } return true; } case CLAIM_TYPE.CLAIM_TYPE_STRING: { if (entry.Values.Struct3.StringValues.Length != values.Length) return false; for (int k = 0; k < entry.Values.Struct3.StringValues.Length; k++) { if ((string)values[k] != entry.Values.Struct3.StringValues[k]) return false; } return true; } case CLAIM_TYPE.CLAIM_TYPE_UINT64: { if (entry.Values.Struct2.Uint64Values.Length != values.Length) return false; for (int k = 0; k < entry.Values.Struct2.Uint64Values.Length; k++) { if ((uint)values[k] != entry.Values.Struct2.Uint64Values[k]) return false; } return true; } } } } } } #endregion return false; }
/// <summary> /// parse string into claim union /// </summary> /// <param name="type">claim value type</param> /// <param name="unobjected_values">the string</param> /// <returns>union</returns> public static object[] ConvertStringToEntryUnion(CLAIM_TYPE type, string unobjected_values) { string[] unparsed = unobjected_values.Split(new string[] { spliter }, StringSplitOptions.RemoveEmptyEntries); object[] values = new object[unparsed.Length]; for (int i = 0; i < values.Length; i++) { switch (type) { case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN: values[i] = bool.Parse(unparsed[i]); break; case CLAIM_TYPE.CLAIM_TYPE_INT64: values[i] = long.Parse(unparsed[i]); break; case CLAIM_TYPE.CLAIM_TYPE_STRING: values[i] = unparsed[i]; break; case CLAIM_TYPE.CLAIM_TYPE_UINT64: values[i] = ulong.Parse(unparsed[i]); break; } } return values; }
/// <summary> /// convert unions into a string /// </summary> /// <param name="type">claim value type</param> /// <param name="values">the union</param> /// <returns>result string</returns> public static string ConvertEntryUniontoString(CLAIM_TYPE type, CLAIM_ENTRY_VALUE_UNION values) { string ret = ""; switch (type) { case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN: for (int i = 0; i < values.Struct4.BooleanValues.Length; i++) { ret += values.Struct4.BooleanValues[i].ToString(); ret += spliter; } break; case CLAIM_TYPE.CLAIM_TYPE_INT64: for (int i = 0; i < values.Struct1.Int64Values.Length; i++) { ret += values.Struct1.Int64Values[i].ToString(); ret += spliter; } break; case CLAIM_TYPE.CLAIM_TYPE_UINT64: for (int i = 0; i < values.Struct2.Uint64Values.Length; i++) { ret += values.Struct2.Uint64Values[i].ToString(); ret += spliter; } break; case CLAIM_TYPE.CLAIM_TYPE_STRING: for (int i = 0; i < values.Struct3.StringValues.Length; i++) { ret += values.Struct3.StringValues[i].ToString(); ret += spliter; } break; } return ret; }
/// <summary> /// validate claim definition /// </summary> /// <param name="root">claim to validate</param> /// <returns>true if it's OK</returns> bool validateClaimDefinition(DirectoryEntry claim) { CLAIM_TYPE valueType = getClaimValueType(claim.Properties[ConstValue.distinguishedname].Value.ToString(), DomainController); PropertyValueCollection sType = claim.Properties[ConstValue.msDSClaimSourceType]; if (sType == null || sType.Value == null) { return(false); } switch ((ClaimsSourceType)Enum.Parse(typeof(ClaimsSourceType), sType.Value.ToString(), true)) { case ClaimsSourceType.AD: { #region ad sourced claim PropertyValueCollection attrSrc = claim.Properties[ConstValue.msDSClaimAttributeSource]; if (attrSrc == null || attrSrc.Value == null) { return(false); } string srcDN = attrSrc.Value.ToString(); using (DirectoryEntry srcEntry = new DirectoryEntry("LDAP://" + srcDN)) { int syntax = (int)srcEntry.Properties["oMSyntax"].Value; bool syntaxPassed = false; switch (syntax) { case 127: if (valueType == CLAIM_TYPE.CLAIM_TYPE_STRING) { syntaxPassed = true; } break; case 6: if (valueType == CLAIM_TYPE.CLAIM_TYPE_UINT64) { syntaxPassed = true; } break; case 1: if (valueType == CLAIM_TYPE.CLAIM_TYPE_BOOLEAN) { syntaxPassed = true; } break; case 2: if (valueType == CLAIM_TYPE.CLAIM_TYPE_INT64) { syntaxPassed = true; } break; case 10: if (valueType == CLAIM_TYPE.CLAIM_TYPE_INT64) { syntaxPassed = true; } break; case 64: if (valueType == CLAIM_TYPE.CLAIM_TYPE_STRING) { syntaxPassed = true; } break; case 66: if (valueType == CLAIM_TYPE.CLAIM_TYPE_STRING) { syntaxPassed = true; } break; case 65: if (valueType == CLAIM_TYPE.CLAIM_TYPE_INT64) { syntaxPassed = true; } break; default: break; } if (syntaxPassed) { return(true); } #endregion } break; } case ClaimsSourceType.Certificate: { #region certificate sourced claim PropertyValueCollection attrSrc = claim.Properties[ConstValue.msDSClaimAttributeSource]; PropertyValueCollection source = claim.Properties[ConstValue.msDsClaimSource]; if ((valueType == CLAIM_TYPE.CLAIM_TYPE_BOOLEAN) && ((attrSrc == null) || (attrSrc.Value == null)) && (source != null) && (source.Value != null)) { return(true); } #endregion } break; case ClaimsSourceType.TransformPolicy: { #region transform policy PropertyValueCollection attrSrc = claim.Properties[ConstValue.msDSClaimAttributeSource]; PropertyValueCollection source = claim.Properties[ConstValue.msDsClaimSource]; if (((attrSrc == null) || (attrSrc.Value == null)) && ((source == null) || (source.Value == null))) { return(true); } #endregion } break; case ClaimsSourceType.Constructed: { #region Constructed //Constructed claims are generated dynamically according to a claim-specific algorithm PropertyValueCollection attrSrc = claim.Properties[ConstValue.msDSClaimAttributeSource]; PropertyValueCollection source = claim.Properties[ConstValue.msDsClaimSource]; if (((attrSrc == null) || (attrSrc.Value == null)) && ((source == null) || (source.Value == null))) { return(true); } #endregion } break; default: return(false); } return(false); }
/// <summary> /// Find same claim record from internal database /// </summary> /// <param name="principalDN">Distinguished Name of principal</param> /// <param name="principalClass">principal type</param> /// <param name="sourceType">claim source type, AD or certificate</param> /// <param name="claimID">ID of claim</param> /// <param name="valueType">claim value type</param> /// <param name="unobjected_values">values parsed into string and split with |ClaimUtilitySpliter|</param> /// <returns>true if found matched</returns> public static bool FoundMatchedClaim(string principalDN, ClaimsPrincipalClass principalClass, CLAIMS_SOURCE_TYPE sourceType, string claimID, CLAIM_TYPE valueType, string unobjected_values) { #region parse values from the string object[] values = ClaimUtility.ConvertStringToEntryUnion(valueType, unobjected_values); #endregion #region find same claim record for (int i = 0; i < sourceClaims.Length; i++) { if (sourceClaims[i].usClaimsSourceType == (short)sourceType) { for (int j = 0; j < sourceClaims[i].ClaimEntries.Length; j++) { CLAIM_ENTRY entry = sourceClaims[i].ClaimEntries[j]; if (entry.Id == claimID && entry.Type == valueType) { //found claim with same ID and value type, need to check values switch (valueType) { case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN: { if (entry.Values.Struct4.BooleanValues.Length != values.Length) { return(false); } for (int k = 0; k < entry.Values.Struct4.BooleanValues.Length; k++) { if ((bool)values[k] != entry.Values.Struct4.BooleanValues[k]) { return(false); } } return(true); } case CLAIM_TYPE.CLAIM_TYPE_INT64: { if (entry.Values.Struct1.Int64Values.Length != values.Length) { return(false); } for (int k = 0; k < entry.Values.Struct1.Int64Values.Length; k++) { if ((int)values[k] != entry.Values.Struct1.Int64Values[k]) { return(false); } } return(true); } case CLAIM_TYPE.CLAIM_TYPE_STRING: { if (entry.Values.Struct3.StringValues.Length != values.Length) { return(false); } for (int k = 0; k < entry.Values.Struct3.StringValues.Length; k++) { if ((string)values[k] != entry.Values.Struct3.StringValues[k]) { return(false); } } return(true); } case CLAIM_TYPE.CLAIM_TYPE_UINT64: { if (entry.Values.Struct2.Uint64Values.Length != values.Length) { return(false); } for (int k = 0; k < entry.Values.Struct2.Uint64Values.Length; k++) { if ((uint)values[k] != entry.Values.Struct2.Uint64Values[k]) { return(false); } } return(true); } } } } } } #endregion return(false); }