/// <summary>
/// parse string into claim union
/// </summary>
/// <param name="type">claim value type</param>
/// <param name="unobjected_values">the string</param>
/// <returns>union</returns>
public static object[] ConvertStringToEntryUnion(CLAIM_TYPE type, string unobjected_values)
{
string[] unparsed = unobjected_values.Split(new string[] { spliter }, StringSplitOptions.RemoveEmptyEntries);
object[] values = new object[unparsed.Length];
for (int i = 0; i < values.Length; i++)
{
switch (type)
{
case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN:
values[i] = bool.Parse(unparsed[i]);
break;
case CLAIM_TYPE.CLAIM_TYPE_INT64:
values[i] = long.Parse(unparsed[i]);
break;
case CLAIM_TYPE.CLAIM_TYPE_STRING:
values[i] = unparsed[i];
break;
case CLAIM_TYPE.CLAIM_TYPE_UINT64:
values[i] = ulong.Parse(unparsed[i]);
break;
}
}
return(values);
}
/// <summary>
/// convert unions into a string
/// </summary>
/// <param name="type">claim value type</param>
/// <param name="values">the union</param>
/// <returns>result string</returns>
public static string ConvertEntryUniontoString(CLAIM_TYPE type, CLAIM_ENTRY_VALUE_UNION values)
{
string ret = "";
switch (type)
{
case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN:
for (int i = 0; i < values.Struct4.BooleanValues.Length; i++)
{
ret += values.Struct4.BooleanValues[i].ToString();
ret += spliter;
}
break;
case CLAIM_TYPE.CLAIM_TYPE_INT64:
for (int i = 0; i < values.Struct1.Int64Values.Length; i++)
{
ret += values.Struct1.Int64Values[i].ToString();
ret += spliter;
}
break;
case CLAIM_TYPE.CLAIM_TYPE_UINT64:
for (int i = 0; i < values.Struct2.Uint64Values.Length; i++)
{
ret += values.Struct2.Uint64Values[i].ToString();
ret += spliter;
}
break;
case CLAIM_TYPE.CLAIM_TYPE_STRING:
for (int i = 0; i < values.Struct3.StringValues.Length; i++)
{
ret += values.Struct3.StringValues[i].ToString();
ret += spliter;
}
break;
}
return(ret);
}
/// <summary>
/// Find same claim record from internal database
/// </summary>
/// <param name="principalDN">Distinguished Name of principal</param>
/// <param name="principalClass">principal type</param>
/// <param name="sourceType">claim source type, AD or certificate</param>
/// <param name="claimID">ID of claim</param>
/// <param name="valueType">claim value type</param>
/// <param name="unobjected_values">values parsed into string and split with |ClaimUtilitySpliter|</param>
/// <returns>true if found matched</returns>
public static bool FoundMatchedClaim(string principalDN, ClaimsPrincipalClass principalClass, CLAIMS_SOURCE_TYPE sourceType, string claimID, CLAIM_TYPE valueType, string unobjected_values)
{
#region parse values from the string
object[] values = ClaimUtility.ConvertStringToEntryUnion(valueType, unobjected_values);
#endregion
#region find same claim record
for (int i = 0; i < sourceClaims.Length; i++)
{
if (sourceClaims[i].usClaimsSourceType == (short)sourceType)
{
for (int j = 0; j < sourceClaims[i].ClaimEntries.Length; j++)
{
CLAIM_ENTRY entry = sourceClaims[i].ClaimEntries[j];
if (entry.Id == claimID && entry.Type == valueType)
{
//found claim with same ID and value type, need to check values
switch (valueType)
{
case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN:
{
if (entry.Values.Struct4.BooleanValues.Length != values.Length)
return false;
for (int k = 0; k < entry.Values.Struct4.BooleanValues.Length; k++)
{
if ((bool)values[k] != entry.Values.Struct4.BooleanValues[k])
return false;
}
return true;
}
case CLAIM_TYPE.CLAIM_TYPE_INT64:
{
if (entry.Values.Struct1.Int64Values.Length != values.Length)
return false;
for (int k = 0; k < entry.Values.Struct1.Int64Values.Length; k++)
{
if ((int)values[k] != entry.Values.Struct1.Int64Values[k])
return false;
}
return true;
}
case CLAIM_TYPE.CLAIM_TYPE_STRING:
{
if (entry.Values.Struct3.StringValues.Length != values.Length)
return false;
for (int k = 0; k < entry.Values.Struct3.StringValues.Length; k++)
{
if ((string)values[k] != entry.Values.Struct3.StringValues[k])
return false;
}
return true;
}
case CLAIM_TYPE.CLAIM_TYPE_UINT64:
{
if (entry.Values.Struct2.Uint64Values.Length != values.Length)
return false;
for (int k = 0; k < entry.Values.Struct2.Uint64Values.Length; k++)
{
if ((uint)values[k] != entry.Values.Struct2.Uint64Values[k])
return false;
}
return true;
}
}
}
}
}
}
#endregion
return false;
}
/// <summary>
/// parse string into claim union
/// </summary>
/// <param name="type">claim value type</param>
/// <param name="unobjected_values">the string</param>
/// <returns>union</returns>
public static object[] ConvertStringToEntryUnion(CLAIM_TYPE type, string unobjected_values)
{
string[] unparsed = unobjected_values.Split(new string[] { spliter }, StringSplitOptions.RemoveEmptyEntries);
object[] values = new object[unparsed.Length];
for (int i = 0; i < values.Length; i++)
{
switch (type)
{
case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN:
values[i] = bool.Parse(unparsed[i]);
break;
case CLAIM_TYPE.CLAIM_TYPE_INT64:
values[i] = long.Parse(unparsed[i]);
break;
case CLAIM_TYPE.CLAIM_TYPE_STRING:
values[i] = unparsed[i];
break;
case CLAIM_TYPE.CLAIM_TYPE_UINT64:
values[i] = ulong.Parse(unparsed[i]);
break;
}
}
return values;
}
/// <summary>
/// convert unions into a string
/// </summary>
/// <param name="type">claim value type</param>
/// <param name="values">the union</param>
/// <returns>result string</returns>
public static string ConvertEntryUniontoString(CLAIM_TYPE type, CLAIM_ENTRY_VALUE_UNION values)
{
string ret = "";
switch (type)
{
case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN:
for (int i = 0; i < values.Struct4.BooleanValues.Length; i++)
{
ret += values.Struct4.BooleanValues[i].ToString();
ret += spliter;
}
break;
case CLAIM_TYPE.CLAIM_TYPE_INT64:
for (int i = 0; i < values.Struct1.Int64Values.Length; i++)
{
ret += values.Struct1.Int64Values[i].ToString();
ret += spliter;
}
break;
case CLAIM_TYPE.CLAIM_TYPE_UINT64:
for (int i = 0; i < values.Struct2.Uint64Values.Length; i++)
{
ret += values.Struct2.Uint64Values[i].ToString();
ret += spliter;
}
break;
case CLAIM_TYPE.CLAIM_TYPE_STRING:
for (int i = 0; i < values.Struct3.StringValues.Length; i++)
{
ret += values.Struct3.StringValues[i].ToString();
ret += spliter;
}
break;
}
return ret;
}
/// <summary>
/// validate claim definition
/// </summary>
/// <param name="root">claim to validate</param>
/// <returns>true if it's OK</returns>
bool validateClaimDefinition(DirectoryEntry claim)
{
CLAIM_TYPE valueType = getClaimValueType(claim.Properties[ConstValue.distinguishedname].Value.ToString(), DomainController);
PropertyValueCollection sType = claim.Properties[ConstValue.msDSClaimSourceType];
if (sType == null || sType.Value == null)
{
return(false);
}
switch ((ClaimsSourceType)Enum.Parse(typeof(ClaimsSourceType), sType.Value.ToString(), true))
{
case ClaimsSourceType.AD:
{
#region ad sourced claim
PropertyValueCollection attrSrc = claim.Properties[ConstValue.msDSClaimAttributeSource];
if (attrSrc == null || attrSrc.Value == null)
{
return(false);
}
string srcDN = attrSrc.Value.ToString();
using (DirectoryEntry srcEntry = new DirectoryEntry("LDAP://" + srcDN))
{
int syntax = (int)srcEntry.Properties["oMSyntax"].Value;
bool syntaxPassed = false;
switch (syntax)
{
case 127:
if (valueType == CLAIM_TYPE.CLAIM_TYPE_STRING)
{
syntaxPassed = true;
}
break;
case 6:
if (valueType == CLAIM_TYPE.CLAIM_TYPE_UINT64)
{
syntaxPassed = true;
}
break;
case 1:
if (valueType == CLAIM_TYPE.CLAIM_TYPE_BOOLEAN)
{
syntaxPassed = true;
}
break;
case 2:
if (valueType == CLAIM_TYPE.CLAIM_TYPE_INT64)
{
syntaxPassed = true;
}
break;
case 10:
if (valueType == CLAIM_TYPE.CLAIM_TYPE_INT64)
{
syntaxPassed = true;
}
break;
case 64:
if (valueType == CLAIM_TYPE.CLAIM_TYPE_STRING)
{
syntaxPassed = true;
}
break;
case 66:
if (valueType == CLAIM_TYPE.CLAIM_TYPE_STRING)
{
syntaxPassed = true;
}
break;
case 65:
if (valueType == CLAIM_TYPE.CLAIM_TYPE_INT64)
{
syntaxPassed = true;
}
break;
default:
break;
}
if (syntaxPassed)
{
return(true);
}
#endregion
}
break;
}
case ClaimsSourceType.Certificate:
{
#region certificate sourced claim
PropertyValueCollection attrSrc = claim.Properties[ConstValue.msDSClaimAttributeSource];
PropertyValueCollection source = claim.Properties[ConstValue.msDsClaimSource];
if ((valueType == CLAIM_TYPE.CLAIM_TYPE_BOOLEAN) && ((attrSrc == null) || (attrSrc.Value == null)) &&
(source != null) && (source.Value != null))
{
return(true);
}
#endregion
}
break;
case ClaimsSourceType.TransformPolicy:
{
#region transform policy
PropertyValueCollection attrSrc = claim.Properties[ConstValue.msDSClaimAttributeSource];
PropertyValueCollection source = claim.Properties[ConstValue.msDsClaimSource];
if (((attrSrc == null) || (attrSrc.Value == null)) &&
((source == null) || (source.Value == null)))
{
return(true);
}
#endregion
}
break;
case ClaimsSourceType.Constructed:
{
#region Constructed
//Constructed claims are generated dynamically according to a claim-specific algorithm
PropertyValueCollection attrSrc = claim.Properties[ConstValue.msDSClaimAttributeSource];
PropertyValueCollection source = claim.Properties[ConstValue.msDsClaimSource];
if (((attrSrc == null) || (attrSrc.Value == null)) &&
((source == null) || (source.Value == null)))
{
return(true);
}
#endregion
}
break;
default:
return(false);
}
return(false);
}
/// <summary>
/// Find same claim record from internal database
/// </summary>
/// <param name="principalDN">Distinguished Name of principal</param>
/// <param name="principalClass">principal type</param>
/// <param name="sourceType">claim source type, AD or certificate</param>
/// <param name="claimID">ID of claim</param>
/// <param name="valueType">claim value type</param>
/// <param name="unobjected_values">values parsed into string and split with |ClaimUtilitySpliter|</param>
/// <returns>true if found matched</returns>
public static bool FoundMatchedClaim(string principalDN, ClaimsPrincipalClass principalClass, CLAIMS_SOURCE_TYPE sourceType, string claimID, CLAIM_TYPE valueType, string unobjected_values)
{
#region parse values from the string
object[] values = ClaimUtility.ConvertStringToEntryUnion(valueType, unobjected_values);
#endregion
#region find same claim record
for (int i = 0; i < sourceClaims.Length; i++)
{
if (sourceClaims[i].usClaimsSourceType == (short)sourceType)
{
for (int j = 0; j < sourceClaims[i].ClaimEntries.Length; j++)
{
CLAIM_ENTRY entry = sourceClaims[i].ClaimEntries[j];
if (entry.Id == claimID && entry.Type == valueType)
{
//found claim with same ID and value type, need to check values
switch (valueType)
{
case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN:
{
if (entry.Values.Struct4.BooleanValues.Length != values.Length)
{
return(false);
}
for (int k = 0; k < entry.Values.Struct4.BooleanValues.Length; k++)
{
if ((bool)values[k] != entry.Values.Struct4.BooleanValues[k])
{
return(false);
}
}
return(true);
}
case CLAIM_TYPE.CLAIM_TYPE_INT64:
{
if (entry.Values.Struct1.Int64Values.Length != values.Length)
{
return(false);
}
for (int k = 0; k < entry.Values.Struct1.Int64Values.Length; k++)
{
if ((int)values[k] != entry.Values.Struct1.Int64Values[k])
{
return(false);
}
}
return(true);
}
case CLAIM_TYPE.CLAIM_TYPE_STRING:
{
if (entry.Values.Struct3.StringValues.Length != values.Length)
{
return(false);
}
for (int k = 0; k < entry.Values.Struct3.StringValues.Length; k++)
{
if ((string)values[k] != entry.Values.Struct3.StringValues[k])
{
return(false);
}
}
return(true);
}
case CLAIM_TYPE.CLAIM_TYPE_UINT64:
{
if (entry.Values.Struct2.Uint64Values.Length != values.Length)
{
return(false);
}
for (int k = 0; k < entry.Values.Struct2.Uint64Values.Length; k++)
{
if ((uint)values[k] != entry.Values.Struct2.Uint64Values[k])
{
return(false);
}
}
return(true);
}
}
}
}
}
}
#endregion
return(false);
}
