private IList <Claim> InitializeClaimsCore()
{
List <Claim> claims = new List <Claim>();
byte[] thumbprint = _certificate.GetCertHash();
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity));
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty));
// Ordering SubjectName, Dns, SimpleName, Email, Upn
string value = _certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateX500DistinguishedNameClaim(_certificate.SubjectName));
}
// A SAN field can have multiple DNS names
string[] dnsEntries = GetDnsFromExtensions(_certificate);
if (dnsEntries.Length > 0)
{
for (int i = 0; i < dnsEntries.Length; ++i)
{
claims.Add(Claim.CreateDnsClaim(dnsEntries[i]));
}
}
else
{
// If no SANs found in certificate, fall back to looking for the CN
value = _certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateDnsClaim(value));
}
}
value = _certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateNameClaim(value));
}
value = _certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUpnClaim(value));
}
value = _certificate.GetNameInfo(X509NameType.UrlName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUriClaim(new Uri(value)));
}
//RSA rsa = _certificate.PublicKey.Key as RSA;
//if (rsa != null)
// claims.Add(Claim.CreateRsaClaim(rsa));
return(claims);
}
IList <Claim> InitializeClaimsCore()
{
List <Claim> claims = new List <Claim>();
byte[] thumbprint = this.certificate.GetCertHash();
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity));
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty));
// Ordering SubjectName, Dns, SimpleName, Email, Upn
string value = this.certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName));
}
claims.AddRange(GetDnsClaims(this.certificate));
value = this.certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateNameClaim(value));
}
value = this.certificate.GetNameInfo(X509NameType.EmailName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateMailAddressClaim(new MailAddress(value)));
}
value = this.certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUpnClaim(value));
}
value = this.certificate.GetNameInfo(X509NameType.UrlName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUriClaim(new Uri(value)));
}
RSA rsa;
if (LocalAppContextSwitches.DisableCngCertificates)
{
rsa = this.certificate.PublicKey.Key as RSA;
}
else
{
rsa = CngLightup.GetRSAPublicKey(this.certificate);
}
if (rsa != null)
{
claims.Add(Claim.CreateRsaClaim(rsa));
}
return(claims);
}
IList <Claim> InitializeClaimsCore()
{
List <Claim> claims = new List <Claim>();
byte[] thumbprint = _certificate.GetCertHash();
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity));
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty));
// Ordering SubjectName, Dns, SimpleName, Email, Upn
string value = _certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateX500DistinguishedNameClaim(_certificate.SubjectName));
}
// new behavior as this is the default long term behavior
// Since a SAN can have multiple DNS entries
string[] entries = GetDnsFromExtensions(_certificate);
for (int i = 0; i < entries.Length; ++i)
{
claims.Add(Claim.CreateDnsClaim(entries[i]));
}
value = _certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateNameClaim(value));
}
value = _certificate.GetNameInfo(X509NameType.EmailName, false);
if (!string.IsNullOrEmpty(value))
{
throw ExceptionHelper.PlatformNotSupported("InitializeClaimsCore - EmailName");
}
value = _certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUpnClaim(value));
}
value = _certificate.GetNameInfo(X509NameType.UrlName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUriClaim(new Uri(value)));
}
//RSA rsa = _certificate.PublicKey.Key as RSA;
//if (rsa != null)
// claims.Add(Claim.CreateRsaClaim(rsa));
return(claims);
}
IList <Claim> InitializeClaimsCore()
{
List <Claim> claims = new List <Claim>();
byte[] thumbprint = _certificate.GetCertHash();
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity));
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty));
// Ordering SubjectName, Dns, SimpleName, Email, Upn
string value = _certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateX500DistinguishedNameClaim(_certificate.SubjectName));
}
// #321 - Desktop implmentation > 4.6 replaces this with a SAN check
value = _certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateDnsClaim(value));
}
value = _certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateNameClaim(value));
}
value = _certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
#if FEATURE_CORECLR
{ claims.Add(Claim.CreateUpnClaim(value)); }
#else
{ throw ExceptionHelper.PlatformNotSupported(); }
#endif
value = _certificate.GetNameInfo(X509NameType.UrlName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUriClaim(new Uri(value)));
}
//RSA rsa = _certificate.PublicKey.Key as RSA;
//if (rsa != null)
// claims.Add(Claim.CreateRsaClaim(rsa));
return(claims);
}
private IList <Claim> InitializeClaimsCore()
{
List <Claim> list = new List <Claim>();
byte[] certHash = this.certificate.GetCertHash();
list.Add(new Claim(ClaimTypes.Thumbprint, certHash, Rights.Identity));
list.Add(new Claim(ClaimTypes.Thumbprint, certHash, Rights.PossessProperty));
if (!string.IsNullOrEmpty(this.certificate.SubjectName.Name))
{
list.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName));
}
string nameInfo = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(nameInfo))
{
list.Add(Claim.CreateDnsClaim(nameInfo));
}
nameInfo = this.certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(nameInfo))
{
list.Add(Claim.CreateNameClaim(nameInfo));
}
nameInfo = this.certificate.GetNameInfo(X509NameType.EmailName, false);
if (!string.IsNullOrEmpty(nameInfo))
{
list.Add(Claim.CreateMailAddressClaim(new MailAddress(nameInfo)));
}
nameInfo = this.certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(nameInfo))
{
list.Add(Claim.CreateUpnClaim(nameInfo));
}
nameInfo = this.certificate.GetNameInfo(X509NameType.UrlName, false);
if (!string.IsNullOrEmpty(nameInfo))
{
list.Add(Claim.CreateUriClaim(new Uri(nameInfo)));
}
RSA key = this.certificate.PublicKey.Key as RSA;
if (key != null)
{
list.Add(Claim.CreateRsaClaim(key));
}
return(list);
}
IList <Claim> InitializeClaimsCore()
{
List <Claim> claims = new List <Claim>();
byte[] thumbprint = this.certificate.GetCertHash();
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity));
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty));
// Ordering SubjectName, Dns, SimpleName, Email, Upn
string value = this.certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName));
}
// App context switch for disabling support for multiple dns entries in a SAN certificate
if (LocalAppContextSwitches.DisableMultipleDNSEntriesInSANCertificate)
{
// old behavior, default for <= 4.6
value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateDnsClaim(value));
}
}
else
{
// new behavior as this is the default long term behavior
// Since a SAN can have multiple DNS entries
string[] entries = GetDnsFromExtensions(this.certificate);
for (int i = 0; i < entries.Length; ++i)
{
claims.Add(Claim.CreateDnsClaim(entries[i]));
}
}
value = this.certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateNameClaim(value));
}
value = this.certificate.GetNameInfo(X509NameType.EmailName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateMailAddressClaim(new MailAddress(value)));
}
value = this.certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUpnClaim(value));
}
value = this.certificate.GetNameInfo(X509NameType.UrlName, false);
if (!string.IsNullOrEmpty(value))
{
claims.Add(Claim.CreateUriClaim(new Uri(value)));
}
RSA rsa = this.certificate.PublicKey.Key as RSA;
if (rsa != null)
{
claims.Add(Claim.CreateRsaClaim(rsa));
}
return(claims);
}
