// Note: null string represents any.
public override IEnumerable <Claim> FindClaims(string claimType, string right)
{
ThrowIfDisposed();
if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
{
yield break;
}
else if (this.claims == null && (ClaimTypes.Sid == claimType || ClaimTypes.DenyOnlySid == claimType))
{
if (ClaimTypes.Sid == claimType)
{
if (right == null || Rights.Identity == right)
{
yield return(new Claim(ClaimTypes.Sid, this.windowsIdentity.User, Rights.Identity));
}
}
if (right == null || Rights.PossessProperty == right)
{
Claim sid;
if (TryCreateWindowsSidClaim(this.windowsIdentity, out sid))
{
if (claimType == sid.ClaimType)
{
yield return(sid);
}
}
}
if (this.includeWindowsGroups && (right == null || Rights.PossessProperty == right))
{
for (int i = 0; i < this.Groups.Count; ++i)
{
Claim sid = this.Groups[i];
if (claimType == sid.ClaimType)
{
yield return(sid);
}
}
}
}
else
{
EnsureClaims();
bool anyClaimType = (claimType == null);
bool anyRight = (right == null);
for (int i = 0; i < this.claims.Count; ++i)
{
Claim claim = this.claims[i];
if ((claim != null) &&
(anyClaimType || claimType == claim.ClaimType) &&
(anyRight || right == claim.Right))
{
yield return(claim);
}
}
}
}
// Note: null string represents any.
public override IEnumerable <Claim> FindClaims(string claimType, string right)
{
ThrowIfDisposed();
if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
{
yield break;
}
else if (_claims == null && (ClaimTypes.Sid == claimType || ClaimTypes.DenyOnlySid == claimType))
{
if (ClaimTypes.Sid == claimType)
{
if (right == null || Rights.Identity == right)
{
yield return(new Claim(ClaimTypes.Sid, _windowsIdentity.User, Rights.Identity));
}
}
if (right == null || Rights.PossessProperty == right)
{
Claim sid;
if (TryCreateWindowsSidClaim(_windowsIdentity, out sid))
{
if (claimType == sid.ClaimType)
{
yield return(sid);
}
}
}
if (_includeWindowsGroups && (right == null || Rights.PossessProperty == right))
{
// Not sure yet if GroupSidClaimCollections are necessary in .NET Core, but default
// _includeWindowsGroups is true; don't throw here or we bust the default case on UWP/.NET Core
}
}
else
{
EnsureClaims();
bool anyClaimType = (claimType == null);
bool anyRight = (right == null);
for (int i = 0; i < _claims.Count; ++i)
{
Claim claim = _claims[i];
if ((claim != null) &&
(anyClaimType || claimType == claim.ClaimType) &&
(anyRight || right == claim.Right))
{
yield return(claim);
}
}
}
}
// Note: null string represents any.
public override IEnumerable <Claim> FindClaims(string claimType, string right)
{
ThrowIfDisposed();
if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
{
yield break;
}
else if (_claims == null && ClaimTypes.Thumbprint.Equals(claimType))
{
if (right == null || Rights.Identity.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.Identity));
}
if (right == null || Rights.PossessProperty.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.PossessProperty));
}
}
else if (_claims == null && ClaimTypes.Dns.Equals(claimType))
{
if (right == null || Rights.PossessProperty.Equals(right))
{
// new behavior since this is the default long term behavior
string[] entries = GetDnsFromExtensions(_certificate);
for (int i = 0; i < entries.Length; ++i)
{
yield return(Claim.CreateDnsClaim(entries[i]));
}
}
}
else
{
EnsureClaims();
bool anyClaimType = (claimType == null);
bool anyRight = (right == null);
for (int i = 0; i < _claims.Count; ++i)
{
Claim claim = _claims[i];
if ((claim != null) &&
(anyClaimType || claimType.Equals(claim.ClaimType)) &&
(anyRight || right.Equals(claim.Right)))
{
yield return(claim);
}
}
}
}
// Note: null string represents any.
public override IEnumerable <Claim> FindClaims(string claimType, string right)
{
ThrowIfDisposed();
if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
{
yield break;
}
else if (_claims == null && ClaimTypes.Thumbprint.Equals(claimType))
{
if (right == null || Rights.Identity.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.Identity));
}
if (right == null || Rights.PossessProperty.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.PossessProperty));
}
}
else if (_claims == null && ClaimTypes.Dns.Equals(claimType))
{
if (right == null || Rights.PossessProperty.Equals(right))
{
// #321 - Desktop implmentation > 4.6 replaces this with a SAN check
string value = _certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
{
yield return(Claim.CreateDnsClaim(value));
}
}
}
else
{
EnsureClaims();
bool anyClaimType = (claimType == null);
bool anyRight = (right == null);
for (int i = 0; i < _claims.Count; ++i)
{
Claim claim = _claims[i];
if ((claim != null) &&
(anyClaimType || claimType.Equals(claim.ClaimType)) &&
(anyRight || right.Equals(claim.Right)))
{
yield return(claim);
}
}
}
}
// Note: null string represents any.
public override IEnumerable <Claim> FindClaims(string claimType, string right)
{
ThrowIfDisposed();
if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
{
yield break;
}
else if (this.claims == null && ClaimTypes.Thumbprint.Equals(claimType))
{
if (right == null || Rights.Identity.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.Identity));
}
if (right == null || Rights.PossessProperty.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.PossessProperty));
}
}
else if (this.claims == null && ClaimTypes.Dns.Equals(claimType))
{
if (right == null || Rights.PossessProperty.Equals(right))
{
foreach (var claim in GetDnsClaims(certificate))
{
yield return(claim);
}
}
}
else
{
EnsureClaims();
bool anyClaimType = (claimType == null);
bool anyRight = (right == null);
for (int i = 0; i < this.claims.Count; ++i)
{
Claim claim = this.claims[i];
if ((claim != null) &&
(anyClaimType || claimType.Equals(claim.ClaimType)) &&
(anyRight || right.Equals(claim.Right)))
{
yield return(claim);
}
}
}
}
public override IEnumerable <Claim> FindClaims(string claimType, string right)
{
this.ThrowIfDisposed();
if (SupportedClaimType(claimType) && ClaimSet.SupportedRight(right))
{
if ((this.claims != null) || !ClaimTypes.Thumbprint.Equals(claimType))
{
if ((this.claims == null) && ClaimTypes.Dns.Equals(claimType))
{
if ((right == null) || Rights.PossessProperty.Equals(right))
{
string nameInfo = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(nameInfo))
{
yield return(Claim.CreateDnsClaim(nameInfo));
}
}
}
else
{
this.EnsureClaims();
bool iteratorVariable1 = claimType == null;
bool iteratorVariable2 = right == null;
for (int i = 0; i < this.claims.Count; i++)
{
Claim iteratorVariable4 = this.claims[i];
if (((iteratorVariable4 != null) && (iteratorVariable1 || claimType.Equals(iteratorVariable4.ClaimType))) && (iteratorVariable2 || right.Equals(iteratorVariable4.Right)))
{
yield return(iteratorVariable4);
}
}
}
}
else
{
if ((right == null) || Rights.Identity.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.Identity));
}
if ((right == null) || Rights.PossessProperty.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.PossessProperty));
}
}
}
}
public override IEnumerable <Claim> FindClaims(string claimType, string right)
{
this.ThrowIfDisposed();
if (SupportedClaimType(claimType) && ClaimSet.SupportedRight(right))
{
if ((this.claims != null) || (!(ClaimTypes.Sid == claimType) && !(ClaimTypes.DenyOnlySid == claimType)))
{
this.EnsureClaims();
bool iteratorVariable3 = claimType == null;
bool iteratorVariable4 = right == null;
for (int i = 0; i < this.claims.Count; i++)
{
Claim iteratorVariable6 = this.claims[i];
if (((iteratorVariable6 != null) && (iteratorVariable3 || (claimType == iteratorVariable6.ClaimType))) && (iteratorVariable4 || (right == iteratorVariable6.Right)))
{
yield return(iteratorVariable6);
}
}
}
else
{
Claim iteratorVariable0;
if ((ClaimTypes.Sid == claimType) && ((right == null) || (Rights.Identity == right)))
{
yield return(new Claim(ClaimTypes.Sid, this.windowsIdentity.User, Rights.Identity));
}
if (((right == null) || (Rights.PossessProperty == right)) && (TryCreateWindowsSidClaim(this.windowsIdentity, out iteratorVariable0) && (claimType == iteratorVariable0.ClaimType)))
{
yield return(iteratorVariable0);
}
if (this.includeWindowsGroups && ((right == null) || (Rights.PossessProperty == right)))
{
for (int j = 0; j < this.Groups.Count; j++)
{
Claim iteratorVariable2 = this.Groups[j];
if (claimType == iteratorVariable2.ClaimType)
{
yield return(iteratorVariable2);
}
}
}
}
}
}
// Note: null string represents any.
public override IEnumerable <Claim> FindClaims(string claimType, string right)
{
ThrowIfDisposed();
if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
{
yield break;
}
else if (this.claims == null && ClaimTypes.Thumbprint.Equals(claimType))
{
if (right == null || Rights.Identity.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.Identity));
}
if (right == null || Rights.PossessProperty.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.PossessProperty));
}
}
else if (this.claims == null && ClaimTypes.Dns.Equals(claimType))
{
if (right == null || Rights.PossessProperty.Equals(right))
{
// App context switch for disabling support for multiple dns entries in a SAN certificate
if (LocalAppContextSwitches.DisableMultipleDNSEntriesInSANCertificate)
{
// old behavior, default for <= 4.6
string value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
{
yield return(Claim.CreateDnsClaim(value));
}
}
else
{
// new behavior since this is the default long term behavior
string[] entries = GetDnsFromExtensions(certificate);
for (int i = 0; i < entries.Length; ++i)
{
yield return(Claim.CreateDnsClaim(entries[i]));
}
}
}
}
else
{
EnsureClaims();
bool anyClaimType = (claimType == null);
bool anyRight = (right == null);
for (int i = 0; i < this.claims.Count; ++i)
{
Claim claim = this.claims[i];
if ((claim != null) &&
(anyClaimType || claimType.Equals(claim.ClaimType)) &&
(anyRight || right.Equals(claim.Right)))
{
yield return(claim);
}
}
}
}
// Note: null string represents any.
public override IEnumerable <Claim> FindClaims(string claimType, string right)
{
ThrowIfDisposed();
if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
{
yield break;
}
else if (_claims == null && ClaimTypes.Thumbprint.Equals(claimType))
{
if (right == null || Rights.Identity.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.Identity));
}
if (right == null || Rights.PossessProperty.Equals(right))
{
yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.PossessProperty));
}
}
else if (_claims == null && ClaimTypes.Dns.Equals(claimType))
{
if (right == null || Rights.PossessProperty.Equals(right))
{
// A SAN field can have multiple DNS names
string[] dnsEntries = GetDnsFromExtensions(_certificate);
if (dnsEntries.Length > 0)
{
for (int i = 0; i < dnsEntries.Length; ++i)
{
yield return(Claim.CreateDnsClaim(dnsEntries[i]));
}
}
else
{
// If no SANs found in certificate, fall back to looking at the CN
string value = _certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
{
yield return(Claim.CreateDnsClaim(value));
}
}
}
}
else
{
EnsureClaims();
bool anyClaimType = (claimType == null);
bool anyRight = (right == null);
for (int i = 0; i < _claims.Count; ++i)
{
Claim claim = _claims[i];
if ((claim != null) &&
(anyClaimType || claimType.Equals(claim.ClaimType)) &&
(anyRight || right.Equals(claim.Right)))
{
yield return(claim);
}
}
}
}
