public bool CanViewPrivateKey(ICertificatePasswordEntity certificate, ClaimsPrincipal user)
        {
            if (certificate == null || certificate.Acl == null)
            {
                return(false);
            }

            if (user.GetUserId() == LocalIdentityProviderLogic.SystemUid)
            {
                return(true);
            }

            if (user == null)
            {
                return(false);
            }

            if (!certificate.Acl.Any())
            {
                return(false);
            }


            bool isAuthorized = false;

            var roles = user.Claims.Where(claim => claim.Type == WellKnownClaim.Role);

            var upn = user.Claims.Where(claim => claim.Type == WellKnownClaim.Name).FirstOrDefault();

            var uid = user.Claims.Where(claim => claim.Type == WellKnownClaim.Uid).FirstOrDefault();

            foreach (AccessControlEntry ace in certificate.Acl)
            {
                //If the ACE is expired, just ignore the ace
                if (ace.Expires < DateTime.Now)
                {
                    continue;
                }

                if (ace.IdentityType == IdentityType.Role)
                {
                    foreach (var role in roles)
                    {
                        if (role.Value == ace.Identity & ace.AceType == AceType.Deny)
                        {
                            return(false);
                        }
                        else if (role.Value == ace.Identity & ace.AceType == AceType.Allow)
                        {
                            isAuthorized = true;
                        }
                    }
                }



                if (ace.IdentityType == IdentityType.User)
                {
                    if (ace.Identity == uid.Value & ace.AceType == AceType.Deny)
                    {
                        return(false);
                    }
                    else if (ace.Identity == uid.Value & ace.AceType == AceType.Allow)
                    {
                        isAuthorized = true;
                    }
                }
            }



            return(isAuthorized);
        }
 public bool CanViewPrivateKey(ICertificatePasswordEntity certificate, ClaimsPrincipal user)
 {
     return(true);
 }