IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = _certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = _certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(_certificate.SubjectName)); } // new behavior as this is the default long term behavior // Since a SAN can have multiple DNS entries string[] entries = GetDnsFromExtensions(_certificate); for (int i = 0; i < entries.Length; ++i) { claims.Add(Claim.CreateDnsClaim(entries[i])); } value = _certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = _certificate.GetNameInfo(X509NameType.EmailName, false); if (!string.IsNullOrEmpty(value)) { throw ExceptionHelper.PlatformNotSupported("InitializeClaimsCore - EmailName"); } value = _certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUpnClaim(value)); } value = _certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } //RSA rsa = _certificate.PublicKey.Key as RSA; //if (rsa != null) // claims.Add(Claim.CreateRsaClaim(rsa)); return(claims); }
IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = this.certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = this.certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName)); } value = this.certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateDnsClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.EmailName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateMailAddressClaim(new MailAddress(value))); } value = this.certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUpnClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } RSA rsa = this.certificate.PublicKey.Key as RSA; if (rsa != null) { claims.Add(Claim.CreateRsaClaim(rsa)); } return(claims); }
// Note: null string represents any. public override IEnumerable <Claim> FindClaims(string claimType, string right) { ThrowIfDisposed(); if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right)) { yield break; } else if (_claims == null && ClaimTypes.Thumbprint.Equals(claimType)) { if (right == null || Rights.Identity.Equals(right)) { yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.Identity)); } if (right == null || Rights.PossessProperty.Equals(right)) { yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.PossessProperty)); } } else if (_claims == null && ClaimTypes.Dns.Equals(claimType)) { if (right == null || Rights.PossessProperty.Equals(right)) { // new behavior since this is the default long term behavior string[] entries = GetDnsFromExtensions(_certificate); for (int i = 0; i < entries.Length; ++i) { yield return(Claim.CreateDnsClaim(entries[i])); } } } else { EnsureClaims(); bool anyClaimType = (claimType == null); bool anyRight = (right == null); for (int i = 0; i < _claims.Count; ++i) { Claim claim = _claims[i]; if ((claim != null) && (anyClaimType || claimType.Equals(claim.ClaimType)) && (anyRight || right.Equals(claim.Right))) { yield return(claim); } } } }
// Note: null string represents any. public override IEnumerable <Claim> FindClaims(string claimType, string right) { ThrowIfDisposed(); if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right)) { yield break; } else if (_claims == null && ClaimTypes.Thumbprint.Equals(claimType)) { if (right == null || Rights.Identity.Equals(right)) { yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.Identity)); } if (right == null || Rights.PossessProperty.Equals(right)) { yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.PossessProperty)); } } else if (_claims == null && ClaimTypes.Dns.Equals(claimType)) { if (right == null || Rights.PossessProperty.Equals(right)) { // #321 - Desktop implmentation > 4.6 replaces this with a SAN check string value = _certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { yield return(Claim.CreateDnsClaim(value)); } } } else { EnsureClaims(); bool anyClaimType = (claimType == null); bool anyRight = (right == null); for (int i = 0; i < _claims.Count; ++i) { Claim claim = _claims[i]; if ((claim != null) && (anyClaimType || claimType.Equals(claim.ClaimType)) && (anyRight || right.Equals(claim.Right))) { yield return(claim); } } } }
IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = _certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = _certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(_certificate.SubjectName)); } // #321 - Desktop implmentation > 4.6 replaces this with a SAN check value = _certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateDnsClaim(value)); } value = _certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = _certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) #if FEATURE_CORECLR { claims.Add(Claim.CreateUpnClaim(value)); } #else { throw ExceptionHelper.PlatformNotSupported(); } #endif value = _certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } //RSA rsa = _certificate.PublicKey.Key as RSA; //if (rsa != null) // claims.Add(Claim.CreateRsaClaim(rsa)); return(claims); }
private static List <Claim> GetDnsClaims(X509Certificate2 cert) { List <Claim> dnsClaimEntries = new List <Claim>(); // old behavior, default for <= 4.6 string value = cert.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { dnsClaimEntries.Add(Claim.CreateDnsClaim(value)); } // App context switch for disabling support for multiple dns entries in a SAN certificate // If we can't dynamically parse the alt subject names, we will not add any dns claims ONLY for the alt subject names. // In this way, if the X509NameType.DnsName was enough to succeed for the out-bound-message. We would have a success. if (!LocalAppContextSwitches.DisableMultipleDNSEntriesInSANCertificate && X509SubjectAlternativeNameConstants.SuccessfullyInitialized) { foreach (X509Extension ext in cert.Extensions) { // Extension is SAN or SAN2 if (ext.Oid.Value == X509SubjectAlternativeNameConstants.SanOid || ext.Oid.Value == X509SubjectAlternativeNameConstants.San2Oid) { string asnString = ext.Format(false); if (string.IsNullOrWhiteSpace(asnString)) { break; } // SubjectAlternativeNames might contain something other than a dNSName, // so we have to parse through and only use the dNSNames // <identifier><delimiter><value><separator(s)> string[] rawDnsEntries = asnString.Split(X509SubjectAlternativeNameConstants.SeparatorArray, StringSplitOptions.RemoveEmptyEntries); for (int i = 0; i < rawDnsEntries.Length; i++) { string[] keyval = rawDnsEntries[i].Split(X509SubjectAlternativeNameConstants.Delimiter); if (string.Equals(keyval[0], X509SubjectAlternativeNameConstants.Identifier)) { dnsClaimEntries.Add(Claim.CreateDnsClaim(keyval[1])); } } } } } return(dnsClaimEntries); }
public override IEnumerable <Claim> FindClaims(string claimType, string right) { this.ThrowIfDisposed(); if (SupportedClaimType(claimType) && ClaimSet.SupportedRight(right)) { if ((this.claims != null) || !ClaimTypes.Thumbprint.Equals(claimType)) { if ((this.claims == null) && ClaimTypes.Dns.Equals(claimType)) { if ((right == null) || Rights.PossessProperty.Equals(right)) { string nameInfo = this.certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(nameInfo)) { yield return(Claim.CreateDnsClaim(nameInfo)); } } } else { this.EnsureClaims(); bool iteratorVariable1 = claimType == null; bool iteratorVariable2 = right == null; for (int i = 0; i < this.claims.Count; i++) { Claim iteratorVariable4 = this.claims[i]; if (((iteratorVariable4 != null) && (iteratorVariable1 || claimType.Equals(iteratorVariable4.ClaimType))) && (iteratorVariable2 || right.Equals(iteratorVariable4.Right))) { yield return(iteratorVariable4); } } } } else { if ((right == null) || Rights.Identity.Equals(right)) { yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.Identity)); } if ((right == null) || Rights.PossessProperty.Equals(right)) { yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.PossessProperty)); } } } }
private IList <Claim> InitializeClaimsCore() { List <Claim> list = new List <Claim>(); byte[] certHash = this.certificate.GetCertHash(); list.Add(new Claim(ClaimTypes.Thumbprint, certHash, Rights.Identity)); list.Add(new Claim(ClaimTypes.Thumbprint, certHash, Rights.PossessProperty)); if (!string.IsNullOrEmpty(this.certificate.SubjectName.Name)) { list.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName)); } string nameInfo = this.certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(nameInfo)) { list.Add(Claim.CreateDnsClaim(nameInfo)); } nameInfo = this.certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(nameInfo)) { list.Add(Claim.CreateNameClaim(nameInfo)); } nameInfo = this.certificate.GetNameInfo(X509NameType.EmailName, false); if (!string.IsNullOrEmpty(nameInfo)) { list.Add(Claim.CreateMailAddressClaim(new MailAddress(nameInfo))); } nameInfo = this.certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(nameInfo)) { list.Add(Claim.CreateUpnClaim(nameInfo)); } nameInfo = this.certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(nameInfo)) { list.Add(Claim.CreateUriClaim(new Uri(nameInfo))); } RSA key = this.certificate.PublicKey.Key as RSA; if (key != null) { list.Add(Claim.CreateRsaClaim(key)); } return(list); }
public X509CertificateClaimSet(X509Certificate2 certificate) { if (certificate == null) { throw new ArgumentNullException("certificate"); } this.cert = certificate; Claim ident = new Claim(ClaimTypes.Thumbprint, cert.Thumbprint, Rights.Identity); // issuer = new X509IdentityClaimSet (ident); claims.Add(ident); //claims.Add (Claim.CreateX500DistinguishedNameClaim (cert.SubjectName)); //claims.Add (Claim.CreateNameClaim (cert.SubjectName.Name)); RSA rsa = cert.PublicKey.Key as RSA; if (rsa != null) { claims.Add(Claim.CreateRsaClaim(rsa)); } claims.Add(Claim.CreateThumbprintClaim(cert.GetCertHash())); // FIXME: where is DNS info for X509 cert? claims.Add(Claim.CreateDnsClaim(null)); }
// Note: null string represents any. public override IEnumerable <Claim> FindClaims(string claimType, string right) { ThrowIfDisposed(); if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right)) { yield break; } else if (this.claims == null && ClaimTypes.Thumbprint.Equals(claimType)) { if (right == null || Rights.Identity.Equals(right)) { yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.Identity)); } if (right == null || Rights.PossessProperty.Equals(right)) { yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.PossessProperty)); } } else if (this.claims == null && ClaimTypes.Dns.Equals(claimType)) { if (right == null || Rights.PossessProperty.Equals(right)) { // App context switch for disabling support for multiple dns entries in a SAN certificate if (LocalAppContextSwitches.DisableMultipleDNSEntriesInSANCertificate) { // old behavior, default for <= 4.6 string value = this.certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { yield return(Claim.CreateDnsClaim(value)); } } else { // new behavior since this is the default long term behavior string[] entries = GetDnsFromExtensions(certificate); for (int i = 0; i < entries.Length; ++i) { yield return(Claim.CreateDnsClaim(entries[i])); } } } } else { EnsureClaims(); bool anyClaimType = (claimType == null); bool anyRight = (right == null); for (int i = 0; i < this.claims.Count; ++i) { Claim claim = this.claims[i]; if ((claim != null) && (anyClaimType || claimType.Equals(claim.ClaimType)) && (anyRight || right.Equals(claim.Right))) { yield return(claim); } } } }
IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = this.certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = this.certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName)); } // App context switch for disabling support for multiple dns entries in a SAN certificate if (LocalAppContextSwitches.DisableMultipleDNSEntriesInSANCertificate) { // old behavior, default for <= 4.6 value = this.certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateDnsClaim(value)); } } else { // new behavior as this is the default long term behavior // Since a SAN can have multiple DNS entries string[] entries = GetDnsFromExtensions(this.certificate); for (int i = 0; i < entries.Length; ++i) { claims.Add(Claim.CreateDnsClaim(entries[i])); } } value = this.certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.EmailName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateMailAddressClaim(new MailAddress(value))); } value = this.certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUpnClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } RSA rsa = this.certificate.PublicKey.Key as RSA; if (rsa != null) { claims.Add(Claim.CreateRsaClaim(rsa)); } return(claims); }
// Note: null string represents any. public override IEnumerable <Claim> FindClaims(string claimType, string right) { ThrowIfDisposed(); if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right)) { yield break; } else if (_claims == null && ClaimTypes.Thumbprint.Equals(claimType)) { if (right == null || Rights.Identity.Equals(right)) { yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.Identity)); } if (right == null || Rights.PossessProperty.Equals(right)) { yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.PossessProperty)); } } else if (_claims == null && ClaimTypes.Dns.Equals(claimType)) { if (right == null || Rights.PossessProperty.Equals(right)) { // A SAN field can have multiple DNS names string[] dnsEntries = GetDnsFromExtensions(_certificate); if (dnsEntries.Length > 0) { for (int i = 0; i < dnsEntries.Length; ++i) { yield return(Claim.CreateDnsClaim(dnsEntries[i])); } } else { // If no SANs found in certificate, fall back to looking at the CN string value = _certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { yield return(Claim.CreateDnsClaim(value)); } } } } else { EnsureClaims(); bool anyClaimType = (claimType == null); bool anyRight = (right == null); for (int i = 0; i < _claims.Count; ++i) { Claim claim = _claims[i]; if ((claim != null) && (anyClaimType || claimType.Equals(claim.ClaimType)) && (anyRight || right.Equals(claim.Right))) { yield return(claim); } } } }
private IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = _certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = _certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(_certificate.SubjectName)); } // A SAN field can have multiple DNS names string[] dnsEntries = GetDnsFromExtensions(_certificate); if (dnsEntries.Length > 0) { for (int i = 0; i < dnsEntries.Length; ++i) { claims.Add(Claim.CreateDnsClaim(dnsEntries[i])); } } else { // If no SANs found in certificate, fall back to looking for the CN value = _certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateDnsClaim(value)); } } value = _certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = _certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) #if SUPPORTS_WINDOWSIDENTITY { claims.Add(Claim.CreateUpnClaim(value)); } #else { throw ExceptionHelper.PlatformNotSupported(); } #endif // SUPPORTS_WINDOWSIDENTITY value = _certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } //RSA rsa = _certificate.PublicKey.Key as RSA; //if (rsa != null) // claims.Add(Claim.CreateRsaClaim(rsa)); return(claims); }