public X509CertificateClaimSet(X509Certificate2 certificate) { if (certificate == null) { throw new ArgumentNullException("certificate"); } this.cert = certificate; Claim ident = new Claim(ClaimTypes.Thumbprint, cert.Thumbprint, Rights.Identity); // issuer = new X509IdentityClaimSet (ident); claims.Add(ident); //claims.Add (Claim.CreateX500DistinguishedNameClaim (cert.SubjectName)); //claims.Add (Claim.CreateNameClaim (cert.SubjectName.Name)); RSA rsa = cert.PublicKey.Key as RSA; if (rsa != null) { claims.Add(Claim.CreateRsaClaim(rsa)); } claims.Add(Claim.CreateThumbprintClaim(cert.GetCertHash())); // FIXME: where is DNS info for X509 cert? claims.Add(Claim.CreateDnsClaim(null)); }
IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = this.certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = this.certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName)); } // App context switch for disabling support for multiple dns entries in a SAN certificate if (LocalAppContextSwitches.DisableMultipleDNSEntriesInSANCertificate) { // old behavior, default for <= 4.6 value = this.certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateDnsClaim(value)); } } else { // new behavior as this is the default long term behavior // Since a SAN can have multiple DNS entries string[] entries = GetDnsFromExtensions(this.certificate); for (int i = 0; i < entries.Length; ++i) { claims.Add(Claim.CreateDnsClaim(entries[i])); } } value = this.certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.EmailName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateMailAddressClaim(new MailAddress(value))); } value = this.certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUpnClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } RSA rsa = this.certificate.PublicKey.Key as RSA; if (rsa != null) { claims.Add(Claim.CreateRsaClaim(rsa)); } return(claims); }