private IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = _certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = _certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(_certificate.SubjectName)); } // A SAN field can have multiple DNS names string[] dnsEntries = GetDnsFromExtensions(_certificate); if (dnsEntries.Length > 0) { for (int i = 0; i < dnsEntries.Length; ++i) { claims.Add(Claim.CreateDnsClaim(dnsEntries[i])); } } else { // If no SANs found in certificate, fall back to looking for the CN value = _certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateDnsClaim(value)); } } value = _certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = _certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUpnClaim(value)); } value = _certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } //RSA rsa = _certificate.PublicKey.Key as RSA; //if (rsa != null) // claims.Add(Claim.CreateRsaClaim(rsa)); return(claims); }
IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = this.certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = this.certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName)); } claims.AddRange(GetDnsClaims(this.certificate)); value = this.certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.EmailName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateMailAddressClaim(new MailAddress(value))); } value = this.certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUpnClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } RSA rsa; if (LocalAppContextSwitches.DisableCngCertificates) { rsa = this.certificate.PublicKey.Key as RSA; } else { rsa = CngLightup.GetRSAPublicKey(this.certificate); } if (rsa != null) { claims.Add(Claim.CreateRsaClaim(rsa)); } return(claims); }
IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = _certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = _certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(_certificate.SubjectName)); } // new behavior as this is the default long term behavior // Since a SAN can have multiple DNS entries string[] entries = GetDnsFromExtensions(_certificate); for (int i = 0; i < entries.Length; ++i) { claims.Add(Claim.CreateDnsClaim(entries[i])); } value = _certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = _certificate.GetNameInfo(X509NameType.EmailName, false); if (!string.IsNullOrEmpty(value)) { throw ExceptionHelper.PlatformNotSupported("InitializeClaimsCore - EmailName"); } value = _certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUpnClaim(value)); } value = _certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } //RSA rsa = _certificate.PublicKey.Key as RSA; //if (rsa != null) // claims.Add(Claim.CreateRsaClaim(rsa)); return(claims); }
IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = _certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = _certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(_certificate.SubjectName)); } // #321 - Desktop implmentation > 4.6 replaces this with a SAN check value = _certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateDnsClaim(value)); } value = _certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = _certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) #if FEATURE_CORECLR { claims.Add(Claim.CreateUpnClaim(value)); } #else { throw ExceptionHelper.PlatformNotSupported(); } #endif value = _certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } //RSA rsa = _certificate.PublicKey.Key as RSA; //if (rsa != null) // claims.Add(Claim.CreateRsaClaim(rsa)); return(claims); }
private IList <Claim> InitializeClaimsCore() { List <Claim> list = new List <Claim>(); byte[] certHash = this.certificate.GetCertHash(); list.Add(new Claim(ClaimTypes.Thumbprint, certHash, Rights.Identity)); list.Add(new Claim(ClaimTypes.Thumbprint, certHash, Rights.PossessProperty)); if (!string.IsNullOrEmpty(this.certificate.SubjectName.Name)) { list.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName)); } string nameInfo = this.certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(nameInfo)) { list.Add(Claim.CreateDnsClaim(nameInfo)); } nameInfo = this.certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(nameInfo)) { list.Add(Claim.CreateNameClaim(nameInfo)); } nameInfo = this.certificate.GetNameInfo(X509NameType.EmailName, false); if (!string.IsNullOrEmpty(nameInfo)) { list.Add(Claim.CreateMailAddressClaim(new MailAddress(nameInfo))); } nameInfo = this.certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(nameInfo)) { list.Add(Claim.CreateUpnClaim(nameInfo)); } nameInfo = this.certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(nameInfo)) { list.Add(Claim.CreateUriClaim(new Uri(nameInfo))); } RSA key = this.certificate.PublicKey.Key as RSA; if (key != null) { list.Add(Claim.CreateRsaClaim(key)); } return(list); }
IList <Claim> InitializeClaimsCore() { List <Claim> claims = new List <Claim>(); byte[] thumbprint = this.certificate.GetCertHash(); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity)); claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty)); // Ordering SubjectName, Dns, SimpleName, Email, Upn string value = this.certificate.SubjectName.Name; if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName)); } // App context switch for disabling support for multiple dns entries in a SAN certificate if (LocalAppContextSwitches.DisableMultipleDNSEntriesInSANCertificate) { // old behavior, default for <= 4.6 value = this.certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateDnsClaim(value)); } } else { // new behavior as this is the default long term behavior // Since a SAN can have multiple DNS entries string[] entries = GetDnsFromExtensions(this.certificate); for (int i = 0; i < entries.Length; ++i) { claims.Add(Claim.CreateDnsClaim(entries[i])); } } value = this.certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateNameClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.EmailName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateMailAddressClaim(new MailAddress(value))); } value = this.certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUpnClaim(value)); } value = this.certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(value)) { claims.Add(Claim.CreateUriClaim(new Uri(value))); } RSA rsa = this.certificate.PublicKey.Key as RSA; if (rsa != null) { claims.Add(Claim.CreateRsaClaim(rsa)); } return(claims); }