Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / IdentityModel / System / IdentityModel / Claims / X509CertificateClaimSet.cs / 1 / X509CertificateClaimSet.cs
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------
namespace System.IdentityModel.Claims
{
using System.Collections.Generic;
using System.IdentityModel.Policy;
using System.Net.Mail;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
public class X509CertificateClaimSet : ClaimSet, IIdentityInfo, IDisposable
{
X509Certificate2 certificate;
DateTime expirationTime = SecurityUtils.MinUtcDateTime;
ClaimSet issuer;
X509Identity identity;
X509ChainElementCollection elements;
IList claims;
int index;
bool disposed = false;
public X509CertificateClaimSet(X509Certificate2 certificate)
: this(certificate, true)
{
}
internal X509CertificateClaimSet(X509Certificate2 certificate, bool clone)
{
if (certificate == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate");
this.certificate = clone ? new X509Certificate2(certificate) : certificate;
}
X509CertificateClaimSet(X509CertificateClaimSet from)
: this(from.X509Certificate, true)
{
}
X509CertificateClaimSet(X509ChainElementCollection elements, int index)
{
this.elements = elements;
this.index = index;
this.certificate = elements[index].Certificate;
}
public override Claim this[int index]
{
get
{
ThrowIfDisposed();
EnsureClaims();
return this.claims[index];
}
}
public override int Count
{
get
{
ThrowIfDisposed();
EnsureClaims();
return this.claims.Count;
}
}
IIdentity IIdentityInfo.Identity
{
get
{
ThrowIfDisposed();
if (this.identity == null)
this.identity = new X509Identity(this.certificate, false, false);
return this.identity;
}
}
public DateTime ExpirationTime
{
get
{
ThrowIfDisposed();
if (this.expirationTime == SecurityUtils.MinUtcDateTime)
this.expirationTime = this.certificate.NotAfter.ToUniversalTime();
return this.expirationTime;
}
}
public override ClaimSet Issuer
{
get
{
ThrowIfDisposed();
if (this.issuer == null)
{
if (this.elements == null)
{
X509Chain chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.Build(certificate);
this.index = 0;
this.elements = chain.ChainElements;
}
if (this.index + 1 < this.elements.Count)
{
this.issuer = new X509CertificateClaimSet(this.elements, this.index + 1);
this.elements = null;
}
// SelfSigned?
else if (StringComparer.OrdinalIgnoreCase.Equals(this.certificate.SubjectName.Name, this.certificate.IssuerName.Name))
this.issuer = this;
else
this.issuer = new X500DistinguishedNameClaimSet(this.certificate.IssuerName);
}
return this.issuer;
}
}
public X509Certificate2 X509Certificate
{
get
{
ThrowIfDisposed();
return this.certificate;
}
}
internal X509CertificateClaimSet Clone()
{
ThrowIfDisposed();
return new X509CertificateClaimSet(this);
}
public void Dispose()
{
if (!this.disposed)
{
this.disposed = true;
SecurityUtils.DisposeIfNecessary(this.identity);
if (this.issuer != null)
{
if (this.issuer != this)
{
SecurityUtils.DisposeIfNecessary(this.issuer as IDisposable);
}
}
if (this.elements != null)
{
for (int i = this.index + 1; i < this.elements.Count; ++i)
{
this.elements[i].Certificate.Reset();
}
}
this.certificate.Reset();
}
}
IList InitializeClaimsCore()
{
List claims = new List();
byte[] thumbprint = this.certificate.GetCertHash();
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity));
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty));
// Ordering SubjectName, Dns, SimpleName, Email, Upn
string value = this.certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName));
value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateDnsClaim(value));
value = this.certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateNameClaim(value));
value = this.certificate.GetNameInfo(X509NameType.EmailName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateMailAddressClaim(new MailAddress(value)));
value = this.certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateUpnClaim(value));
value = this.certificate.GetNameInfo(X509NameType.UrlName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateUriClaim(new Uri(value)));
RSA rsa = this.certificate.PublicKey.Key as RSA;
if (rsa != null)
claims.Add(Claim.CreateRsaClaim(rsa));
return claims;
}
void EnsureClaims()
{
if (this.claims != null)
return;
this.claims = InitializeClaimsCore();
}
static bool SupportedClaimType(string claimType)
{
return claimType == null ||
ClaimTypes.Thumbprint.Equals(claimType) ||
ClaimTypes.X500DistinguishedName.Equals(claimType) ||
ClaimTypes.Dns.Equals(claimType) ||
ClaimTypes.Name.Equals(claimType) ||
ClaimTypes.Email.Equals(claimType) ||
ClaimTypes.Upn.Equals(claimType) ||
ClaimTypes.Uri.Equals(claimType) ||
ClaimTypes.Rsa.Equals(claimType);
}
// Note: null string represents any.
public override IEnumerable FindClaims(string claimType, string right)
{
ThrowIfDisposed();
if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
{
yield break;
}
else if (this.claims == null && ClaimTypes.Thumbprint.Equals(claimType))
{
if (right == null || Rights.Identity.Equals(right))
{
yield return new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.Identity);
}
if (right == null || Rights.PossessProperty.Equals(right))
{
yield return new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.PossessProperty);
}
}
else if (this.claims == null && ClaimTypes.Dns.Equals(claimType))
{
if (right == null || Rights.PossessProperty.Equals(right))
{
string value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
{
yield return Claim.CreateDnsClaim(value);
}
}
}
else
{
EnsureClaims();
bool anyClaimType = (claimType == null);
bool anyRight = (right == null);
for (int i = 0; i < this.claims.Count; ++i)
{
Claim claim = this.claims[i];
if ((claim != null) &&
(anyClaimType || claimType.Equals(claim.ClaimType)) &&
(anyRight || right.Equals(claim.Right)))
{
yield return claim;
}
}
}
}
public override IEnumerator GetEnumerator()
{
ThrowIfDisposed();
EnsureClaims();
return this.claims.GetEnumerator();
}
public override string ToString()
{
return this.disposed ? base.ToString() : SecurityUtils.ClaimSetToString(this);
}
void ThrowIfDisposed()
{
if (this.disposed)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ObjectDisposedException(this.GetType().FullName));
}
}
class X500DistinguishedNameClaimSet : DefaultClaimSet, IIdentityInfo
{
IIdentity identity;
public X500DistinguishedNameClaimSet(X500DistinguishedName x500DistinguishedName)
{
if (x500DistinguishedName == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("x500DistinguishedName");
this.identity = new X509Identity(x500DistinguishedName);
List claims = new List(2);
claims.Add(new Claim(ClaimTypes.X500DistinguishedName, x500DistinguishedName, Rights.Identity));
claims.Add(Claim.CreateX500DistinguishedNameClaim(x500DistinguishedName));
Initialize(ClaimSet.Anonymous, claims);
}
public IIdentity Identity
{
get { return this.identity; }
}
}
}
class X509Identity : GenericIdentity, IDisposable
{
const string X509 = "X509";
const string Thumbprint = "; ";
X500DistinguishedName x500DistinguishedName;
X509Certificate2 certificate;
string name;
bool disposed = false;
bool disposable = true;
public X509Identity(X509Certificate2 certificate)
: this(certificate, true, true)
{
}
public X509Identity(X500DistinguishedName x500DistinguishedName)
: base(X509, X509)
{
this.x500DistinguishedName = x500DistinguishedName;
}
internal X509Identity(X509Certificate2 certificate, bool clone, bool disposable)
: base(X509, X509)
{
this.certificate = clone ? new X509Certificate2(certificate) : certificate;
this.disposable = clone || disposable;
}
public override string Name
{
get
{
ThrowIfDisposed();
if (this.name == null)
{
//
// DCR 48092: PrincipalPermission authorization using certificates could cause Elevation of Privilege.
// because there could be duplicate subject name. In order to be more unique, we use SubjectName + Thumbprint
// instead
//
this.name = GetName() + Thumbprint + this.certificate.Thumbprint;
}
return this.name;
}
}
string GetName()
{
if (this.x500DistinguishedName != null)
return this.x500DistinguishedName.Name;
string value = this.certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
return value;
value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
return value;
value = this.certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
return value;
value = this.certificate.GetNameInfo(X509NameType.EmailName, false);
if (!string.IsNullOrEmpty(value))
return value;
value = this.certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
return value;
return String.Empty;
}
public X509Identity Clone()
{
return this.certificate != null ? new X509Identity(this.certificate) : new X509Identity(this.x500DistinguishedName);
}
public void Dispose()
{
if (this.disposable && !this.disposed)
{
this.disposed = true;
if (this.certificate != null)
{
this.certificate.Reset();
}
}
}
void ThrowIfDisposed()
{
if (this.disposed)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ObjectDisposedException(this.GetType().FullName));
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- CombinedGeometry.cs
- SchemaInfo.cs
- EFColumnProvider.cs
- CompilerGlobalScopeAttribute.cs
- TransformerInfoCollection.cs
- SafeHandles.cs
- Avt.cs
- StorageFunctionMapping.cs
- CroppedBitmap.cs
- CounterCreationDataCollection.cs
- SQLBinary.cs
- CompiledRegexRunner.cs
- cookieexception.cs
- ClockGroup.cs
- GridView.cs
- TagNameToTypeMapper.cs
- controlskin.cs
- MaskDescriptor.cs
- Overlapped.cs
- invalidudtexception.cs
- AppDomainUnloadedException.cs
- DataErrorValidationRule.cs
- CheckPair.cs
- TextOnlyOutput.cs
- ErrorHandlingAcceptor.cs
- StringWriter.cs
- DiscoveryDocumentReference.cs
- BrowserCapabilitiesFactory35.cs
- CalendarModeChangedEventArgs.cs
- HierarchicalDataTemplate.cs
- BitmapPalettes.cs
- URLString.cs
- TreeNodeStyleCollection.cs
- QuadraticBezierSegment.cs
- PersonalizationAdministration.cs
- MissingManifestResourceException.cs
- TextServicesContext.cs
- DeferredElementTreeState.cs
- NativeMethods.cs
- MemberInfoSerializationHolder.cs
- SelectionEditor.cs
- BaseComponentEditor.cs
- TextTreeTextBlock.cs
- AsyncPostBackErrorEventArgs.cs
- ISSmlParser.cs
- QueryRewriter.cs
- SessionStateModule.cs
- EmptyTextWriter.cs
- DataControlLinkButton.cs
- GridViewAutomationPeer.cs
- OleDbDataAdapter.cs
- SemaphoreFullException.cs
- DefaultIfEmptyQueryOperator.cs
- SettingsAttributes.cs
- TrustManagerPromptUI.cs
- FormViewCommandEventArgs.cs
- RSAPKCS1KeyExchangeDeformatter.cs
- WebHttpSecurityElement.cs
- FakeModelPropertyImpl.cs
- SystemTcpConnection.cs
- ProtectedConfiguration.cs
- SqlUserDefinedAggregateAttribute.cs
- TagMapCollection.cs
- Underline.cs
- MachineSettingsSection.cs
- MissingMemberException.cs
- DashStyle.cs
- HttpPostClientProtocol.cs
- LayeredChannelListener.cs
- PrivateFontCollection.cs
- SiteMap.cs
- StrokeSerializer.cs
- XmlBoundElement.cs
- RoleManagerSection.cs
- FileClassifier.cs
- InstalledVoice.cs
- MultiAsyncResult.cs
- StylusPoint.cs
- HttpServerUtilityWrapper.cs
- XLinq.cs
- AllMembershipCondition.cs
- BufferedMessageWriter.cs
- SimpleBitVector32.cs
- CultureInfoConverter.cs
- OdbcCommand.cs
- ActivityStateRecord.cs
- SoapElementAttribute.cs
- OutputCacheProfile.cs
- SymLanguageType.cs
- StylusPointCollection.cs
- WebControlsSection.cs
- RawMouseInputReport.cs
- MdiWindowListStrip.cs
- UpdatableGenericsFeature.cs
- XsltContext.cs
- DataTableTypeConverter.cs
- SchemaImporterExtensionsSection.cs
- BoundField.cs
- ConfigLoader.cs
- ViewBox.cs