Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / IdentityModel / System / IdentityModel / Claims / X509CertificateClaimSet.cs / 1 / X509CertificateClaimSet.cs
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------
namespace System.IdentityModel.Claims
{
using System.Collections.Generic;
using System.IdentityModel.Policy;
using System.Net.Mail;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
public class X509CertificateClaimSet : ClaimSet, IIdentityInfo, IDisposable
{
X509Certificate2 certificate;
DateTime expirationTime = SecurityUtils.MinUtcDateTime;
ClaimSet issuer;
X509Identity identity;
X509ChainElementCollection elements;
IList claims;
int index;
bool disposed = false;
public X509CertificateClaimSet(X509Certificate2 certificate)
: this(certificate, true)
{
}
internal X509CertificateClaimSet(X509Certificate2 certificate, bool clone)
{
if (certificate == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate");
this.certificate = clone ? new X509Certificate2(certificate) : certificate;
}
X509CertificateClaimSet(X509CertificateClaimSet from)
: this(from.X509Certificate, true)
{
}
X509CertificateClaimSet(X509ChainElementCollection elements, int index)
{
this.elements = elements;
this.index = index;
this.certificate = elements[index].Certificate;
}
public override Claim this[int index]
{
get
{
ThrowIfDisposed();
EnsureClaims();
return this.claims[index];
}
}
public override int Count
{
get
{
ThrowIfDisposed();
EnsureClaims();
return this.claims.Count;
}
}
IIdentity IIdentityInfo.Identity
{
get
{
ThrowIfDisposed();
if (this.identity == null)
this.identity = new X509Identity(this.certificate, false, false);
return this.identity;
}
}
public DateTime ExpirationTime
{
get
{
ThrowIfDisposed();
if (this.expirationTime == SecurityUtils.MinUtcDateTime)
this.expirationTime = this.certificate.NotAfter.ToUniversalTime();
return this.expirationTime;
}
}
public override ClaimSet Issuer
{
get
{
ThrowIfDisposed();
if (this.issuer == null)
{
if (this.elements == null)
{
X509Chain chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.Build(certificate);
this.index = 0;
this.elements = chain.ChainElements;
}
if (this.index + 1 < this.elements.Count)
{
this.issuer = new X509CertificateClaimSet(this.elements, this.index + 1);
this.elements = null;
}
// SelfSigned?
else if (StringComparer.OrdinalIgnoreCase.Equals(this.certificate.SubjectName.Name, this.certificate.IssuerName.Name))
this.issuer = this;
else
this.issuer = new X500DistinguishedNameClaimSet(this.certificate.IssuerName);
}
return this.issuer;
}
}
public X509Certificate2 X509Certificate
{
get
{
ThrowIfDisposed();
return this.certificate;
}
}
internal X509CertificateClaimSet Clone()
{
ThrowIfDisposed();
return new X509CertificateClaimSet(this);
}
public void Dispose()
{
if (!this.disposed)
{
this.disposed = true;
SecurityUtils.DisposeIfNecessary(this.identity);
if (this.issuer != null)
{
if (this.issuer != this)
{
SecurityUtils.DisposeIfNecessary(this.issuer as IDisposable);
}
}
if (this.elements != null)
{
for (int i = this.index + 1; i < this.elements.Count; ++i)
{
this.elements[i].Certificate.Reset();
}
}
this.certificate.Reset();
}
}
IList InitializeClaimsCore()
{
List claims = new List();
byte[] thumbprint = this.certificate.GetCertHash();
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.Identity));
claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty));
// Ordering SubjectName, Dns, SimpleName, Email, Upn
string value = this.certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName));
value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateDnsClaim(value));
value = this.certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateNameClaim(value));
value = this.certificate.GetNameInfo(X509NameType.EmailName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateMailAddressClaim(new MailAddress(value)));
value = this.certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateUpnClaim(value));
value = this.certificate.GetNameInfo(X509NameType.UrlName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateUriClaim(new Uri(value)));
RSA rsa = this.certificate.PublicKey.Key as RSA;
if (rsa != null)
claims.Add(Claim.CreateRsaClaim(rsa));
return claims;
}
void EnsureClaims()
{
if (this.claims != null)
return;
this.claims = InitializeClaimsCore();
}
static bool SupportedClaimType(string claimType)
{
return claimType == null ||
ClaimTypes.Thumbprint.Equals(claimType) ||
ClaimTypes.X500DistinguishedName.Equals(claimType) ||
ClaimTypes.Dns.Equals(claimType) ||
ClaimTypes.Name.Equals(claimType) ||
ClaimTypes.Email.Equals(claimType) ||
ClaimTypes.Upn.Equals(claimType) ||
ClaimTypes.Uri.Equals(claimType) ||
ClaimTypes.Rsa.Equals(claimType);
}
// Note: null string represents any.
public override IEnumerable FindClaims(string claimType, string right)
{
ThrowIfDisposed();
if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
{
yield break;
}
else if (this.claims == null && ClaimTypes.Thumbprint.Equals(claimType))
{
if (right == null || Rights.Identity.Equals(right))
{
yield return new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.Identity);
}
if (right == null || Rights.PossessProperty.Equals(right))
{
yield return new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.PossessProperty);
}
}
else if (this.claims == null && ClaimTypes.Dns.Equals(claimType))
{
if (right == null || Rights.PossessProperty.Equals(right))
{
string value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
{
yield return Claim.CreateDnsClaim(value);
}
}
}
else
{
EnsureClaims();
bool anyClaimType = (claimType == null);
bool anyRight = (right == null);
for (int i = 0; i < this.claims.Count; ++i)
{
Claim claim = this.claims[i];
if ((claim != null) &&
(anyClaimType || claimType.Equals(claim.ClaimType)) &&
(anyRight || right.Equals(claim.Right)))
{
yield return claim;
}
}
}
}
public override IEnumerator GetEnumerator()
{
ThrowIfDisposed();
EnsureClaims();
return this.claims.GetEnumerator();
}
public override string ToString()
{
return this.disposed ? base.ToString() : SecurityUtils.ClaimSetToString(this);
}
void ThrowIfDisposed()
{
if (this.disposed)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ObjectDisposedException(this.GetType().FullName));
}
}
class X500DistinguishedNameClaimSet : DefaultClaimSet, IIdentityInfo
{
IIdentity identity;
public X500DistinguishedNameClaimSet(X500DistinguishedName x500DistinguishedName)
{
if (x500DistinguishedName == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("x500DistinguishedName");
this.identity = new X509Identity(x500DistinguishedName);
List claims = new List(2);
claims.Add(new Claim(ClaimTypes.X500DistinguishedName, x500DistinguishedName, Rights.Identity));
claims.Add(Claim.CreateX500DistinguishedNameClaim(x500DistinguishedName));
Initialize(ClaimSet.Anonymous, claims);
}
public IIdentity Identity
{
get { return this.identity; }
}
}
}
class X509Identity : GenericIdentity, IDisposable
{
const string X509 = "X509";
const string Thumbprint = "; ";
X500DistinguishedName x500DistinguishedName;
X509Certificate2 certificate;
string name;
bool disposed = false;
bool disposable = true;
public X509Identity(X509Certificate2 certificate)
: this(certificate, true, true)
{
}
public X509Identity(X500DistinguishedName x500DistinguishedName)
: base(X509, X509)
{
this.x500DistinguishedName = x500DistinguishedName;
}
internal X509Identity(X509Certificate2 certificate, bool clone, bool disposable)
: base(X509, X509)
{
this.certificate = clone ? new X509Certificate2(certificate) : certificate;
this.disposable = clone || disposable;
}
public override string Name
{
get
{
ThrowIfDisposed();
if (this.name == null)
{
//
// DCR 48092: PrincipalPermission authorization using certificates could cause Elevation of Privilege.
// because there could be duplicate subject name. In order to be more unique, we use SubjectName + Thumbprint
// instead
//
this.name = GetName() + Thumbprint + this.certificate.Thumbprint;
}
return this.name;
}
}
string GetName()
{
if (this.x500DistinguishedName != null)
return this.x500DistinguishedName.Name;
string value = this.certificate.SubjectName.Name;
if (!string.IsNullOrEmpty(value))
return value;
value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
return value;
value = this.certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
return value;
value = this.certificate.GetNameInfo(X509NameType.EmailName, false);
if (!string.IsNullOrEmpty(value))
return value;
value = this.certificate.GetNameInfo(X509NameType.UpnName, false);
if (!string.IsNullOrEmpty(value))
return value;
return String.Empty;
}
public X509Identity Clone()
{
return this.certificate != null ? new X509Identity(this.certificate) : new X509Identity(this.x500DistinguishedName);
}
public void Dispose()
{
if (this.disposable && !this.disposed)
{
this.disposed = true;
if (this.certificate != null)
{
this.certificate.Reset();
}
}
}
void ThrowIfDisposed()
{
if (this.disposed)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ObjectDisposedException(this.GetType().FullName));
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- SqlNamer.cs
- TextEffect.cs
- BaseParaClient.cs
- DataControlPagerLinkButton.cs
- WindowsRegion.cs
- SystemKeyConverter.cs
- ValidationManager.cs
- AppDomainEvidenceFactory.cs
- TableFieldsEditor.cs
- CancellationTokenRegistration.cs
- AssemblyFilter.cs
- QueryResult.cs
- WinCategoryAttribute.cs
- ColorMatrix.cs
- ValueQuery.cs
- ZipIOLocalFileBlock.cs
- OdbcCommand.cs
- CreateUserWizard.cs
- sqlser.cs
- ZeroOpNode.cs
- SqlTypeSystemProvider.cs
- TreeNodeEventArgs.cs
- DbProviderFactory.cs
- PropertyEmitter.cs
- SoapSchemaImporter.cs
- FlowDocumentPage.cs
- Rectangle.cs
- PolicyLevel.cs
- unsafenativemethodsother.cs
- ListViewDataItem.cs
- CompositionTarget.cs
- XmlQueryRuntime.cs
- TextServicesContext.cs
- SynchronousReceiveElement.cs
- DataRowView.cs
- NullRuntimeConfig.cs
- ImmutableAssemblyCacheEntry.cs
- FocusTracker.cs
- InvalidProgramException.cs
- WbmpConverter.cs
- SQLUtility.cs
- OptimalTextSource.cs
- DocumentSequence.cs
- Image.cs
- WebPartZone.cs
- ObjectStateManagerMetadata.cs
- WebHttpDispatchOperationSelector.cs
- TextEffectResolver.cs
- Buffer.cs
- XmlQueryOutput.cs
- ComponentEvent.cs
- LiteralTextContainerControlBuilder.cs
- SourceFileInfo.cs
- EntityClassGenerator.cs
- ProfileEventArgs.cs
- BindableAttribute.cs
- SimpleHandlerBuildProvider.cs
- DocumentationServerProtocol.cs
- SiblingIterators.cs
- WebControlParameterProxy.cs
- TransformConverter.cs
- RenderTargetBitmap.cs
- Maps.cs
- X509Certificate2.cs
- DelimitedListTraceListener.cs
- HostedTransportConfigurationBase.cs
- RuleInfoComparer.cs
- RequestCachePolicy.cs
- ResourcePart.cs
- ProfilePropertySettingsCollection.cs
- PageBreakRecord.cs
- TcpSocketManager.cs
- Codec.cs
- _NestedMultipleAsyncResult.cs
- XsltInput.cs
- TreeView.cs
- MenuCommand.cs
- ObjectDataSourceMethodEventArgs.cs
- XmlStreamNodeWriter.cs
- XmlSchemaAnnotated.cs
- BamlTreeMap.cs
- SecurityToken.cs
- WindowsAltTab.cs
- CompressStream.cs
- VirtualizingStackPanel.cs
- DocumentViewerHelper.cs
- MDIClient.cs
- HttpDigestClientElement.cs
- MenuItemBinding.cs
- ChannelSinkStacks.cs
- UrlSyndicationContent.cs
- DatatypeImplementation.cs
- NodeInfo.cs
- RecordsAffectedEventArgs.cs
- _Semaphore.cs
- BamlVersionHeader.cs
- QueryAccessibilityHelpEvent.cs
- OdbcCommandBuilder.cs
- HtmlElementErrorEventArgs.cs
- ClientSettingsSection.cs