//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------ namespace System.Security.Claims { using System; using System.Collections.Generic; using System.IdentityModel.Tokens; using System.Net.Mail; using System.Security.Claims; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.Security.Principal; internal static class ClaimsConversionHelper { public static ClaimsIdentity CreateClaimsIdentityFromClaimSet(System.IdentityModel.Claims.ClaimSet claimset, string authenticationType) { if (claimset == null) { throw new ArgumentNullException("claimSet"); } string issuer = null; if (claimset.Issuer == null) { issuer = ClaimsIdentity.DefaultIssuer; } else { foreach (System.IdentityModel.Claims.Claim claim in claimset.Issuer.FindClaims(System.IdentityModel.Claims.ClaimTypes.Name, System.IdentityModel.Claims.Rights.Identity)) { if ((claim != null) && (claim.Resource is string)) { issuer = claim.Resource as string; break; } } } ClaimsIdentity claimsIdentity = new ClaimsIdentity(authenticationType); for (int i = 0; i < claimset.Count; ++i) { // // Only capture possesses property claims // if (String.Equals(claimset[i].Right, System.IdentityModel.Claims.Rights.PossessProperty, StringComparison.Ordinal)) { claimsIdentity.AddClaim(CreateClaimFromWcfClaim(claimset[i], issuer)); } } return claimsIdentity; } public static ClaimsIdentity CreateClaimsIdentityFromClaimSet(System.IdentityModel.Claims.ClaimSet claimset) { return CreateClaimsIdentityFromClaimSet(claimset, null); } public static System.Security.Claims.Claim CreateClaimFromWcfClaim(System.IdentityModel.Claims.Claim wcfClaim) { return CreateClaimFromWcfClaim(wcfClaim, null); } public static System.Security.Claims.Claim CreateClaimFromWcfClaim(System.IdentityModel.Claims.Claim wcfClaim, string issuer) { string claimType = null; string value = null; string valueType = ClaimValueTypes.String; string originalIssuer = issuer; string samlNameIdentifierFormat = null; string samlNameIdentifierNameQualifier = null; if (wcfClaim == null) { throw new ArgumentNullException("claim"); } if (wcfClaim.Resource == null) { throw new InvalidOperationException(); } if (string.IsNullOrEmpty(issuer)) { issuer = ClaimsIdentity.DefaultIssuer; } if (wcfClaim.Resource is string) { AssignClaimFromStringResourceSysClaim(wcfClaim, out claimType, out value); } else { AssignClaimFromSysClaim(wcfClaim, out claimType, out value, out valueType, out samlNameIdentifierFormat, out samlNameIdentifierNameQualifier); } if (value == null) { throw new InvalidOperationException(); } System.Security.Claims.Claim newClaim = new System.Security.Claims.Claim(claimType, value, valueType, issuer, originalIssuer); newClaim.Properties[ClaimProperties.SamlNameIdentifierFormat] = samlNameIdentifierFormat; newClaim.Properties[ClaimProperties.SamlNameIdentifierNameQualifier] = samlNameIdentifierNameQualifier; return newClaim; } static void AssignClaimFromStringResourceSysClaim(System.IdentityModel.Claims.Claim claim, out string claimType, out string claimValue) { claimType = claim.ClaimType; claimValue = (string)claim.Resource; if (StringComparer.Ordinal.Equals(claim.ClaimType, ClaimTypes.Sid)) { if (claim.Right == System.IdentityModel.Claims.Rights.Identity) { claimType = ClaimTypes.PrimarySid; } else { claimType = ClaimTypes.GroupSid; } } } static void AssignClaimFromSysClaim(System.IdentityModel.Claims.Claim claim, out string _type, out string _value, out string _valueType, out string samlNameIdentifierFormat, out string samlNameIdentifierNameQualifier) { samlNameIdentifierFormat = null; samlNameIdentifierNameQualifier = null; _type = null; _value = null; _valueType = null; if (StringComparer.Ordinal.Equals(claim.ClaimType, ClaimTypes.Sid) && claim.Resource is SecurityIdentifier) { if (claim.Right == System.IdentityModel.Claims.Rights.Identity) { _type = ClaimTypes.PrimarySid; } else { _type = ClaimTypes.GroupSid; } _value = ((SecurityIdentifier)claim.Resource).Value; } else if (StringComparer.Ordinal.Equals(claim.ClaimType, ClaimTypes.Email) && claim.Resource is MailAddress) { _type = claim.ClaimType; _value = ((MailAddress)claim.Resource).Address; } else if (StringComparer.Ordinal.Equals(claim.ClaimType, ClaimTypes.Thumbprint) && claim.Resource is byte[]) { _type = claim.ClaimType; _value = Convert.ToBase64String(((byte[])claim.Resource)); _valueType = ClaimValueTypes.Base64Binary; } else if (StringComparer.Ordinal.Equals(claim.ClaimType, ClaimTypes.Hash) && claim.Resource is byte[]) { _type = claim.ClaimType; _value = Convert.ToBase64String(((byte[])claim.Resource)); _valueType = ClaimValueTypes.Base64Binary; } else if (StringComparer.Ordinal.Equals(claim.ClaimType, ClaimTypes.NameIdentifier) && claim.Resource is SamlNameIdentifierClaimResource) { _type = claim.ClaimType; _value = ((SamlNameIdentifierClaimResource)claim.Resource).Name; if (((SamlNameIdentifierClaimResource)claim.Resource).Format != null) { samlNameIdentifierFormat = ((SamlNameIdentifierClaimResource)claim.Resource).Format; } if (((SamlNameIdentifierClaimResource)claim.Resource).NameQualifier != null) { samlNameIdentifierNameQualifier = ((SamlNameIdentifierClaimResource)claim.Resource).NameQualifier; } } else if (StringComparer.Ordinal.Equals(claim.ClaimType, ClaimTypes.X500DistinguishedName) && claim.Resource is X500DistinguishedName) { _type = claim.ClaimType; _value = ((X500DistinguishedName)claim.Resource).Name; _valueType = ClaimValueTypes.X500Name; } else if (StringComparer.Ordinal.Equals(claim.ClaimType, ClaimTypes.Uri) && claim.Resource is Uri) { _type = claim.ClaimType; _value = ((Uri)claim.Resource).ToString(); } else if (StringComparer.Ordinal.Equals(claim.ClaimType, ClaimTypes.Rsa) && claim.Resource is RSA) { _type = claim.ClaimType; _value = ((RSA)claim.Resource).ToXmlString(false); _valueType = ClaimValueTypes.RsaKeyValue; } else if (StringComparer.Ordinal.Equals(claim.ClaimType, ClaimTypes.DenyOnlySid) && claim.Resource is SecurityIdentifier) { _type = claim.ClaimType; _value = ((SecurityIdentifier)claim.Resource).Value; } } } }