Partager via


3.1.1.11.2.11 TransformClaimsOnTrustTraversal

 procedure TransformClaimsOnTrustTraversal (
     pInputClaimsBlob : ADDRESS OF CLAIMS_BLOB,
     trustName : unicodestring,
     fIncomingDirection : boolean,
     pOutputClaimsBlob : ADDRESS OF CLAIMS_BLOB) : ULONG

This procedure defines the logical processing for transforming a set of claims on trust traversal. This procedure uses the Claim data structure defined in [MS-CTA] section 2.1.2 and invokes the Claims Transformation Algorithm ([MS-CTA] section 2.1) for intermediate processing.

pInputClaimsBlob: The address of the CLAIMS_BLOB structure that contains the set of claims that are to be transformed.

trustName: The name of the trust that is being traversed.

fIncomingDirection: The direction of traversal. This parameter MUST be set to TRUE if the claims originated outside the trust boundary and are entering the trust boundary; otherwise, this parameter MUST be set to FALSE.

pOutputClaimsBlob: The address of a CLAIMS_BLOB structure that receives the transformed claims output.

Return Values: This procedure returns zero upon success or a nonzero result upon failure.

Logical Processing:

 trustDsName : DSName;
 claimsTransformRulesXml : string;
 claimsTransformRulesText : string;
 status : ULONG;
 CTAInputClaims : Claim[];
 CTAOutputClaims : Claim[];
 outputClaimsUnfiltered : CLAIMS_ARRAY;
 systemContainer : DSName;
 trustDsName := null;
 claimsTransformRulesXml := null;
 claimsTransformRulesText := null;
 status := 0;
 CTAInputClaims := null;
 CTAOutputClaims := null;
 outputClaimsUnfiltered := null;
 systemContainer := DescendantObject( DefaultNC(), "CN=System");
  
 for (x in children systemContainer )
     if (x!name = trustName)
         trustDsName := x
         break;
     endif
 endfor
  
 if (trustDsName = null)
     return ERROR_INVALID_PARAMETER;
 endif
  
 status := GetClaimsTransformationRulesXml(trustDsName, fIncomingDirection,
                                           ADDRESS OF claimsTransformRulesXml)
 if (status ≠ 0 and
      status ≠ ERROR_DS_OBJ_NOT_FOUND)
     pOutputClaimsBlob^ := 0;
     return 0;
 endif
  
 if (status = ERROR_DS_OBJ_NOT_FOUND)
      if (fIncomingDirection = FALSE)
            pOutputClaimsBlob^ := pInputClaimsBlob^;
      else
            pOutputClaimsBlob^ := 0;
      endif
 endif
  
 if (claimsTransformRulesXml ≠ null)
         status := GetTransformationRulesText (claimsTransformRulesXml,
                                         ADDRESS OF claimsTransformRulesText);
         if (status ≠ 0)
             pOutputClaimsBlob^ := 0;
         endif
 endif
  
 GetCTAClaims (pInputClaimsBlob^, ADDRESS OF CTAInputClaims);
  
 // Invoke the Claims Transformation Algorithm
 // specified generally in [MS-CTA] section 2 and more specifically
 // in [MS-CTA] section 2.1.3 with the following parameter mappings:
 //  CTAInputClaims --> InputClaims
 //  claimsTransformRulesText --> InputTransformationRulesText
 //  ADDRESS OF CTAOutputClaims --> OutputClaims
 //  status --> ReturnValue
  
 if (status ≠ 0)
       pOutputClaimsBlob^ := 0;
       return 0;
 endif
  
 CollapseMultiValuedClaims (CTAOutputClaims, ADDRESS OF outputClaimsUnfiltered);
  
 FilterAndPackOutputClaims(outputClaimsUnfiltered,
                           fIncomingDirection, pOutputClaimsBlob);
  
 return 0;