3.1.1.11.2.16 FilterAndPackOutputClaims

 procedure FilterAndPackOutputClaims (
     inputClaims : CLAIMS_ARRAY,
     fIncomingDirection : boolean,
     pOutputClaimsBlob : ADDRESS OF CLAIMS_BLOB) : ULONG

This is a helper procedure that filters and packs the given CLAIMS_ARRAY structure using the Claims Dictionary (3.1.1.11.1.2) in the forest. Filtering is done only for claims in the incoming direction as indicated by the fIncomingDirection parameter, and involves the removal of any claims whose types are not defined in the dictionary. Packing of claims involves sorting them into CLAIMS_ARRAY structures based on the claims source type as listed in the Claims Dictionary, and packing them into a CLAIMS_BLOB structure.

inputClaims: The input CLAIMS_ARRAY structure that is to be filtered.

fIncomingDirection: The direction of traversal. This parameter MUST be set to TRUE if the claims originated outside the trust boundary and are entering the trust boundary; otherwise, this parameter MUST be set to FALSE.

pOutputClaimsBlob: The address of a CLAIMS_BLOB structure for the output.

Return Values: This procedure returns zero upon success or an error otherwise.

Logical Processing:

 status : ULONG;
 claimConfigContainer : DSName
 outputClaimsSet : CLAIMS_SET;
 fMatchFound : boolean;
 claimType : CLAIMS_SOURCE_TYPE;
 status := 0;
 claimConfigContainer := DescendantObject( ConfigNC(),
     "CN=Claim Types, CN=Claims Configuration, CN=Services");
  
 fMatchFound := FALSE;
 claimType := null;
 pOutputClaimsBlob^ := null;
 outputClaimsSet := null;
  
 if (status ≠ 0)
     return status;
 endif
  
 outputClaimsSet.ClaimsArrays[0].ClaimsSourceType := CLAIMS_SOURCE_TYPE_AD;
 outputClaimsSet.ClaimsArrays[1].ClaimsSourceType :=
   CLAIMS_SOURCE_TYPE_CERTIFICATE;
  
 for each claim in inputClaims.ClaimEntries
      fMatchFound := FALSE;
  
      for (each claimdef in children claimConfigContainer &&
           NOT fMatchFound && ValidateClaimDefinition(claimdef))
           if (claimdef!msDS-ClaimSourceType = "Certificate")
               claimType := CLAIMS_SOURCE_TYPE_CERTIFICATE;
           else if (claimdef!msDS-ClaimSourceType = "AD")
               claimType := CLAIMS_SOURCE_TYPE_AD;
  
           else if (claimdef!msDS-ClaimSourceType = "TransformPolicy")
               claimType := CLAIMS_SOURCE_TYPE_AD;
           endif
  
           if (claimdef!Enabled AND
               claim.Id = claimdef!name AND
                  claim.Type = claimdef!msDS-ClaimValueType)
  
                // Filter and sort claims in the incoming direction
                if (fIncomingDirection)
                      if (claimType = CLAIMS_SOURCE_TYPE_CERTIFICATE)
                          outputClaimsSet.ClaimsArrays[1].ClaimEntries =
                              outputClaimsSet.ClaimsArrays[1].ClaimEntries +
                                  claim;
                      else if (claimType = CLAIMS_SOURCE_TYPE_AD)
                          outputClaimsSet.ClaimsArrays[0].ClaimEntries =
                              outputClaimsSet.ClaimsArrays[0].ClaimEntries +
                                  claim;
                      endif
                endif
                fMatchFound := TRUE;
           endif
      endfor
  
      // Sort claims on the outgoing direction
      if (!fIncomingDirection)
           if (claimType = CLAIMS_SOURCE_TYPE_CERTIFICATE)
               outputClaimsSet.ClaimsArrays[1].ClaimEntries =
                   outputClaimsSet.ClaimsArrays[1].ClaimEntries + claim;
            else
               outputClaimsSet.ClaimsArrays[0].ClaimEntries =
                   outputClaimsSet.ClaimsArrays[0].ClaimEntries + claim;
           endif
      endif
 endfor
  
 EncodeClaimsSet(ADDRESS OF outputClaimsSet, pOutputClaimsBlob);
  
 return 0;