You've already forked linux-packaging-mono
							
							
		
			
	
	
		
			256 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
		
		
			
		
	
	
			256 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
|   | //----------------------------------------------------------------------------- | ||
|  | // Copyright (c) Microsoft Corporation.  All rights reserved. | ||
|  | //----------------------------------------------------------------------------- | ||
|  | 
 | ||
|  | namespace System.IdentityModel.Tokens | ||
|  | { | ||
|  |     using System.Collections; | ||
|  |     using System.Collections.Generic; | ||
|  |     using System.Collections.ObjectModel; | ||
|  |     using System.Globalization; | ||
|  |     using System.IdentityModel; | ||
|  |     using System.IdentityModel.Claims; | ||
|  |     using System.IdentityModel.Selectors; | ||
|  |     using System.Runtime.Serialization; | ||
|  |     using System.Xml; | ||
|  |     using System.Xml.Serialization; | ||
|  | 
 | ||
|  |     public class SamlAuthorizationDecisionStatement : SamlSubjectStatement | ||
|  |     { | ||
|  | 
 | ||
|  |         SamlEvidence evidence; | ||
|  |         readonly ImmutableCollection<SamlAction> actions = new ImmutableCollection<SamlAction>(); | ||
|  |         SamlAccessDecision accessDecision; | ||
|  |         string resource; | ||
|  |         bool isReadOnly = false; | ||
|  | 
 | ||
|  |         public SamlAuthorizationDecisionStatement() | ||
|  |         { | ||
|  |         } | ||
|  | 
 | ||
|  |         public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable<SamlAction> samlActions) | ||
|  |             : this(samlSubject, resource, accessDecision, samlActions, null) | ||
|  |         { | ||
|  |         } | ||
|  | 
 | ||
|  |         public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable<SamlAction> samlActions, SamlEvidence samlEvidence) | ||
|  |             : base(samlSubject) | ||
|  |         { | ||
|  |             if (samlActions == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlActions")); | ||
|  | 
 | ||
|  |             foreach (SamlAction action in samlActions) | ||
|  |             { | ||
|  |                 if (action == null) | ||
|  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLEntityCannotBeNullOrEmpty, XD.SamlDictionary.Action.Value)); | ||
|  | 
 | ||
|  |                 this.actions.Add(action); | ||
|  |             } | ||
|  | 
 | ||
|  |             this.evidence = samlEvidence; | ||
|  |             this.accessDecision = accessDecision; | ||
|  |             this.resource = resource; | ||
|  | 
 | ||
|  |             CheckObjectValidity(); | ||
|  |         } | ||
|  | 
 | ||
|  |         public static string ClaimType | ||
|  |         { | ||
|  |             get | ||
|  |             { | ||
|  |                 return ClaimTypes.AuthorizationDecision; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         public IList<SamlAction> SamlActions | ||
|  |         { | ||
|  |             get { return this.actions; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public SamlAccessDecision AccessDecision | ||
|  |         { | ||
|  |             get { return this.accessDecision; } | ||
|  |             set | ||
|  |             { | ||
|  |                 if (isReadOnly) | ||
|  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); | ||
|  | 
 | ||
|  |                 this.accessDecision = value; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         public SamlEvidence Evidence | ||
|  |         { | ||
|  |             get { return this.evidence; } | ||
|  |             set | ||
|  |             { | ||
|  |                 if (isReadOnly) | ||
|  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); | ||
|  | 
 | ||
|  |                 this.evidence = value; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         public string Resource | ||
|  |         { | ||
|  |             get { return this.resource; } | ||
|  |             set | ||
|  |             { | ||
|  |                 if (isReadOnly) | ||
|  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); | ||
|  | 
 | ||
|  |                 if (string.IsNullOrEmpty(value)) | ||
|  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLAuthorizationDecisionResourceRequired)); | ||
|  | 
 | ||
|  |                 this.resource = value; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         public override bool IsReadOnly | ||
|  |         { | ||
|  |             get { return this.isReadOnly; } | ||
|  |         } | ||
|  | 
 | ||
|  |         public override void MakeReadOnly() | ||
|  |         { | ||
|  |             if (!this.isReadOnly) | ||
|  |             { | ||
|  |                 if (this.evidence != null) | ||
|  |                     this.evidence.MakeReadOnly(); | ||
|  | 
 | ||
|  |                 foreach (SamlAction action in this.actions) | ||
|  |                 { | ||
|  |                     action.MakeReadOnly(); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 this.actions.MakeReadOnly(); | ||
|  | 
 | ||
|  |                 this.isReadOnly = true; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         protected override void AddClaimsToList(IList<Claim> claims) | ||
|  |         { | ||
|  |             if (claims == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("claims")); | ||
|  | 
 | ||
|  |             for (int i = 0; i < this.actions.Count; ++i) | ||
|  |             { | ||
|  |                 claims.Add(new Claim(ClaimTypes.AuthorizationDecision, new SamlAuthorizationDecisionClaimResource(this.resource, this.accessDecision, this.actions[i].Namespace, this.actions[i].Action), Rights.PossessProperty)); | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         void CheckObjectValidity() | ||
|  |         { | ||
|  |             if (this.SamlSubject == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectStatementRequiresSubject))); | ||
|  | 
 | ||
|  |             if (string.IsNullOrEmpty(this.resource)) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionResourceRequired))); | ||
|  | 
 | ||
|  |             if (this.actions.Count == 0) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionShouldHaveOneAction))); | ||
|  |         } | ||
|  | 
 | ||
|  |         public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) | ||
|  |         { | ||
|  |             if (reader == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); | ||
|  | 
 | ||
|  |             if (samlSerializer == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); | ||
|  | 
 | ||
|  | #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. | ||
|  |             SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; | ||
|  | 
 | ||
|  |             this.resource = reader.GetAttribute(dictionary.Resource, null); | ||
|  |             if (string.IsNullOrEmpty(this.resource)) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead))); | ||
|  | 
 | ||
|  |             string decisionString = reader.GetAttribute(dictionary.Decision, null); | ||
|  |             if (string.IsNullOrEmpty(decisionString)) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead))); | ||
|  | 
 | ||
|  |             if (decisionString.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase)) | ||
|  |                 this.accessDecision = SamlAccessDecision.Deny; | ||
|  |             else if (decisionString.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase)) | ||
|  |                 this.accessDecision = SamlAccessDecision.Permit; | ||
|  |             else | ||
|  |                 accessDecision = SamlAccessDecision.Indeterminate; | ||
|  | 
 | ||
|  |             reader.MoveToContent(); | ||
|  |             reader.Read(); | ||
|  | 
 | ||
|  |             if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace)) | ||
|  |             { | ||
|  |                 SamlSubject subject = new SamlSubject(); | ||
|  |                 subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver); | ||
|  |                 base.SamlSubject = subject; | ||
|  |             } | ||
|  |             else | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingSubjectOnRead))); | ||
|  | 
 | ||
|  |             while (reader.IsStartElement()) | ||
|  |             { | ||
|  |                 if (reader.IsStartElement(dictionary.Action, dictionary.Namespace)) | ||
|  |                 { | ||
|  |                     SamlAction action = new SamlAction(); | ||
|  |                     action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver); | ||
|  |                     this.actions.Add(action); | ||
|  |                 } | ||
|  |                 else if (reader.IsStartElement(dictionary.Evidence, dictionary.Namespace)) | ||
|  |                 { | ||
|  |                     if (this.evidence != null) | ||
|  |                         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionHasMoreThanOneEvidence))); | ||
|  | 
 | ||
|  |                     this.evidence = new SamlEvidence(); | ||
|  |                     this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver); | ||
|  |                 } | ||
|  |                 else | ||
|  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.AuthorizationDecisionStatement))); | ||
|  |             } | ||
|  | 
 | ||
|  |             if (this.actions.Count == 0) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionShouldHaveOneActionOnRead))); | ||
|  | 
 | ||
|  |             reader.MoveToContent(); | ||
|  |             reader.ReadEndElement(); | ||
|  |         } | ||
|  | 
 | ||
|  |         public override void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) | ||
|  |         { | ||
|  |             CheckObjectValidity(); | ||
|  | 
 | ||
|  |             if (writer == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("writer")); | ||
|  | 
 | ||
|  |             if (samlSerializer == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); | ||
|  | 
 | ||
|  | #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. | ||
|  |             SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; | ||
|  | 
 | ||
|  |             writer.WriteStartElement(dictionary.PreferredPrefix.Value, dictionary.AuthorizationDecisionStatement, dictionary.Namespace); | ||
|  | 
 | ||
|  |             writer.WriteStartAttribute(dictionary.Decision, null); | ||
|  |             writer.WriteString(this.accessDecision.ToString()); | ||
|  |             writer.WriteEndAttribute(); | ||
|  | 
 | ||
|  |             writer.WriteStartAttribute(dictionary.Resource, null); | ||
|  |             writer.WriteString(this.resource); | ||
|  |             writer.WriteEndAttribute(); | ||
|  | 
 | ||
|  |             this.SamlSubject.WriteXml(writer, samlSerializer, keyInfoSerializer); | ||
|  | 
 | ||
|  |             foreach (SamlAction action in this.actions) | ||
|  |                 action.WriteXml(writer, samlSerializer, keyInfoSerializer); | ||
|  | 
 | ||
|  |             if (this.evidence != null) | ||
|  |                 this.evidence.WriteXml(writer, samlSerializer, keyInfoSerializer); | ||
|  | 
 | ||
|  |             writer.WriteEndElement(); | ||
|  |         } | ||
|  |     } | ||
|  | } | ||
|  | 
 |