152 lines
5.6 KiB
C#
152 lines
5.6 KiB
C#
|
//-----------------------------------------------------------------------
|
||
|
|
// <copyright file="Saml2AuthorizationDecisionStatement.cs" company="Microsoft">
|
||
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||
|
|
// </copyright>
|
||
|
|
//-----------------------------------------------------------------------
|
||
|
|
|
||
|
|
namespace System.IdentityModel.Tokens
|
||
|
|
{
|
||
|
|
using System;
|
||
|
|
using System.Collections.Generic;
|
||
|
|
using System.Collections.ObjectModel;
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Represents the AuthzDecisionStatement specified in [Saml2Core, 2.7.4].
|
||
|
|
/// </summary>
|
||
|
|
public class Saml2AuthorizationDecisionStatement : Saml2Statement
|
||
|
|
{
|
||
|
|
/// <summary>
|
||
|
|
/// The empty URI reference, which may be used with the meaning
|
||
|
|
/// "the start of the current document" for the Resource property.
|
||
|
|
/// </summary>
|
||
|
|
public static readonly Uri EmptyResource = new Uri(string.Empty, UriKind.Relative);
|
||
|
|
|
||
|
|
private Collection<Saml2Action> actions = new Collection<Saml2Action>();
|
||
|
|
private Saml2Evidence evidence;
|
||
|
|
private SamlAccessDecision decision;
|
||
|
|
private Uri resource;
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
|
||
|
|
/// a resource and decision.
|
||
|
|
/// </summary>
|
||
|
|
/// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
|
||
|
|
/// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
|
||
|
|
public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision)
|
||
|
|
: this(resource, decision, null)
|
||
|
|
{
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
|
||
|
|
/// a resource and decision.
|
||
|
|
/// </summary>
|
||
|
|
/// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
|
||
|
|
/// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
|
||
|
|
/// <param name="actions">Collection of <see cref="Saml2Action"/> specifications.</param>
|
||
|
|
public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision, IEnumerable<Saml2Action> actions)
|
||
|
|
{
|
||
|
|
if (null == resource)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
|
||
|
|
}
|
||
|
|
|
||
|
|
// This check is making sure the resource is either a well-formed absolute uri or
|
||
|
|
// an empty relative uri before passing through to the rest of the constructor.
|
||
|
|
if (!(resource.IsAbsoluteUri || resource.Equals(EmptyResource)))
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("resource", SR.GetString(SR.ID4121));
|
||
|
|
}
|
||
|
|
|
||
|
|
if (decision < SamlAccessDecision.Permit || decision > SamlAccessDecision.Indeterminate)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("decision"));
|
||
|
|
}
|
||
|
|
|
||
|
|
this.resource = resource;
|
||
|
|
this.decision = decision;
|
||
|
|
|
||
|
|
if (null != actions)
|
||
|
|
{
|
||
|
|
foreach (Saml2Action action in actions)
|
||
|
|
{
|
||
|
|
this.actions.Add(action);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Gets of set the set of <see cref="Saml2Action"/> authorized to be performed on the specified
|
||
|
|
/// resource. [Saml2Core, 2.7.4]
|
||
|
|
/// </summary>
|
||
|
|
public Collection<Saml2Action> Actions
|
||
|
|
{
|
||
|
|
get { return this.actions; }
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Gets or sets the <see cref="SamlAccessDecision"/> rendered by the SAML authority with respect to the
|
||
|
|
/// specified resource. [Saml2Core, 2.7.4]
|
||
|
|
/// </summary>
|
||
|
|
public SamlAccessDecision Decision
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
return this.decision;
|
||
|
|
}
|
||
|
|
|
||
|
|
set
|
||
|
|
{
|
||
|
|
if (value < SamlAccessDecision.Permit || value > SamlAccessDecision.Indeterminate)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
|
||
|
|
}
|
||
|
|
|
||
|
|
this.decision = value;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Gets or sets a set of <see cref="Saml2Evidence"/> that the SAML authority relied on in making
|
||
|
|
/// the decision. [Saml2Core, 2.7.4]
|
||
|
|
/// </summary>
|
||
|
|
public Saml2Evidence Evidence
|
||
|
|
{
|
||
|
|
get { return this.evidence; }
|
||
|
|
set { this.evidence = value; }
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Gets or sets a URI reference identifying the resource to which access
|
||
|
|
/// authorization is sought. [Saml2Core, 2.7.4]
|
||
|
|
/// </summary>
|
||
|
|
/// <remarks>
|
||
|
|
/// In addition to any absolute URI, the Resource may also be the
|
||
|
|
/// empty URI reference, and the meaning is defined to be "the start
|
||
|
|
/// of the current document". [Saml2Core, 2.7.4]
|
||
|
|
/// </remarks>
|
||
|
|
public Uri Resource
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
return this.resource;
|
||
|
|
}
|
||
|
|
|
||
|
|
set
|
||
|
|
{
|
||
|
|
if (null == value)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!(value.IsAbsoluteUri || value.Equals(EmptyResource)))
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID4121));
|
||
|
|
}
|
||
|
|
|
||
|
|
this.resource = value;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|