Imported Upstream version 3.6.0

Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14

mcs/class/System.IdentityModel/Assembly/AssemblyInfo.cs

@@ -0,0 +1,64 @@
+//
+// AssemblyInfo.cs
+//
+// Author:
+//   Andreas Nahr (ClassDevelopment@A-SoftTech.com)
+//
+// (C) 2003 Ximian, Inc.  http://www.ximian.com
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Reflection;
+using System.Resources;
+using System.Security;
+using System.Security.Permissions;
+using System.Diagnostics;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about the System.IdentityModel assembly
+// v3.0 Assembly
+
+[assembly: AssemblyTitle ("System.IdentityModel.dll")]
+[assembly: AssemblyDescription ("System.IdentityModel.dll")]
+[assembly: AssemblyDefaultAlias ("System.IdentityModel.dll")]
+
+[assembly: AssemblyCompany (Consts.MonoCompany)]
+[assembly: AssemblyProduct (Consts.MonoProduct)]
+[assembly: AssemblyCopyright (Consts.MonoCopyright)]
+[assembly: AssemblyVersion (Consts.FxVersion)]
+[assembly: SatelliteContractVersion (Consts.FxVersion)]
+[assembly: AssemblyInformationalVersion (Consts.FxFileVersion)]
+[assembly: AssemblyFileVersion (Consts.FxFileVersion)]
+
+[assembly: NeutralResourcesLanguage ("en-US")]
+[assembly: CLSCompliant (true)]
+[assembly: AssemblyDelaySign (true)]
+[assembly: AssemblyKeyFile ("../ecma.pub")]
+
+[assembly: ComVisible (false)]
+[assembly: ComCompatibleVersion (1, 0, 3300, 0)]
+[assembly: AllowPartiallyTrustedCallers]
+
+[assembly: SecurityCritical (SecurityCriticalScope.Explicit)]

mcs/class/System.IdentityModel/ChangeLog

@@ -0,0 +1,37 @@
+2010-04-28  Marek Habersack  <mhabersack@novell.com>
+
+	* Makefile (OTHER_LIB_MCS_FLAGS): added a reference to
+	System.Web.ApplicationServices in the 4.0 profile.
+
+2008-03-21  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Makefile : added missing EXTRA_DISTFILES.
+
+2007-12-05  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Makefile : added net_3_5 profile as a valid target.
+
+2006-12-06  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Makefile : added Mono.Security dependency.
+
+2006-07-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Obsoleted : removed.
+
+2006-07-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Makefile : add path to referenced assemblies as gmcs always loads
+	  them from the GAC.
+
+2006-03-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Makefile : added System.Web.dll.
+
+2006-02-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* now it is System.IdentityModel.dll.
+
+2005-09-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* System.Security.Authorization.dll.sources : all classes are added.

mcs/class/System.IdentityModel/Makefile

@@ -0,0 +1,37 @@
+thisdir = class/System.IdentityModel
+SUBDIRS = 
+include ../../build/rules.make
+
+ifeq (4, $(FRAMEWORK_VERSION_MAJOR))
+OTHER_LIB_MCS_FLAGS = -r:System.Web.ApplicationServices.dll
+endif
+
+LIBRARY = System.IdentityModel.dll
+LIB_MCS_FLAGS = \
+		/d:NET_3_0	\
+	        /r:System.dll \
+	        /r:System.Xml.dll \
+	        /r:System.Security.dll \
+		/r:System.Web.dll \
+		/r:System.Configuration.dll \
+		/r:Mono.Security.dll \
+	        /r:System.Runtime.Serialization.dll \
+	        $(OTHER_LIB_MCS_FLAGS)
+
+TEST_MCS_FLAGS = $(LIB_MCS_FLAGS)
+
+EXTRA_DISTFILES = \
+	Test/Resources/test.cer \
+	Test/Resources/test_neg_serial.cer \
+	Test/Resources/test.pfx \
+	Test/Resources/test2.pfx
+
+VALID_PROFILE := $(filter net_2_0 net_4_0 net_4_5, $(PROFILE))
+ifndef VALID_PROFILE
+LIBRARY_NAME = dummy-System.IdentityModel.dll
+NO_INSTALL = yes
+NO_SIGN_ASSEMBLY = yes
+NO_TEST = yes
+endif
+
+include ../../build/library.make

mcs/class/System.IdentityModel/System.IdentityModel.Claims/ChangeLog

@@ -0,0 +1,62 @@
+2007-11-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* X509CertificateClaimSet.cs : the semantics of the members has
+	  changed after I practically touched this type last time.
+
+2007-04-05  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Claim.cs : added serialized fields.
+
+2007-02-05  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* X509CertificateClaimSet.cs : removed extraneous claims.
+
+2006-10-07  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* ClaimSet.cs : implemented System.
+	* Claim.cs : implement everything except for windows specific stuff.
+	* DefaultClaimSet.cs : implemented Initialize().
+	* X509CertificateClaimSet.cs : implemented some members.
+
+2006-09-12  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* ClaimSet.cs : warning cleanup.
+
+2006-09-07  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Claim.cs, Rights.cs : mostly implemented.
+
+2006-09-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* ClaimTypes.cs, DefaultClaimSet.cs, Claim.cs :
+	  updated namespace URI.
+
+2006-08-28  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* ClaimTypes.cs : implemented.
+
+2006-07-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* ClaimSetBase.cs, DefaultClaimSet.cs : renamed from former to latter.
+
+2006-07-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* ClaimSetBase.cs, WindowsClaimSet.cs, ClaimSet.cs, Claim.cs,
+	  ClaimTypes.cs, X509CertificateClaimSet.cs : June CTP updates.
+
+2006-03-22  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* WindowsClaimSet.cs X509CertificateClaimSet.cs : new files.
+	* ClaimSetBase.cs Rights.cs ClaimSet.cs Claim.cs : several updates
+	  to match Feb. CTP.
+
+2006-02-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Claim.cs ClaimSet.cs ClaimSetBase.cs :
+
+	  Moving namespaces to System.IdentityModel.*.
+
+2006-02-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Claim.cs ClaimSet.cs ClaimSetBase.cs : moved from
+	  System.ServiceModel (via System.IdentityModel.Policy).

mcs/class/System.IdentityModel/System.IdentityModel.Claims/Claim.cs

@@ -0,0 +1,184 @@
+//
+// Claim.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Net.Mail;
+using System.Runtime.Serialization;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Principal;
+
+namespace System.IdentityModel.Claims
+{
+	[DataContract (Namespace="http://schemas.xmlsoap.org/ws/2005/05/identity")]
+	public class Claim
+	{
+		class ClaimComparer : IEqualityComparer<Claim>
+		{
+			public bool Equals (Claim c1, Claim c2)
+			{
+				if (c1 == null)
+					return c2 == null;
+				else if (c2 == null)
+					return false;
+				return  c1.ClaimType == c2.ClaimType &&
+					c1.Right == c2.Right &&
+					c1.Resource != null ? c1.Resource.Equals (c2.Resource) : c2.Resource == null;
+			}
+
+			public int GetHashCode (Claim c)
+			{
+				return  c.ClaimType.GetHashCode () << 24 +
+					c.Right.GetHashCode () << 16 +
+					(c.Resource != null ? c.Resource.GetHashCode () << 8 : 0);
+			}
+		}
+
+		// static members
+		static readonly ClaimComparer default_comparer = new ClaimComparer ();
+		static readonly Claim system = new Claim (ClaimTypes.System, "System", Rights.Identity);
+
+		public static IEqualityComparer<Claim> DefaultComparer {
+			get { return default_comparer; }
+		}
+
+		public static Claim System {
+			get { return system; }
+		}
+
+		public static Claim CreateDnsClaim (string dns)
+		{
+			return new Claim (ClaimTypes.Dns, dns, Rights.PossessProperty);
+		}
+
+		[MonoTODO]
+		public static Claim CreateDenyOnlyWindowsSidClaim (SecurityIdentifier identifier)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public static Claim CreateHashClaim (byte [] hash)
+		{
+			return new Claim (ClaimTypes.Hash, hash, Rights.PossessProperty);
+		}
+
+		public static Claim CreateMailAddressClaim (
+			MailAddress mailAddress)
+		{
+			return new Claim (ClaimTypes.Email, mailAddress, Rights.PossessProperty);
+		}
+
+		public static Claim CreateNameClaim (string name)
+		{
+			return new Claim (ClaimTypes.Name, name, Rights.PossessProperty);
+		}
+
+		public static Claim CreateRsaClaim (RSA rsa)
+		{
+			return new Claim (ClaimTypes.Rsa, rsa, Rights.PossessProperty);
+		}
+
+		public static Claim CreateSpnClaim (string spn)
+		{
+			return new Claim (ClaimTypes.Spn, spn, Rights.PossessProperty);
+		}
+
+		public static Claim CreateThumbprintClaim (byte [] thumbprint)
+		{
+			return new Claim (ClaimTypes.Thumbprint, thumbprint, Rights.PossessProperty);
+		}
+
+		public static Claim CreateUpnClaim (string upn)
+		{
+			return new Claim (ClaimTypes.Upn, upn, Rights.PossessProperty);
+		}
+
+		public static Claim CreateUriClaim (Uri uri)
+		{
+			return new Claim (ClaimTypes.Uri, uri, Rights.PossessProperty);
+		}
+
+		public static Claim CreateWindowsSidClaim (
+			SecurityIdentifier sid)
+		{
+			return new Claim (ClaimTypes.Sid, sid, Rights.PossessProperty);
+		}
+
+		public static Claim CreateX500DistinguishedNameClaim (
+			X500DistinguishedName x500DistinguishedName)
+		{
+			return new Claim (ClaimTypes.X500DistinguishedName, x500DistinguishedName, Rights.PossessProperty);
+		}
+
+		// since those public properties do not expose attributes,
+		// here I use them on the fields instead ...
+		[DataMember (Name = "ClaimType")]
+		string claim_type;
+		[DataMember (Name = "Resource")]
+		object resource;
+		[DataMember (Name = "Right")]
+		string right;
+
+		public Claim (string claimType, object resource,
+			string right)
+		{
+			this.claim_type = claimType;
+			this.resource = resource;
+			this.right = right;
+		}
+
+		public object Resource {
+			get { return resource; }
+		}
+
+		public string ClaimType {
+			get { return claim_type; }
+		}
+
+		public string Right {
+			get { return right; }
+		}
+
+		public override string ToString ()
+		{
+			return String.Concat (Right, ": ", ClaimType);
+		}
+
+		public override bool Equals (object obj)
+		{
+			Claim c = obj as Claim;
+			return c != null && DefaultComparer.Equals (this, c);
+		}
+
+		public override int GetHashCode ()
+		{
+			return DefaultComparer.GetHashCode (this);
+		}
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Claims/ClaimSet.cs

@@ -0,0 +1,83 @@
+//
+// ClaimSet.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+
+namespace System.IdentityModel.Claims
+{
+	[DataContract (Namespace="http://schemas.xmlsoap.org/ws/2005/05/identity")]
+	public abstract class ClaimSet : IEnumerable<Claim>, IEnumerable
+	{
+		static ClaimSet system = DefaultClaimSet.CreateSystemClaimSet ();
+		static ClaimSet win;
+
+		public static ClaimSet System {
+			get { return system; }
+		}
+
+		[MonoTODO]
+		public static ClaimSet Windows {
+			get { return win; }
+		}
+
+		protected ClaimSet ()
+		{
+		}
+
+		public abstract int Count { get; }
+
+		public abstract ClaimSet Issuer { get; }
+
+		public abstract Claim this [int index] { get; }
+
+		public virtual bool ContainsClaim (Claim claim)
+		{
+			return ContainsClaim (claim, Claim.DefaultComparer);
+		}
+
+		public virtual bool ContainsClaim (Claim claim, IEqualityComparer<Claim> comparer)
+		{
+			foreach (Claim c in this)
+				if (comparer.Equals (claim, c))
+					return true;
+			return false;
+		}
+
+		public abstract IEnumerable<Claim> FindClaims (
+			string resourceType, string right);
+
+		public abstract IEnumerator<Claim> GetEnumerator ();
+
+		IEnumerator IEnumerable.GetEnumerator ()
+		{
+			return GetEnumerator ();
+		}
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Claims/ClaimTypes.cs

@@ -0,0 +1,158 @@
+//
+// ClaimTypes.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+
+namespace System.IdentityModel.Claims
+{
+	public static class ClaimTypes
+	{
+		public static string Anonymous {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/anonymous"; }
+		}
+
+		public static string Authentication {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication"; }
+		}
+
+		public static string AuthorizationDecision {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecision"; }
+		}
+
+		public static string Country {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country"; }
+		}
+
+		public static string DateOfBirth {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth"; }
+		}
+
+		public static string DenyOnlySid {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid"; }
+		}
+
+		public static string Dns {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns"; }
+		}
+
+		public static string Email {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; }
+		}
+
+		public static string Gender {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender"; }
+		}
+
+		public static string GivenName {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; }
+		}
+
+		public static string Hash {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/hash"; }
+		}
+
+		public static string HomePhone {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone"; }
+		}
+
+		public static string Locality {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality"; }
+		}
+
+		public static string MobilePhone {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone"; }
+		}
+
+		public static string Name {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"; }
+		}
+
+		public static string NameIdentifier {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"; }
+		}
+
+		public static string OtherPhone {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone"; }
+		}
+
+		public static string PostalCode {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode"; }
+		}
+
+		public static string PPID {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"; }
+		}
+
+		public static string Rsa {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa"; }
+		}
+
+		public static string Sid {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid"; }
+		}
+
+		public static string Spn {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/spn"; }
+		}
+
+		public static string StateOrProvince {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince"; }
+		}
+
+		public static string StreetAddress {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress"; }
+		}
+
+		public static string Surname {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; }
+		}
+
+		public static string System {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/system"; }
+		}
+
+		public static string Thumbprint {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint"; }
+		}
+
+		public static string Upn {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"; }
+		}
+
+		public static string Uri {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri"; }
+		}
+
+		public static string Webpage {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage"; }
+		}
+
+		public static string X500DistinguishedName {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname"; }
+		}
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Claims/DefaultClaimSet.cs

@@ -0,0 +1,147 @@
+//
+// DefaultClaimSet.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+
+namespace System.IdentityModel.Claims
+{
+	[DataContract (Namespace="http://schemas.xmlsoap.org/ws/2005/05/identity")]
+	public class DefaultClaimSet : ClaimSet
+	{
+		internal static DefaultClaimSet CreateSystemClaimSet ()
+		{
+			DefaultClaimSet s = new DefaultClaimSet ();
+			s.Initialize (s, new Claim [] {Claim.System, new Claim (ClaimTypes.System, "System", Rights.PossessProperty)});
+			return s;
+		}
+
+		List<Claim> list = new List<Claim> ();
+		ClaimSet issuer;
+
+		// Constructors
+
+		internal DefaultClaimSet ()
+		{
+		}
+
+		public DefaultClaimSet (params Claim[] claims)
+		{
+			list.AddRange (claims);
+		}
+
+		public DefaultClaimSet (IList<Claim> claims)
+		{
+			list.AddRange (claims);
+		}
+
+		public DefaultClaimSet (ClaimSet issuer, params Claim[] claims)
+		{
+			this.issuer = issuer;
+			list.AddRange (claims);
+		}
+
+		public DefaultClaimSet (ClaimSet issuer, IList<Claim> claims)
+		{
+			this.issuer = issuer;
+			list.AddRange (claims);
+		}
+
+		// Properties
+
+		public override int Count {
+			get { return list.Count; }
+		}
+
+		public override ClaimSet Issuer {
+			get { return issuer; }
+		}
+
+		public override Claim this [int index] {
+			get { return list [index]; }
+		}
+
+		// Methods
+
+		public override bool ContainsClaim (Claim claim)
+		{
+			return base.ContainsClaim (claim);
+		}
+
+		public override IEnumerable<Claim> FindClaims (
+			string claimType, string right)
+		{
+			return new ClaimListFilter (this, claimType);
+		}
+
+		public override IEnumerator<Claim> GetEnumerator ()
+		{
+			return list.GetEnumerator ();
+		}
+
+		protected void Initialize (ClaimSet issuer, IList<Claim> claims)
+		{
+			this.issuer = issuer;
+			foreach (Claim c in claims)
+				list.Add (c);
+		}
+
+		[MonoTODO]
+		public override string ToString ()
+		{
+			return base.ToString ();
+		}
+
+		// Types
+
+		class ClaimListFilter : IEnumerable<Claim>
+		{
+			DefaultClaimSet source;
+			string claim_type;
+
+			public ClaimListFilter (DefaultClaimSet source, string claimType)
+			{
+				claim_type = claimType;
+				this.source = source;
+			}
+
+			public IEnumerator<Claim> GetEnumerator ()
+			{
+				foreach (Claim c in source)
+					if (c.ClaimType == claim_type)
+						yield return c;
+			}
+
+			IEnumerator IEnumerable.GetEnumerator ()
+			{
+				return GetEnumerator ();
+			}
+		}
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Claims/Rights.cs

@@ -0,0 +1,42 @@
+//
+// Rights.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+
+namespace System.IdentityModel.Claims
+{
+	public static class Rights
+	{
+		public static string Identity {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/right/identity"; }
+		}
+
+		public static string PossessProperty {
+			get { return "http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty"; }
+		}
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Claims/WindowsClaimSet.cs

@@ -0,0 +1,114 @@
+//
+// WindowsClaimSet.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+using System.Security.Principal;
+
+namespace System.IdentityModel.Claims
+{
+	public class WindowsClaimSet : ClaimSet, IDisposable
+	{
+		WindowsIdentity identity;
+		DateTime expiration_time;
+
+		// Constructors
+
+		[MonoTODO]
+		public WindowsClaimSet (WindowsIdentity identity)
+		{
+			throw new NotImplementedException ();
+		}
+
+		[MonoTODO]
+		public WindowsClaimSet (WindowsIdentity identity, bool includeWindowsGroups)
+		{
+			throw new NotImplementedException ();
+		}
+
+		[MonoTODO]
+		public WindowsClaimSet (WindowsIdentity identity, DateTime expirationTime)
+		{
+			throw new NotImplementedException ();
+		}
+
+		[MonoTODO]
+		public WindowsClaimSet (WindowsIdentity identity, bool includeWindowsGroups, DateTime expirationTime)
+		{
+			throw new NotImplementedException ();
+		}
+
+		// Properties
+
+		public override int Count {
+			get { throw new NotImplementedException (); }
+		}
+
+		public override ClaimSet Issuer {
+			get { throw new NotImplementedException (); }
+		}
+
+		public override Claim this [int index] {
+			get { throw new NotImplementedException (); }
+		}
+
+		public DateTime ExpirationTime {
+			get { return expiration_time; }
+		}
+
+		public WindowsIdentity WindowsIdentity {
+			get { return identity; }
+		}
+
+		// Methods
+
+		[MonoTODO]
+		public void Dispose ()
+		{
+		}
+
+		[MonoTODO]
+		public override IEnumerable<Claim> FindClaims (
+			string claimType, string right)
+		{
+			throw new NotImplementedException ();
+		}
+
+		[MonoTODO]
+		public override IEnumerator<Claim> GetEnumerator ()
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override string ToString ()
+		{
+			return base.ToString ();
+		}
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Claims/X509CertificateClaimSet.cs

@@ -0,0 +1,128 @@
+//
+// X509CertificateClaimSet.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+namespace System.IdentityModel.Claims
+{
+	public class X509CertificateClaimSet : ClaimSet, IDisposable
+	{
+		X509Certificate2 cert;
+		ClaimSet issuer;
+		List<Claim> claims = new List<Claim> ();
+
+		// Constructors
+
+		class X509IdentityClaimSet : DefaultClaimSet
+		{
+			public X509IdentityClaimSet (Claim c)
+			{
+				Initialize (this, new Claim [] {c});
+			}
+		}
+
+		public X509CertificateClaimSet (X509Certificate2 certificate)
+		{
+			if (certificate == null)
+				throw new ArgumentNullException ("certificate");
+			this.cert = certificate;
+			Claim ident = new Claim (ClaimTypes.Thumbprint, cert.Thumbprint, Rights.Identity);
+//			issuer = new X509IdentityClaimSet (ident);
+			claims.Add (ident);
+			//claims.Add (Claim.CreateX500DistinguishedNameClaim (cert.SubjectName));
+			//claims.Add (Claim.CreateNameClaim (cert.SubjectName.Name));
+			RSA rsa = cert.PublicKey.Key as RSA;
+			if (rsa != null)
+				claims.Add (Claim.CreateRsaClaim (rsa));
+			claims.Add (Claim.CreateThumbprintClaim (cert.GetCertHash ()));
+			// FIXME: where is DNS info for X509 cert?
+			claims.Add (Claim.CreateDnsClaim (null));
+		}
+
+		// Properties
+
+		public override int Count {
+			get { return claims.Count; }
+		}
+
+		public override ClaimSet Issuer {
+			get {
+				if (issuer == null) {
+					X509Chain chain = new X509Chain ();
+					chain.Build (cert);
+					if (chain.ChainElements.Count <= 1)
+						throw new InvalidOperationException ("hmm, the certificate chain does not contain enough information");
+					issuer = new X509CertificateClaimSet (chain.ChainElements [1].Certificate);
+				}
+				return issuer;
+			}
+		}
+
+		public override Claim this [int index] {
+			get { return claims [index]; }
+		}
+
+		[MonoTODO ("use ParseExact")]
+		public DateTime ExpirationTime {
+			get { return DateTime.Parse (cert.GetExpirationDateString ()); }
+		}
+
+		public X509Certificate2 X509Certificate {
+			get { return cert; }
+		}
+
+		// Methods
+
+		[MonoTODO]
+		public void Dispose ()
+		{
+		}
+
+		[MonoTODO]
+		public override IEnumerable<Claim> FindClaims (
+			string claimType, string right)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override IEnumerator<Claim> GetEnumerator ()
+		{
+			return claims.GetEnumerator ();
+		}
+
+		[MonoTODO]
+		public override string ToString ()
+		{
+			return base.ToString ();
+		}
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Policy/AuthorizationContext.cs

@@ -0,0 +1,102 @@
+//
+// AuthorizationContext.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Claims;
+using System.Xml;
+
+namespace System.IdentityModel.Policy
+{
+	public abstract class AuthorizationContext :
+		IAuthorizationComponent
+	{
+		[MonoTODO]
+		public static AuthorizationContext 
+			CreateDefaultAuthorizationContext (IList<IAuthorizationPolicy> policies)
+		{
+			if (policies == null)
+				throw new ArgumentNullException ("policies");
+
+			string id = new UniqueId ().ToString ();
+			DefaultEvaluationContext ctx =
+				new DefaultEvaluationContext ();
+			foreach (IAuthorizationPolicy a in policies) {
+				object o = null;
+				a.Evaluate (ctx, ref o);
+			}
+
+			return new DefaultAuthorizationContext (id, ctx);
+		}
+
+		protected AuthorizationContext ()
+		{
+		}
+
+		public abstract DateTime ExpirationTime { get; }
+
+		public abstract string Id { get; }
+
+		public abstract ReadOnlyCollection<ClaimSet> ClaimSets { get; }
+
+		public abstract IDictionary<string,object> Properties { get; }
+
+		// default implementation: this class will be used for 
+		// CreateDefaultAuthorizationContext().
+		class DefaultAuthorizationContext : AuthorizationContext
+		{
+			DefaultEvaluationContext ctx;
+			string id;
+
+			public DefaultAuthorizationContext (
+				string id, DefaultEvaluationContext context)
+			{
+				this.id = id;
+				this.ctx = context;
+			}
+
+			public override DateTime ExpirationTime {
+				get { return ctx.ExpirationTime; }
+			}
+
+			public override string Id {
+				get { return id; }
+			}
+
+			public override ReadOnlyCollection<ClaimSet> ClaimSets {
+				get { return ctx.ClaimSets; }
+			}
+
+			public override IDictionary<string,object> Properties {
+				get { return ctx.Properties; }
+			}
+		}
+
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Policy/ChangeLog

@@ -0,0 +1,66 @@
+2006-12-08  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* AuthorizationContext.cs : (CreateDefaultAuthorizationContext)
+	  check null argument.
+
+2006-10-11  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* AuthorizationContext.cs : changed DefaultAuthorizationContext to
+	  receive DefaultEvaluationContext to implement its properties.
+	  Implemented CreateDefaultAuthorizationContext().
+	* EvaluationContext.cs : (DefaultEvaluationContext) implemented 
+	  AddClaimSet() and RecordExpirationTime().
+
+2006-07-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* EvaluationContext.cs, AuthorizationContext.cs : June CTP updates.
+	  Also moved internal default impl. classes into those files.
+	* AcceptClaimSetEventArgs.cs, AuthorizationContextBase.cs,
+	  EvaluationContextBase.cs : removed old code.
+
+2006-03-22  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* EvaluationContext.cs AuthorizationContextBase.cs
+	  AuthorizationContext.cs EvaluationContextBase.cs :
+	  several fixes to match Feb. CTP API.
+
+2006-02-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* AcceptClaimSetEventArgs.cs AcceptPolicyEventArgs.cs 
+	  AuthorizationContext.cs AuthorizationContextBase.cs
+	  AuthorizationDomain.cs ClaimComparer.cs EvaluationContext.cs
+	  EvaluationContextBase.cs IAuthorizationComponent.cs
+	  IAuthorizationPolicy.cs ResourceRights.cs ResourceTypes.cs :
+
+	  Moving namespaces to System.IdentityModel.*.
+
+2006-01-19  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* ResourceTypes.cs EvaluationContext.cs ClaimComparer.cs Claim.cs
+	  AuthorizationDomain.cs ClaimSetBase.cs IAuthorizationComponent.cs
+	  AuthorizationContextBase.cs ClaimSet.cs AuthorizationContext.cs
+	  EvaluationContextBase.cs ResourceRights.cs :
+	  several updates to catch up Jan. CTP API.
+
+2005-09-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* ClaimSetBase.cs, AuthorizationContextBase.cs : more missing bits.
+
+2005-09-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Dummy.cs: it is not required anymore.
+	* IAuthorizationPolicy.cs, IAuthorizationComponent.cs,
+	  AcceptPolicyEventArgs.cs, AcceptClaimSetEventArgs.cs,
+	  AuthorizationContextBase.cs, AuthorizationContext.cs :
+	  new files.
+	* EvaluationContext.cs: copyright lines.
+	  AuthorizationDomain.cs : added events.
+	  ClaimSetBase.cs: implemented.
+
+2005-09-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* ClaimSetBase.cs, EvaluationContext.cs, ClaimSet.cs
+	  EvaluationContextBase.cs, AuthorizationDomain.cs : new files.
+	* ClaimComparer.cs, Claim.cs, ResourceRights.cs, ResourceTypes.cs :
+	  added copyright lines.
+	* Dummy.cs : removed lines for added types.

mcs/class/System.IdentityModel/System.IdentityModel.Policy/EvaluationContext.cs

@@ -0,0 +1,106 @@
+//
+// EvaluationContext.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Claims;
+
+namespace System.IdentityModel.Policy
+{
+	public abstract class EvaluationContext
+	{
+		protected EvaluationContext ()
+		{
+		}
+
+		public abstract int Generation { get; }
+
+		public abstract IDictionary<string,object> Properties { get; }
+
+		public abstract ReadOnlyCollection<ClaimSet> ClaimSets { get; }
+
+		public abstract void AddClaimSet (
+			IAuthorizationPolicy authorizationPolicy,
+			ClaimSet claimSet);
+
+		public abstract void RecordExpirationTime (DateTime time);
+	}
+
+	// default implementation
+
+	internal class DefaultEvaluationContext : EvaluationContext
+	{
+		DateTime expiration_time = DateTime.MaxValue.AddDays (-1);
+		int generation;
+		Collection<ClaimSet> claim_sets;
+		ReadOnlyCollection<ClaimSet> exposed_claim_sets;
+		Dictionary<string,object> properties =
+			new Dictionary<string,object> ();
+		Dictionary<IAuthorizationPolicy,ClaimSet> claim_set_map =
+			new Dictionary<IAuthorizationPolicy,ClaimSet> ();
+
+		public DefaultEvaluationContext ()
+		{
+			claim_sets = new Collection<ClaimSet> ();
+			exposed_claim_sets =
+				new ReadOnlyCollection<ClaimSet> (claim_sets);
+		}
+
+		public override int Generation {
+			get { return generation; }
+		}
+
+		public override IDictionary<string,object> Properties {
+			get { return properties; }
+		}
+
+		public override ReadOnlyCollection<ClaimSet> ClaimSets {
+			get { return exposed_claim_sets; }
+		}
+
+		public override void AddClaimSet (
+			IAuthorizationPolicy authorizationPolicy,
+			ClaimSet claimSet)
+		{
+			generation++;
+			claim_set_map.Add (authorizationPolicy, claimSet);
+			claim_sets.Add (claimSet);
+		}
+
+		public override void RecordExpirationTime (DateTime time)
+		{
+			expiration_time = time;
+		}
+
+		internal DateTime ExpirationTime {
+			get { return expiration_time; }
+		}
+	}
+
+}

mcs/class/System.IdentityModel/System.IdentityModel.Policy/IAuthorizationComponent.cs

@@ -0,0 +1,35 @@
+//
+// IAuthorizationComponent.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+namespace System.IdentityModel.Policy
+{
+	public interface IAuthorizationComponent
+	{
+		string Id { get; }
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Policy/IAuthorizationPolicy.cs

@@ -0,0 +1,39 @@
+//
+// IAuthorizationPolicy.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System.IdentityModel.Claims;
+
+namespace System.IdentityModel.Policy
+{
+	public interface IAuthorizationPolicy : IAuthorizationComponent
+	{
+		ClaimSet Issuer { get; }
+
+		bool Evaluate (EvaluationContext evaluationContext,
+			ref object state);
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Selectors/AudienceUriMode.cs

@@ -0,0 +1,41 @@
+//
+// AudienceUriMode.cs
+//
+// Author:
+//	Igor Zelmanovich <igorz@mainsoft.com>
+//
+// Copyright (C) 2008 Mainsoft, Inc.  http://www.mainsoft.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace System.IdentityModel.Selectors
+{
+	public enum AudienceUriMode
+	{
+		Never = 0,
+		Always = 1,
+		BearerKeyOnly = 2,
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Selectors/ChangeLog

@@ -0,0 +1,141 @@
+2010-07-28  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirement.cs : return false if property value is
+	  null in the internal dictionary (unlike Dictionary<K,V>).
+
+2007-11-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirement.cs : fill out parameter properly (gmcs
+	  does not report it; see bug #334258).
+
+2007-03-05  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirement.cs :
+	  Reject type-mismatch in TryGetProperty().
+
+2007-02-21  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenResolver.cs : fixed some error messages.
+
+2007-02-15  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* X509SecurityTokenAuthenticator.cs : message formatting fix.
+
+2006-09-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenResolver.cs : handle matchLocalId in the default impl.
+
+2006-09-19  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenProvider.cs : implemented cancel/renew stuff (not
+	  supported by default).
+	* KerberosSecurityTokenProvider.cs : somehow implemented for
+	  tests.
+	* SecurityTokenManager.cs,
+	  SecurityTokenVersion.cs : removed MonoTODOs.
+
+2006-09-15  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirement.cs : seems like KeyUsage does not exist
+	  by default.
+
+2006-09-14  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SamlSecurityTokenAuthenticator.cs : missing MonoTODOs.
+	* WindowsUserNameSecurityTokenAuthenticator.cs : fixed ctors.
+
+2006-09-14  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* UserNameSecurityTokenAuthenticator.cs,
+	  RsaSecurityTokenAuthenticator.cs,
+	  CustomUserNameSecurityTokenAuthenticator.cs,
+	  X509SecurityTokenAuthenticator.cs,
+	  UserNamePasswordValidator.cs : implemented.
+	  SamlSecurityTokenAuthenticator.cs : partly implemented.
+	* X509CertificateValidator.cs : "None" was causing error at any time.
+
+2006-09-12  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* X509SecurityTokenProvider.cs : implemented IDisposable. There I
+	  have no other idea than it affects on X509Store.
+
+2006-09-12  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* UserNameSecurityTokenProvider.cs, SecurityTokenProvider.cs :
+	  warning cleanup.
+
+2006-08-28  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* X509SecurityTokenProvider.cs : implemented another constructor.
+
+2006-08-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* X509CertificateValidator.cs : implemented.
+
+2006-08-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirement.cs : oops, please no infinite loop.
+	  Fixed default values.
+
+2006-08-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenResolver.cs : added missing members and implemented.
+	* SecurityTokenRequirement.cs : those properties should be accessible
+	  via Properties.
+
+2006-08-22  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirement.cs : don't access properties directly, it
+	  could be null.
+
+2006-08-14  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirement.cs : GetProperty() should return an
+	  instance of derived classes without problem.
+	* X509SecurityTokenProvider.cs : fixed .ctor().
+
+2006-07-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirement.cs : fixes from run-test.
+
+2006-07-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirement.cs : June CTP update.
+
+2006-03-24  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenResolver.cs : updated to Feb.CTP API.
+	  SecurityTokenVersion.cs
+	  X509CertificateValidator.cs
+	  KerberosSecurityTokenProvider.cs
+	  UserNameSecurityTokenProvider.cs
+	  SecurityTokenManager.cs
+	  UserNamePasswordValidator.cs
+	  X509SecurityTokenProvider.cs : stubs for SecurityTokenProvider and
+	  all derived classes.
+	* Dummy.cs : we don't need it anymore.
+
+2006-03-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirement.cs : new file.
+	* SecurityTokenAuthenticator.cs
+	  WindowsUserNameSecurityTokenAuthenticator.cs
+	  WindowsSecurityTokenAuthenticator.cs
+	  SamlSecurityTokenAuthenticator.cs
+	  X509SecurityTokenAuthenticator.cs
+	  CustomUserNameSecurityTokenAuthenticator.cs
+	  KerberosSecurityTokenAuthenticator.cs
+	  UserNameSecurityTokenAuthenticator.cs
+	  RsaSecurityTokenAuthenticator.cs :
+	  new stubs for SecurityTokenAuthenticator and subclasses.
+
+2006-03-22  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenSerializer.cs : new file.
+	* Dummy.cs : removed above. some API fix.
+	* SecurityTokenProvider.cs SecurityTokenResolver.cs :
+	  updated to Feb.CTP API.
+
+2006-02-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Dummy.cs : added.

mcs/class/System.IdentityModel/System.IdentityModel.Selectors/CustomUserNameSecurityTokenAuthenticator.cs

@@ -0,0 +1,135 @@
+//
+// CustomUserNameSecurityTokenAuthenticator.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Claims;
+using System.IdentityModel.Policy;
+using System.IdentityModel.Tokens;
+using System.Security.Principal;
+using System.Xml;
+
+namespace System.IdentityModel.Selectors
+{
+	public class CustomUserNameSecurityTokenAuthenticator
+		: UserNameSecurityTokenAuthenticator
+	{
+		UserNamePasswordValidator validator;
+
+		public CustomUserNameSecurityTokenAuthenticator (
+			UserNamePasswordValidator validator)
+		{
+			if (validator == null)
+				throw new ArgumentNullException ("validator");
+			this.validator = validator;
+		}
+
+		protected override ReadOnlyCollection<IAuthorizationPolicy>
+			ValidateUserNamePasswordCore (string userName, string password)
+		{
+			validator.Validate (userName, password);
+			IAuthorizationPolicy policy =
+				new AuthorizedCustomUserPolicy (userName);
+			return new ReadOnlyCollection<IAuthorizationPolicy> (new IAuthorizationPolicy [] {policy});
+		}
+
+		abstract class SystemIdentityAuthorizationPolicy : IAuthorizationPolicy
+		{
+			string id;
+
+			protected SystemIdentityAuthorizationPolicy (string id)
+			{
+				this.id = id;
+			}
+
+			public string Id {
+				get { return id; }
+			}
+
+			public ClaimSet Issuer {
+				get { return ClaimSet.System; }
+			}
+
+
+			// This method is expected to be thread safe
+			public bool Evaluate (EvaluationContext ec, ref object state)
+			{
+				lock (ec) {
+					ec.AddClaimSet (this, CreateClaims ());
+					List<IIdentity> list;
+					if (!ec.Properties.ContainsKey ("Identities")) {
+						list = new List<IIdentity> ();
+						ec.Properties ["Identities"] = list;
+					} else {
+						IList<IIdentity> ilist = (IList<IIdentity>) ec.Properties ["Identities"];
+						list = ilist as List<IIdentity>;
+						if (list == null) {
+							list = new List<IIdentity> (ilist);
+							ec.Properties ["Identities"] = list;
+						}
+					}
+					list.Add (CreateIdentity ());
+					ec.RecordExpirationTime (DateTime.MaxValue.AddDays (-1));
+				}
+				// FIXME: is it correct that this should always return true?
+				return true;
+			}
+
+			public abstract DateTime ExpirationTime { get; }
+
+			public abstract ClaimSet CreateClaims ();
+
+			public abstract IIdentity CreateIdentity ();
+		}
+
+		class AuthorizedCustomUserPolicy : SystemIdentityAuthorizationPolicy
+		{
+			string user;
+
+			public AuthorizedCustomUserPolicy (string user)
+				: base (new UniqueId ().ToString ())
+			{
+				this.user = user;
+			}
+
+			public override DateTime ExpirationTime {
+				get { return DateTime.MaxValue; }
+			}
+
+			public override ClaimSet CreateClaims ()
+			{
+				return new DefaultClaimSet (Claim.CreateNameClaim (user));
+			}
+
+			public override IIdentity CreateIdentity ()
+			{
+				return new GenericIdentity (user);
+			}
+		}
+	}
+}

mcs/class/System.IdentityModel/System.IdentityModel.Selectors/KerberosSecurityTokenAuthenticator.cs

@@ -0,0 +1,54 @@
+//
+// KerberosSecurityTokenAuthenticator.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Policy;
+using System.IdentityModel.Tokens;
+
+namespace System.IdentityModel.Selectors
+{
+	public class KerberosSecurityTokenAuthenticator
+		: WindowsSecurityTokenAuthenticator
+	{
+		[MonoTODO]
+		public KerberosSecurityTokenAuthenticator ()
+		{
+		}
+
+		[MonoTODO]
+		public KerberosSecurityTokenAuthenticator (bool includeWindowsGroups)
+		{
+		}
+
+		[MonoTODO]
+		protected override bool CanValidateTokenCore (SecurityToken token)
+		{
+			throw new NotImplementedException ();
+		}
+	}
+}