//----------------------------------------------------------------------- // // Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------- namespace System.IdentityModel.Tokens { using System; using System.IdentityModel; using System.IdentityModel.Configuration; using System.IdentityModel.Selectors; using System.Security.Cryptography.X509Certificates; using System.ServiceModel.Security; ///

/// Configuration common to all SecurityTokenHandlers. ///

public class SecurityTokenHandlerConfiguration { // #pragma warning disable 1591 ///

/// Gets a value indicating whether or not to detect replay tokens by default. ///

public static readonly bool DefaultDetectReplayedTokens; // false ///

/// Gets the default issuer name registry. ///

public static readonly IssuerNameRegistry DefaultIssuerNameRegistry = new ConfigurationBasedIssuerNameRegistry(); ///

/// Gets the default issuer token resolver. ///

public static readonly SecurityTokenResolver DefaultIssuerTokenResolver = System.IdentityModel.Tokens.IssuerTokenResolver.DefaultInstance; ///

/// Gets the default maximum clock skew. ///

public static readonly TimeSpan DefaultMaxClockSkew = new TimeSpan(0, 5, 0); // 5 minutes ///

/// Gets a value indicating whether or not to save bootstrap tokens by default. ///

public static readonly bool DefaultSaveBootstrapContext; // false; ///

/// Gets the default token replay cache expiration period. ///

public static readonly TimeSpan DefaultTokenReplayCacheExpirationPeriod = TimeSpan.MaxValue; // The below 3 defaults were moved from IdentityConfiguration class as we can not have service configuration in IdentityModel. ///

/// Gets the default X.509 certificate validation mode. ///

public static readonly X509CertificateValidationMode DefaultCertificateValidationMode = IdentityConfiguration.DefaultCertificateValidationMode; ///

/// Gets the default X.509 certificate revocation validation mode. ///

public static readonly X509RevocationMode DefaultRevocationMode = IdentityConfiguration.DefaultRevocationMode; ///

/// Gets the default X.509 certificate trusted store location. ///

public static readonly StoreLocation DefaultTrustedStoreLocation = IdentityConfiguration.DefaultTrustedStoreLocation; StoreLocation trustedStoreLocation = DefaultTrustedStoreLocation; X509RevocationMode revocationMode = DefaultRevocationMode; X509CertificateValidationMode certificateValidationMode = DefaultCertificateValidationMode; ///

/// Gets the default X.509 certificate validator instance. ///

public static readonly X509CertificateValidator DefaultCertificateValidator = X509Util.CreateCertificateValidator(DefaultCertificateValidationMode, DefaultRevocationMode, DefaultTrustedStoreLocation); #pragma warning restore 1591 private AudienceRestriction audienceRestriction = new AudienceRestriction(); private X509CertificateValidator certificateValidator = DefaultCertificateValidator; private bool detectReplayedTokens = DefaultDetectReplayedTokens; private IssuerNameRegistry issuerNameRegistry = DefaultIssuerNameRegistry; private SecurityTokenResolver issuerTokenResolver = DefaultIssuerTokenResolver; private TimeSpan maxClockSkew = DefaultMaxClockSkew; private bool saveBootstrapContext = DefaultSaveBootstrapContext; private SecurityTokenResolver serviceTokenResolver = EmptySecurityTokenResolver.Instance; private TimeSpan tokenReplayCacheExpirationPeriod = DefaultTokenReplayCacheExpirationPeriod; private IdentityModelCaches caches = new IdentityModelCaches(); ///

/// Creates an instance of ///

public SecurityTokenHandlerConfiguration() { } ///

/// Gets or sets the AudienceRestriction. ///

public AudienceRestriction AudienceRestriction { get { return this.audienceRestriction; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } this.audienceRestriction = value; } } ///

/// Gets or sets the certificate validator used by handlers to validate issuer certificates ///

public X509CertificateValidator CertificateValidator { get { return this.certificateValidator; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } this.certificateValidator = value; } } public X509RevocationMode RevocationMode { get { return revocationMode; } set { revocationMode = value; } } ///

/// Gets or sets the trusted store location used by handlers to validate issuer certificates ///

public StoreLocation TrustedStoreLocation { get { return trustedStoreLocation; } set { trustedStoreLocation = value; } } ///

/// Gets or sets the certificate validation mode used by handlers to validate issuer certificates ///

public X509CertificateValidationMode CertificateValidationMode { get { return certificateValidationMode; } set { certificateValidationMode = value; } } ///

/// Gets or sets a value indicating whether to detect replaying of tokens by handlers in this configuration. ///

public bool DetectReplayedTokens { get { return this.detectReplayedTokens; } set { this.detectReplayedTokens = value; } } ///

/// Gets or sets the IssuerNameRegistry. ///

public IssuerNameRegistry IssuerNameRegistry { get { return this.issuerNameRegistry; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } this.issuerNameRegistry = value; } } ///

/// Gets or sets the IssuerTokenResolver. ///

public SecurityTokenResolver IssuerTokenResolver { get { return this.issuerTokenResolver; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } this.issuerTokenResolver = value; } } ///

/// Gets or sets the maximum clock skew for handlers using this config. ///

public TimeSpan MaxClockSkew { get { return this.maxClockSkew; } set { if (value < TimeSpan.Zero) { throw DiagnosticUtility.ThrowHelperArgumentOutOfRange("value", value, SR.GetString(SR.ID2070)); } this.maxClockSkew = value; } } ///

/// Gets or sets a value indicating whether BootstrapContext is saved in the ClaimsIdentity and Sessions after token validation. ///

public bool SaveBootstrapContext { get { return this.saveBootstrapContext; } set { this.saveBootstrapContext = value; } } ///

/// Gets or sets the TokenResolver that resolves Service tokens. ///

public SecurityTokenResolver ServiceTokenResolver { get { return this.serviceTokenResolver; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } this.serviceTokenResolver = value; } } ///

/// Gets or sets the Caches that are used. ///

public IdentityModelCaches Caches { get { return this.caches; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } this.caches = value; } } ///

/// Gets or sets the expiration period for items placed in the TokenReplayCache. ///

public TimeSpan TokenReplayCacheExpirationPeriod { get { return this.tokenReplayCacheExpirationPeriod; } set { if (value <= TimeSpan.Zero) { throw DiagnosticUtility.ThrowHelperArgumentOutOfRange("value", value, SR.GetString(SR.ID0016)); } this.tokenReplayCacheExpirationPeriod = value; } } } }