//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------ using System; using System.Collections.ObjectModel; using System.IdentityModel.Selectors; using System.IdentityModel.Tokens; using SecurityTokenTypes = System.IdentityModel.Tokens.SecurityTokenTypes; using STS = System.IdentityModel.SecurityTokenService; using System.Security.Cryptography.X509Certificates; using System.IdentityModel.Protocols.WSTrust; namespace System.IdentityModel.Configuration { ///

/// Defines the configuration specific to a SecurityTokenService. ///

public class SecurityTokenServiceConfiguration : IdentityConfiguration { string _tokenIssuerName; SigningCredentials _signingCredentials; TimeSpan _defaultTokenLifetime = TimeSpan.FromHours(1.0); TimeSpan _maximumTokenLifetime = TimeSpan.FromDays(1); string _defaultTokenType = SecurityTokenTypes.SamlTokenProfile11; internal const int DefaultKeySizeInBitsConstant = 256; int _defaultSymmetricKeySizeInBits = DefaultKeySizeInBitsConstant; int _defaultMaxSymmetricKeySizeInBits = 1024; bool _disableWsdl; Type _securityTokenServiceType; // // Trust Serializers. // WSTrust13RequestSerializer _wsTrust13RequestSerializer = new WSTrust13RequestSerializer(); WSTrust13ResponseSerializer _wsTrust13ResponseSerializer = new WSTrust13ResponseSerializer(); WSTrustFeb2005RequestSerializer _wsTrustFeb2005RequestSerializer = new WSTrustFeb2005RequestSerializer(); WSTrustFeb2005ResponseSerializer _wsTrustFeb2005ResponseSerializer = new WSTrustFeb2005ResponseSerializer(); ///

/// Initializes an instance of ///

/// /// IssuerName must be set before the is used to create a token. /// public SecurityTokenServiceConfiguration() : this(null, null) { } ///

/// Initializes an instance of ///

/// Whether or not config should be loaded. /// /// IssuerName must be set before the is used to create a token. /// public SecurityTokenServiceConfiguration(bool loadConfig) : this(null, null, loadConfig) { } ///

/// Initializes an instance of ///

/// The issuer name. /// /// If issuerName is null, IssuerName must be set before the /// is used to create a token. /// public SecurityTokenServiceConfiguration(string issuerName) : this(issuerName, null) { } ///

/// Initializes an instance of ///

/// The issuer name. /// Whether or not config should be loaded. /// /// If issuerName is null, IssuerName must be set before the /// is used to create a token. /// public SecurityTokenServiceConfiguration(string issuerName, bool loadConfig) : this(issuerName, null, loadConfig) { } ///

/// Initializes an instance of ///

/// The issuer name. /// The signing credential for the STS. /// /// If issuerName is null, IssuerName must be set before the /// is used to create a token. /// public SecurityTokenServiceConfiguration(string issuerName, SigningCredentials signingCredentials) : base() { _tokenIssuerName = issuerName; _signingCredentials = signingCredentials; } ///

/// Initializes an instance of ///

/// The issuer name. /// The signing credential for the STS. /// Whether or not config should be loaded. /// /// If issuerName is null, IssuerName must be set before the /// is used to create a token. /// public SecurityTokenServiceConfiguration(string issuerName, SigningCredentials signingCredentials, bool loadConfig) : base(loadConfig) { _tokenIssuerName = issuerName; _signingCredentials = signingCredentials; } ///

/// Initializes an instance of ///

/// The issuer name. /// The signing credential for the STS. /// The name of the <service> element from which configuration is to be loaded. /// /// If issuerName is null, IssuerName must be set before the /// is used to create a token. /// public SecurityTokenServiceConfiguration(string issuerName, SigningCredentials signingCredentials, string serviceName) : base(serviceName) { _tokenIssuerName = issuerName; _signingCredentials = signingCredentials; } ///

/// Gets or sets the type of the SecurityTokenService. ///

/// The provided value is null. public Type SecurityTokenService { get { return _securityTokenServiceType; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } if (!typeof(System.IdentityModel.SecurityTokenService).IsAssignableFrom(value)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID2069)); } _securityTokenServiceType = value; } } ///

/// Creates an instance of SecurityTokenService from the type specified in /// SecurityTokenServiceConfiguration.SecurityTokenService. The method /// expects the type to implement a constructor that takes in the SecurityTokenServiceConfiguration. ///

/// Instance of SecurityTokenService. /// Unable to create a SecurityTokenService instance from the configuration. public virtual STS CreateSecurityTokenService() { Type stsType = this.SecurityTokenService; if (stsType == null) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID2073)); } if (!typeof(STS).IsAssignableFrom(stsType)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID2074, stsType, typeof(STS))); } return Activator.CreateInstance(stsType, this) as STS; } ///

/// Gets or sets the default key size in bits used in the issued token. ///

/// /// This only applies to the symmetric key case. /// public int DefaultSymmetricKeySizeInBits { get { return _defaultSymmetricKeySizeInBits; } set { if (value <= 0) { throw DiagnosticUtility.ThrowHelperArgumentOutOfRange("value", SR.GetString(SR.ID0002)); } _defaultSymmetricKeySizeInBits = value; } } ///

/// Gets or sets the default key size limit in bits used check if the KeySize specified in the request /// is within this limit. ///

/// /// This only applies to the symmetric key case. /// public int DefaultMaxSymmetricKeySizeInBits { get { return _defaultMaxSymmetricKeySizeInBits; } set { if (value <= 0) { throw DiagnosticUtility.ThrowHelperArgumentOutOfRange("value", SR.GetString(SR.ID0002)); } _defaultMaxSymmetricKeySizeInBits = value; } } ///

/// Gets or sets the default lifetime used in the issued tokens. ///

public TimeSpan DefaultTokenLifetime { get { return _defaultTokenLifetime; } set { _defaultTokenLifetime = value; } } ///

/// Gets or sets the default token type used in token issuance. ///

/// The provided value is null or empty. /// The provided value is not defined in the token handlers. public string DefaultTokenType { get { return _defaultTokenType; } set { if (string.IsNullOrEmpty(value)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("value"); } if (SecurityTokenHandlers[value] == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID2015, value)); } _defaultTokenType = value; } } ///

/// Gets or Sets a boolean that specifies if WSDL generation for the /// Service should be enabled. Default is false. ///

public bool DisableWsdl { get { return _disableWsdl; } set { _disableWsdl = value; } } ///

/// Gets or sets the maximum token lifetime for issued tokens. ///

public TimeSpan MaximumTokenLifetime { get { return _maximumTokenLifetime; } set { if (value <= TimeSpan.Zero) { throw DiagnosticUtility.ThrowHelperArgumentOutOfRange("value", SR.GetString(SR.ID0016)); } _maximumTokenLifetime = value; } } ///

/// Gets or sets the signing credentials. ///

public SigningCredentials SigningCredentials { get { return _signingCredentials; } set { _signingCredentials = value; } } ///

/// Gets the issuer name so that it can be reflected in the issued token. ///

/// The value being set is null or empty string. public string TokenIssuerName { get { return _tokenIssuerName; } set { if (string.IsNullOrEmpty(value)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } _tokenIssuerName = value; } } ///

/// Gets or sets the WS-Trust 1.3 Request (RST) serializer. ///

/// The provided value is null. public WSTrust13RequestSerializer WSTrust13RequestSerializer { get { return _wsTrust13RequestSerializer; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } _wsTrust13RequestSerializer = value; } } ///

/// Gets or sets the WS-Trust 1.3 Response (RSTR) serializer. ///

/// The provided value is null. public WSTrust13ResponseSerializer WSTrust13ResponseSerializer { get { return _wsTrust13ResponseSerializer; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } _wsTrust13ResponseSerializer = value; } } ///

/// Gets or sets the WS-Trust Feb 2005 Request (RST) serializer. ///

/// The provided value is null. public WSTrustFeb2005RequestSerializer WSTrustFeb2005RequestSerializer { get { return _wsTrustFeb2005RequestSerializer; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } _wsTrustFeb2005RequestSerializer = value; } } ///

/// Gets or sets the WS-Trust Feb 2005 Response (RSTR) serializer. ///

/// The provided value is null. public WSTrustFeb2005ResponseSerializer WSTrustFeb2005ResponseSerializer { get { return _wsTrustFeb2005ResponseSerializer; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } _wsTrustFeb2005ResponseSerializer = value; } } } }