//-----------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------
namespace System.IdentityModel.Tokens
{
using System;
using System.Collections.Generic;
using System.IdentityModel;
using System.IdentityModel.Protocols.WSTrust;
using System.Security.Claims;
using System.Xml;
using RST = System.IdentityModel.Protocols.WSTrust.RequestSecurityToken;
using RSTR = System.IdentityModel.Protocols.WSTrust.RequestSecurityTokenResponse;
///
/// This is a place holder for all the attributes related to the issued token.
///
public class SecurityTokenDescriptor
{
private SecurityKeyIdentifierClause attachedReference;
private AuthenticationInformation authenticationInfo;
private string tokenIssuerName;
private ProofDescriptor proofDescriptor;
private ClaimsIdentity subject;
private SecurityToken token;
private string tokenType;
private SecurityKeyIdentifierClause unattachedReference;
private Lifetime lifetime;
private string appliesToAddress;
private string replyToAddress;
private EncryptingCredentials encryptingCredentials;
private SigningCredentials signingCredentials;
private Dictionary properties = new Dictionary(); // for any custom data
///
/// Gets or sets the address for the AppliesTo property.
///
/// Thrown if not an absolute URI.
public string AppliesToAddress
{
get
{
return this.appliesToAddress;
}
set
{
if (!string.IsNullOrEmpty(value))
{
if (!UriUtil.CanCreateValidUri(value, UriKind.Absolute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2002)));
}
}
this.appliesToAddress = value;
}
}
///
/// Sets the appropriate things, such as requested security token, inside the RSTR
/// based on what is inside this token descriptor instance.
///
/// The RSTR object that this security token descriptor needs to modify.
/// When response is null.
public virtual void ApplyTo(RSTR response)
{
if (response == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("response");
}
if (tokenType != null)
{
response.TokenType = tokenType;
}
if (token != null)
{
response.RequestedSecurityToken = new RequestedSecurityToken(token);
}
if (attachedReference != null)
{
response.RequestedAttachedReference = attachedReference;
}
if (unattachedReference != null)
{
response.RequestedUnattachedReference = unattachedReference;
}
if (lifetime != null)
{
response.Lifetime = lifetime;
}
if (proofDescriptor != null)
{
proofDescriptor.ApplyTo(response);
}
}
///
/// Gets or sets the address for the ReplyToAddress property.
///
public string ReplyToAddress
{
get { return this.replyToAddress; }
set { this.replyToAddress = value; }
}
///
/// Gets or sets the credentials used to encrypt the token.
///
public EncryptingCredentials EncryptingCredentials
{
get { return this.encryptingCredentials; }
set { this.encryptingCredentials = value; }
}
///
/// Gets or sets the credentials used to sign the token.
///
public SigningCredentials SigningCredentials
{
get { return this.signingCredentials; }
set { this.signingCredentials = value; }
}
///
/// Gets or sets the SecurityKeyIdentifierClause when the token is attached
/// to the message.
///
public SecurityKeyIdentifierClause AttachedReference
{
get { return this.attachedReference; }
set { this.attachedReference = value; }
}
///
/// Gets or sets the issuer name, which may be used inside the issued token as well.
///
public string TokenIssuerName
{
get { return this.tokenIssuerName; }
set { this.tokenIssuerName = value; }
}
///
/// Gets or sets the proof descriptor, which can be used to modify some fields inside
/// the RSTR, such as requested proof token.
///
public ProofDescriptor Proof
{
get { return this.proofDescriptor; }
set { this.proofDescriptor = value; }
}
///
/// Gets the properties bag to extend the object.
///
public Dictionary Properties
{
get { return this.properties; }
}
///
/// Gets or sets the issued security token.
///
public SecurityToken Token
{
get { return this.token; }
set { this.token = value; }
}
///
/// Gets or sets the token type of the issued token.
///
public string TokenType
{
get { return this.tokenType; }
set { this.tokenType = value; }
}
///
/// Gets or sets the unattached token reference to refer to the issued token when it is not
/// attached to the message.
///
public SecurityKeyIdentifierClause UnattachedReference
{
get { return this.unattachedReference; }
set { this.unattachedReference = value; }
}
///
/// Gets or sets the lifetime information for the issued token.
///
public Lifetime Lifetime
{
get { return this.lifetime; }
set { this.lifetime = value; }
}
///
/// Gets or sets the OutputClaims to be included in the issued token.
///
public ClaimsIdentity Subject
{
get { return this.subject; }
set { this.subject = value; }
}
///
/// Gets or sets the AuthenticationInformation.
///
public AuthenticationInformation AuthenticationInfo
{
get { return this.authenticationInfo; }
set { this.authenticationInfo = value; }
}
///
/// Adds a for the authentication type to the claim collection of
/// the
///
/// The authentication type.
public void AddAuthenticationClaims(string authType)
{
this.AddAuthenticationClaims(authType, DateTime.UtcNow);
}
///
/// Adds s for the authentication type and the authentication instant
/// to the claim collection of the
///
/// Specifies the authentication type
/// Specifies the authentication instant in UTC. If the input is not in UTC, it is converted to UTC.
public void AddAuthenticationClaims(string authType, DateTime time)
{
this.Subject.AddClaim(
new Claim(ClaimTypes.AuthenticationMethod, authType, ClaimValueTypes.String));
this.Subject.AddClaim(
new Claim(ClaimTypes.AuthenticationInstant, XmlConvert.ToString(time.ToUniversalTime(), DateTimeFormats.Generated), ClaimValueTypes.DateTime));
}
}
}