//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//------------------------------------------------------------
using System;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Collections.ObjectModel;
using System.IdentityModel.Policy;
using System.ServiceModel;
using System.Collections.Generic;
using System.IdentityModel.Claims;
using System.ServiceModel.Security.Tokens;
using System.IdentityModel;
namespace System.ServiceModel.Security
{
///
/// Creates a security token provider that produces a security token as an issued token
/// for federated bindings.
///
public class SimpleSecurityTokenProvider : SecurityTokenProvider
{
SecurityToken _securityToken;
///
/// Creates a security token provider that produces a security token as an issued token
/// for federated bindings.
///
/// The security token to provide.
///
/// The requirements described by the binding that will use to secure
/// messages.
///
/// is set to null.
public SimpleSecurityTokenProvider(SecurityToken token, SecurityTokenRequirement tokenRequirement)
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
GenericXmlSecurityToken xmlIssuedToken = token as GenericXmlSecurityToken;
if (xmlIssuedToken != null)
{
_securityToken = WrapWithAuthPolicy(xmlIssuedToken, tokenRequirement);
}
else
{
_securityToken = token;
}
}
///
/// Creates a security token according to a gieven timeout.
///
/// The .
///
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
return _securityToken;
}
///
/// Gets a GenericXmlSecurityToken that wraps the provided issued token
/// with the authorization policies necessary.
///
static GenericXmlSecurityToken WrapWithAuthPolicy(GenericXmlSecurityToken issuedToken,
SecurityTokenRequirement tokenRequirement)
{
EndpointIdentity endpointIdentity = null;
var issuedTokenRequirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement;
if (issuedTokenRequirement != null)
{
EndpointAddress targetAddress = issuedTokenRequirement.TargetAddress;
if (targetAddress.Uri.IsAbsoluteUri)
{
endpointIdentity = EndpointIdentity.CreateDnsIdentity(targetAddress.Uri.DnsSafeHost);
}
}
ReadOnlyCollection authorizationPolicies
= GetServiceAuthorizationPolicies(endpointIdentity);
return new GenericXmlSecurityToken(issuedToken.TokenXml,
issuedToken.ProofToken,
issuedToken.ValidFrom,
issuedToken.ValidTo,
issuedToken.InternalTokenReference,
issuedToken.ExternalTokenReference,
authorizationPolicies);
}
//
// Modeled after WCF's CoreFederatedTokenProvider.GetServiceAuthorizationPolicies
//
static ReadOnlyCollection GetServiceAuthorizationPolicies(EndpointIdentity endpointIdentity)
{
if (endpointIdentity != null)
{
List claims = new List(1);
claims.Add(endpointIdentity.IdentityClaim);
List policies = new List(1);
policies.Add(new UnconditionalPolicy(SecurityUtils.CreateIdentity(endpointIdentity.IdentityClaim.Resource.ToString()),
new DefaultClaimSet(ClaimSet.System, claims)));
return policies.AsReadOnly();
}
else
{
return EmptyReadOnlyCollection.Instance;
}
}
}
}