//------------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//------------------------------------------------------------
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.IdentityModel.Policy;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Security.Claims;
namespace System.ServiceModel.Security
{
    /// 
    /// Wraps a RsaSecurityTokenHandler. Delegates the token authentication call to
    /// this wrapped tokenAuthenticator. Wraps the returned ClaimsIdentities into
    /// an IAuthorizationPolicy.
    /// 
    internal class WrappedRsaSecurityTokenAuthenticator : RsaSecurityTokenAuthenticator
    {
        RsaSecurityTokenHandler _wrappedRsaSecurityTokenHandler;
        ExceptionMapper _exceptionMapper;
        /// 
        /// Initializes an instance of 
        /// 
        /// The RsaSecurityTokenHandler to wrap.
        /// Converts token validation exceptions to SOAP faults.
        public WrappedRsaSecurityTokenAuthenticator( 
            RsaSecurityTokenHandler wrappedRsaSecurityTokenHandler, 
            ExceptionMapper exceptionMapper )
            : base()
        {
            if ( wrappedRsaSecurityTokenHandler == null )
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "wrappedRsaSecurityTokenHandler" );
            }
            if ( exceptionMapper == null )
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "exceptionMapper" );
            }
            _wrappedRsaSecurityTokenHandler = wrappedRsaSecurityTokenHandler;
            _exceptionMapper = exceptionMapper;
        }
        /// 
        /// Validates the token using the wrapped token handler and generates IAuthorizationPolicy
        /// wrapping the returned ClaimsIdentities.
        /// 
        /// Token to be validated.
        /// Read-only collection of IAuthorizationPolicy
        protected override ReadOnlyCollection ValidateTokenCore( SecurityToken token )
        {
            IEnumerable identities = null;
            try
            {
                identities = _wrappedRsaSecurityTokenHandler.ValidateToken( token );
            }
            catch ( Exception ex )
            {
                if ( !_exceptionMapper.HandleSecurityTokenProcessingException( ex ) )
                {
                    throw;
                }
            }
            List policies = new List(1);
            policies.Add(new AuthorizationPolicy(identities));
            return policies.AsReadOnly();
        }
    }
}