//-----------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------
namespace System.IdentityModel.Protocols.WSTrust
{
using System.IdentityModel.Tokens;
using System.IdentityModel.Configuration;
///
/// The class defines the wst:RequestSecurityToken element which
/// is used to request a security token.
///
public class RequestSecurityToken : WSTrustMessage
{
AdditionalContext _additionalContext;
RequestClaimCollection _claims;
string _computedKeyAlgorithm;
Renewing _renewing;
SecurityTokenElement _renewTarget;
SecurityTokenElement _proofEncryption;
RequestSecurityToken _secondaryParameters;
SecurityTokenElement _onBehalfOf;
EndpointReference _onBehalfOfIssuer;
SecurityTokenElement _actAs;
SecurityTokenElement _delegateTo;
bool? _forwardable;
bool? _delegatable;
SecurityTokenElement _cancelTarget;
SecurityTokenElement _validateTarget;
Participants _participants;
SecurityTokenElement _encryption;
///
/// This constructor is usually used on the receiving end.
///
public RequestSecurityToken()
: this(null, null)
{
}
///
/// This constructor is usually used on the sending side to instantiate a
/// instance of RST based on the request type and its string value.
///
public RequestSecurityToken(string requestType)
: this(requestType, null)
{
}
///
/// This constructor is usually used on the sending side to instantiate a
/// instance of RST based on the request type and its string value.
///
public RequestSecurityToken(string requestType, string keyType)
: base()
{
RequestType = requestType;
if (keyType == KeyTypes.Symmetric)
{
Entropy = new Entropy(SecurityTokenServiceConfiguration.DefaultKeySizeInBitsConstant);
KeySizeInBits = SecurityTokenServiceConfiguration.DefaultKeySizeInBitsConstant;
}
else if (keyType == KeyTypes.Bearer)
{
KeySizeInBits = 0;
}
else if (keyType == KeyTypes.Asymmetric)
{
KeySizeInBits = 1024;
}
KeyType = keyType;
}
///
/// The optional element requests a specific set of claim types requested by the client.
///
public RequestClaimCollection Claims
{
get
{
if (_claims == null)
{
_claims = new RequestClaimCollection();
}
return _claims;
}
}
///
/// The optional element provides that provides information on the token/key to use when encrypting
///
public SecurityTokenElement Encryption
{
get
{
return _encryption;
}
set
{
_encryption = value;
}
}
///
/// This optional URI element indicates the desired algorithm to use when computed
/// key are used for issued tokens.
///
///
/// This is an extension to the RequestSecurityToken element.
///
///
/// It is defined in the section 11.2 in the WS-Trust spec.
///
public string ComputedKeyAlgorithm
{
get
{
return _computedKeyAlgorithm;
}
set
{
_computedKeyAlgorithm = value;
}
}
///
/// Gets or Sets a boolean that specifies if the returned token should
/// be delegatable.
///
public bool? Delegatable
{
get
{
return _delegatable;
}
set
{
_delegatable = value;
}
}
///
/// Gets or Sets the Identity to which the Issued Token is delegated to.
///
public SecurityTokenElement DelegateTo
{
get
{
return _delegateTo;
}
set
{
_delegateTo = value;
}
}
///
/// Gets or Sets a boolean that specifies if the Issued Token should
/// be marked forwardable.
///
public bool? Forwardable
{
get
{
return _forwardable;
}
set
{
_forwardable = value;
}
}
///
/// This optional element indicates that the requestor is making the request
/// on behalf of another.
///
public SecurityTokenElement OnBehalfOf
{
get
{
return _onBehalfOf;
}
set
{
_onBehalfOf = value;
}
}
///
/// Gets or Sets the Participants who are authorized to use
/// the issued token.
///
public Participants Participants
{
get
{
return _participants;
}
set
{
_participants = value;
}
}
///
/// Gets/Sets the Issuer of the OnBehalfOf token.
///
public EndpointReference Issuer
{
get
{
return _onBehalfOfIssuer;
}
set
{
_onBehalfOfIssuer = value;
}
}
///
/// This is a optional element that provides additional information
/// for authorization decision.
///
public AdditionalContext AdditionalContext
{
get
{
return _additionalContext;
}
set
{
_additionalContext = value;
}
}
///
/// This optional element indicates that the requestor is making the request
/// on to act as another.
///
public SecurityTokenElement ActAs
{
get
{
return _actAs;
}
set
{
_actAs = value;
}
}
///
/// Gets or Sets the Token that is requested to be cancelled.
///
public SecurityTokenElement CancelTarget
{
get
{
return _cancelTarget;
}
set
{
_cancelTarget = value;
}
}
///
/// Gets or sets the SecurityToken to be used to encrypt the proof token.
///
public SecurityTokenElement ProofEncryption
{
get
{
return _proofEncryption;
}
set
{
_proofEncryption = value;
}
}
///
/// Gets or sets the Renewing element inside the RequestSecurityToken message.
///
public Renewing Renewing
{
get
{
return _renewing;
}
set
{
_renewing = value;
}
}
///
/// Gets or sets the RenewTarget element inside the RequestSecurityToken message.
///
public SecurityTokenElement RenewTarget
{
get
{
return _renewTarget;
}
set
{
_renewTarget = value;
}
}
///
/// Gets or sets the SecondaryParameters inside the RequestSecurityToken message.
/// This represents the information for which the requestor is not the orginator. The STS MAY choose to use values found here.
///
public RequestSecurityToken SecondaryParameters
{
get
{
return _secondaryParameters;
}
set
{
_secondaryParameters = value;
}
}
///
/// Gets or Sets the Security Token to be Validated.
///
public SecurityTokenElement ValidateTarget
{
get
{
return _validateTarget;
}
set
{
_validateTarget = value;
}
}
}
}