//-----------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------
namespace System.IdentityModel.Tokens
{
using System;
using System.Collections.ObjectModel;
///
/// A security token backed by a SAML2 assertion.
///
public class Saml2SecurityToken : SecurityToken
{
private Saml2Assertion assertion;
private ReadOnlyCollection keys;
private SecurityToken issuerToken;
///
/// Initializes an instance of from a .
///
/// A to initialize from.
public Saml2SecurityToken(Saml2Assertion assertion)
: this(assertion, EmptyReadOnlyCollection.Instance, null)
{
}
///
/// Initializes an instance of from a .
///
/// A to initialize from.
/// A collection of to include in the token.
/// A representing the issuer.
public Saml2SecurityToken(Saml2Assertion assertion, ReadOnlyCollection keys, SecurityToken issuerToken)
{
if (null == assertion)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("assertion");
}
if (null == keys)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keys");
}
this.assertion = assertion;
this.keys = keys;
this.issuerToken = issuerToken;
}
///
/// Gets the for this token.
///
public Saml2Assertion Assertion
{
get { return this.assertion; }
}
///
/// Gets the SecurityToken id.
///
public override string Id
{
get { return this.assertion.Id.Value; }
}
///
/// Gets the of the issuer.
///
public SecurityToken IssuerToken
{
get { return this.issuerToken; }
}
///
/// Gets the collection of contained in this token.
///
public override ReadOnlyCollection SecurityKeys
{
get { return this.keys; }
}
///
/// Gets the time the token is valid from.
///
public override DateTime ValidFrom
{
get
{
if (null != this.assertion.Conditions && null != this.assertion.Conditions.NotBefore)
{
return this.assertion.Conditions.NotBefore.Value;
}
else
{
return DateTime.MinValue;
}
}
}
///
/// Gets the time the token is valid to.
///
public override DateTime ValidTo
{
get
{
if (null != this.assertion.Conditions && null != this.assertion.Conditions.NotOnOrAfter)
{
return this.assertion.Conditions.NotOnOrAfter.Value;
}
else
{
return DateTime.MaxValue;
}
}
}
///
/// Determines if this token matches the keyIdentifierClause.
///
/// to match.
/// True if the keyIdentifierClause is matched. False otherwise.
public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause)
{
return Saml2AssertionKeyIdentifierClause.Matches(this.Id, keyIdentifierClause)
|| base.MatchesKeyIdentifierClause(keyIdentifierClause);
}
///
/// Determines is this token can create a .
///
/// The type of to check if creation is possible.
/// 'True' if this token can create a of type T. 'False' otherwise.
public override bool CanCreateKeyIdentifierClause()
{
return (typeof(T) == typeof(Saml2AssertionKeyIdentifierClause))
|| base.CanCreateKeyIdentifierClause();
}
///
/// Creates a that represents this token.
///
/// The type of the to create.
/// A for this token.
public override T CreateKeyIdentifierClause()
{
if (typeof(T) == typeof(Saml2AssertionKeyIdentifierClause))
{
return new Saml2AssertionKeyIdentifierClause(this.assertion.Id.Value) as T;
}
else if (typeof(T) == typeof(SamlAssertionKeyIdentifierClause))
{
return new WrappedSaml2AssertionKeyIdentifierClause(new Saml2AssertionKeyIdentifierClause(this.assertion.Id.Value)) as T;
}
else
{
return base.CreateKeyIdentifierClause();
}
}
}
}