1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
//-----------------------------------------------------------------------
// <copyright file="Saml2SubjectConfirmation.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace System.IdentityModel.Tokens
{
using System;
using System.Collections.ObjectModel;
/// <summary>
/// A security token backed by a SAML2 assertion.
/// </summary>
public class Saml2SecurityToken : SecurityToken
{
private Saml2Assertion assertion;
private ReadOnlyCollection<SecurityKey> keys;
private SecurityToken issuerToken;
/// <summary>
/// Initializes an instance of <see cref="Saml2SecurityToken"/> from a <see cref="Saml2Assertion"/>.
/// </summary>
/// <param name="assertion">A <see cref="Saml2Assertion"/> to initialize from.</param>
public Saml2SecurityToken(Saml2Assertion assertion)
: this(assertion, EmptyReadOnlyCollection<SecurityKey>.Instance, null)
{
}
/// <summary>
/// Initializes an instance of <see cref="Saml2SecurityToken"/> from a <see cref="Saml2Assertion"/>.
/// </summary>
/// <param name="assertion">A <see cref="Saml2Assertion"/> to initialize from.</param>
/// <param name="keys">A collection of <see cref="SecurityKey"/> to include in the token.</param>
/// <param name="issuerToken">A <see cref="SecurityToken"/> representing the issuer.</param>
public Saml2SecurityToken(Saml2Assertion assertion, ReadOnlyCollection<SecurityKey> keys, SecurityToken issuerToken)
{
if (null == assertion)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("assertion");
}
if (null == keys)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keys");
}
this.assertion = assertion;
this.keys = keys;
this.issuerToken = issuerToken;
}
/// <summary>
/// Gets the <see cref="Saml2Assertion"/> for this token.
/// </summary>
public Saml2Assertion Assertion
{
get { return this.assertion; }
}
/// <summary>
/// Gets the SecurityToken id.
/// </summary>
public override string Id
{
get { return this.assertion.Id.Value; }
}
/// <summary>
/// Gets the <see cref="SecurityToken"/> of the issuer.
/// </summary>
public SecurityToken IssuerToken
{
get { return this.issuerToken; }
}
/// <summary>
/// Gets the collection of <see cref="SecurityKey"/> contained in this token.
/// </summary>
public override ReadOnlyCollection<SecurityKey> SecurityKeys
{
get { return this.keys; }
}
/// <summary>
/// Gets the time the token is valid from.
/// </summary>
public override DateTime ValidFrom
{
get
{
if (null != this.assertion.Conditions && null != this.assertion.Conditions.NotBefore)
{
return this.assertion.Conditions.NotBefore.Value;
}
else
{
return DateTime.MinValue;
}
}
}
/// <summary>
/// Gets the time the token is valid to.
/// </summary>
public override DateTime ValidTo
{
get
{
if (null != this.assertion.Conditions && null != this.assertion.Conditions.NotOnOrAfter)
{
return this.assertion.Conditions.NotOnOrAfter.Value;
}
else
{
return DateTime.MaxValue;
}
}
}
/// <summary>
/// Determines if this token matches the keyIdentifierClause.
/// </summary>
/// <param name="keyIdentifierClause"><see cref="SecurityKeyIdentifierClause"/> to match.</param>
/// <returns>True if the keyIdentifierClause is matched. False otherwise.</returns>
public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause)
{
return Saml2AssertionKeyIdentifierClause.Matches(this.Id, keyIdentifierClause)
|| base.MatchesKeyIdentifierClause(keyIdentifierClause);
}
/// <summary>
/// Determines is this token can create a <see cref="SecurityKeyIdentifierClause"/>.
/// </summary>
/// <typeparam name="T">The type of <see cref="SecurityKeyIdentifierClause"/> to check if creation is possible.</typeparam>
/// <returns>'True' if this token can create a <see cref="SecurityKeyIdentifierClause"/> of type T. 'False' otherwise.</returns>
public override bool CanCreateKeyIdentifierClause<T>()
{
return (typeof(T) == typeof(Saml2AssertionKeyIdentifierClause))
|| base.CanCreateKeyIdentifierClause<T>();
}
/// <summary>
/// Creates a <see cref="SecurityKeyIdentifierClause"/> that represents this token.
/// </summary>
/// <typeparam name="T">The type of the <see cref="SecurityKeyIdentifierClause"/> to create.</typeparam>
/// <returns>A <see cref="SecurityKeyIdentifierClause"/> for this token.</returns>
public override T CreateKeyIdentifierClause<T>()
{
if (typeof(T) == typeof(Saml2AssertionKeyIdentifierClause))
{
return new Saml2AssertionKeyIdentifierClause(this.assertion.Id.Value) as T;
}
else if (typeof(T) == typeof(SamlAssertionKeyIdentifierClause))
{
return new WrappedSaml2AssertionKeyIdentifierClause(new Saml2AssertionKeyIdentifierClause(this.assertion.Id.Value)) as T;
}
else
{
return base.CreateKeyIdentifierClause<T>();
}
}
}
}
|
