/// <summary>
/// Creates a security token based on a token descriptor.
/// </summary>
/// <param name="tokenDescriptor">The token descriptor.</param>
/// <returns>A security token.</returns>
/// <exception cref="ArgumentNullException">Thrown if 'tokenDescriptor' is null.</exception>
public override SecurityToken CreateToken(SecurityTokenDescriptor tokenDescriptor)
{
if (null == tokenDescriptor)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenDescriptor");
}
if (this.Configuration == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4272)));
}
ClaimsPrincipal principal = new ClaimsPrincipal(tokenDescriptor.Subject);
if (this.Configuration.SaveBootstrapContext)
{
SecurityTokenHandlerCollection bootstrapTokenCollection = CreateBootstrapTokenHandlerCollection();
if (!bootstrapTokenCollection.CanWriteToken(tokenDescriptor.Token))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4010, tokenDescriptor.Token.GetType().ToString())));
}
(principal.Identities as ReadOnlyCollection <ClaimsIdentity>)[0].BootstrapContext = new BootstrapContext(tokenDescriptor.Token, bootstrapTokenCollection[tokenDescriptor.Token.GetType()]);
}
DateTime validFrom = (tokenDescriptor.Lifetime.Created.HasValue) ? (DateTime)tokenDescriptor.Lifetime.Created : DateTime.UtcNow;
DateTime validTo = (tokenDescriptor.Lifetime.Expires.HasValue) ? (DateTime)tokenDescriptor.Lifetime.Expires : DateTime.UtcNow + SessionSecurityTokenHandler.DefaultTokenLifetime;
return(new SessionSecurityToken(principal, null, validFrom, validTo));
}
/// <summary>
/// Creates the default set of SecurityTokenHandlers.
/// </summary>
/// <returns>A SecurityTokenHandlerCollectionManager with a default collection of token handlers.</returns>
public static SecurityTokenHandlerCollectionManager CreateDefaultSecurityTokenHandlerCollectionManager()
{
SecurityTokenHandlerCollection defaultHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
SecurityTokenHandlerCollectionManager defaultManager = new SecurityTokenHandlerCollectionManager(ConfigurationStrings.DefaultServiceName);
defaultManager.collections.Clear();
defaultManager.collections.Add(SecurityTokenHandlerCollectionManager.Usage.Default, defaultHandlers);
return(defaultManager);
}
/// <summary>
/// Creates an instance of this object using XML representation of the security token.
/// </summary>
/// <param name="securityTokenXml">The <see cref="XmlElement"/> representation of the security token.</param>
/// <param name="securityTokenHandlers">The collection of <see cref="SecurityTokenHandler"/> objects that may
/// be used to read and validate the security token this object represents.</param>
public SecurityTokenElement(XmlElement securityTokenXml, SecurityTokenHandlerCollection securityTokenHandlers)
{
if (securityTokenXml == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenXml");
}
if (securityTokenHandlers == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenHandlers");
}
_securityTokenXml = securityTokenXml;
_securityTokenHandlers = securityTokenHandlers;
}
/// <summary>
/// Initializes an instance of <see cref="SecurityTokenSerializerAdapter"/>
/// </summary>
/// <param name="securityTokenHandlerCollection">
/// The <see cref="SecurityTokenHandlerCollection" /> containing the set of <see cref="SecurityTokenHandler" />
/// </param>
public SecurityTokenSerializerAdapter(SecurityTokenHandlerCollection securityTokenHandlerCollection)
{
if (securityTokenHandlerCollection == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenHandlerCollection");
}
_securityTokenHandlers = securityTokenHandlerCollection;
KeyInfoSerializer serializer = securityTokenHandlerCollection.KeyInfoSerializer as KeyInfoSerializer;
if (serializer != null)
{
serializer.InnerSecurityTokenSerializer = this;
}
}
/// <summary>
/// Reads a <see cref="SecurityToken"/> from the provided XML representation.
/// </summary>
/// <param name="securityTokenXml">The XML representation of the security token.</param>
/// <param name="securityTokenHandlers">The <see cref="SecurityTokenHandlerCollection"/> used to
/// read the token.</param>
/// <returns>A <see cref="SecurityToken"/>.</returns>
protected virtual SecurityToken ReadSecurityToken(XmlElement securityTokenXml,
SecurityTokenHandlerCollection securityTokenHandlers)
{
SecurityToken securityToken = null;
XmlReader reader = new XmlNodeReader(securityTokenXml);
reader.MoveToContent();
securityToken = securityTokenHandlers.ReadToken(reader);
if (securityToken == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4051, securityTokenXml, reader.LocalName, reader.NamespaceURI)));
}
return(securityToken);
}
/// <summary>
/// Creates a system default collection of basic SecurityTokenHandlers, each of which has the system default configuration.
/// The SecurityTokenHandlers in this collection must be configured with service specific data before they can be used.
/// </summary>
/// <param name="configuration">The configuration to associate with the collection.</param>
/// <returns>A SecurityTokenHandlerCollection with default basic SecurityTokenHandlers.</returns>
public static SecurityTokenHandlerCollection CreateDefaultSecurityTokenHandlerCollection(SecurityTokenHandlerConfiguration configuration)
{
SecurityTokenHandlerCollection collection = new SecurityTokenHandlerCollection(new SecurityTokenHandler[] {
new KerberosSecurityTokenHandler(),
new RsaSecurityTokenHandler(),
new SamlSecurityTokenHandler(),
new Saml2SecurityTokenHandler(),
new WindowsUserNameSecurityTokenHandler(),
new X509SecurityTokenHandler(),
new EncryptedSecurityTokenHandler(),
new SessionSecurityTokenHandler(),
},
configuration);
defaultHandlerCollectionCount = collection.Count;
return(collection);
}
/// <summary>
/// Creates the identities for the represented by the <see cref="SecurityToken"/>.
/// </summary>
/// <param name="securityTokenXml">The <see cref="XmlElement"/> representation of the security token.</param>
/// <param name="securityTokenHandlers">The collection of <see cref="SecurityTokenHandler"/> objects that may
/// be used to read and validate the security token this object represents.</param>
/// <returns>A <see cref="ReadOnlyCollection{T}"/> of <see cref="ClaimsIdentity"/> representing the identities contained in the token.</returns>
/// <exception cref="InvalidOperationException">If either parameter 'securityTokenXml' or 'securityTokenHandlers' are null.</exception>
protected virtual ReadOnlyCollection <ClaimsIdentity> ValidateToken(XmlElement securityTokenXml, SecurityTokenHandlerCollection securityTokenHandlers)
{
if (securityTokenXml == null || securityTokenHandlers == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4052)));
}
SecurityToken securityToken = GetSecurityToken();
return(securityTokenHandlers.ValidateToken(securityToken));
}
/// <summary>
/// Gets the bootstrap token handler collection.
/// </summary>
SecurityTokenHandlerCollection CreateBootstrapTokenHandlerCollection()
{
SecurityTokenHandlerCollection tokenHandlerCollection = this.ContainingCollection ?? SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
return(tokenHandlerCollection);
}
