|
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//------------------------------------------------------------
using System;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Collections.ObjectModel;
using System.IdentityModel.Policy;
using System.ServiceModel;
using System.Collections.Generic;
using System.IdentityModel.Claims;
using System.ServiceModel.Security.Tokens;
using System.IdentityModel;
namespace System.ServiceModel.Security
{
/// <summary>
/// Creates a security token provider that produces a security token as an issued token
/// for federated bindings.
/// </summary>
public class SimpleSecurityTokenProvider : SecurityTokenProvider
{
SecurityToken _securityToken;
/// <summary>
/// Creates a security token provider that produces a security token as an issued token
/// for federated bindings.
/// </summary>
/// <param name="token">The security token to provide.</param>
/// <param name="tokenRequirement">
/// The requirements described by the binding that will use <paramref name="token"/> to secure
/// messages.
/// </param>
/// <exception cref="ArgumentNullException"><paramref name="token"/> is set to null.</exception>
public SimpleSecurityTokenProvider(SecurityToken token, SecurityTokenRequirement tokenRequirement)
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
GenericXmlSecurityToken xmlIssuedToken = token as GenericXmlSecurityToken;
if (xmlIssuedToken != null)
{
_securityToken = WrapWithAuthPolicy(xmlIssuedToken, tokenRequirement);
}
else
{
_securityToken = token;
}
}
/// <summary>
/// Creates a security token according to a gieven timeout.
/// </summary>
/// <param name="timeout">The <see cref="TimeSpan"/>.</param>
/// <returns></returns>
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
return _securityToken;
}
/// <summary>
/// Gets a GenericXmlSecurityToken that wraps the provided issued token
/// with the authorization policies necessary.
/// </summary>
static GenericXmlSecurityToken WrapWithAuthPolicy(GenericXmlSecurityToken issuedToken,
SecurityTokenRequirement tokenRequirement)
{
EndpointIdentity endpointIdentity = null;
var issuedTokenRequirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement;
if (issuedTokenRequirement != null)
{
EndpointAddress targetAddress = issuedTokenRequirement.TargetAddress;
if (targetAddress.Uri.IsAbsoluteUri)
{
endpointIdentity = EndpointIdentity.CreateDnsIdentity(targetAddress.Uri.DnsSafeHost);
}
}
ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies
= GetServiceAuthorizationPolicies(endpointIdentity);
return new GenericXmlSecurityToken(issuedToken.TokenXml,
issuedToken.ProofToken,
issuedToken.ValidFrom,
issuedToken.ValidTo,
issuedToken.InternalTokenReference,
issuedToken.ExternalTokenReference,
authorizationPolicies);
}
//
// Modeled after WCF's CoreFederatedTokenProvider.GetServiceAuthorizationPolicies
//
static ReadOnlyCollection<IAuthorizationPolicy> GetServiceAuthorizationPolicies(EndpointIdentity endpointIdentity)
{
if (endpointIdentity != null)
{
List<Claim> claims = new List<Claim>(1);
claims.Add(endpointIdentity.IdentityClaim);
List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
policies.Add(new UnconditionalPolicy(SecurityUtils.CreateIdentity(endpointIdentity.IdentityClaim.Resource.ToString()),
new DefaultClaimSet(ClaimSet.System, claims)));
return policies.AsReadOnly();
}
else
{
return EmptyReadOnlyCollection<IAuthorizationPolicy>.Instance;
}
}
}
}
|