/mcs/class/referencesource/System.IdentityModel/System/IdentityModel/Tokens/Saml2Assertion.cs
C# | 240 lines | 125 code | 24 blank | 91 comment | 10 complexity | b2d6e00902e9d421964cd125ad487a80 MD5 | raw file
Possible License(s): LGPL-2.0, MPL-2.0-no-copyleft-exception, CC-BY-SA-3.0, GPL-2.0
- //-----------------------------------------------------------------------
- // <copyright file="Saml2Assertion.cs" company="Microsoft">
- // Copyright (c) Microsoft Corporation. All rights reserved.
- // </copyright>
- //-----------------------------------------------------------------------
- namespace System.IdentityModel.Tokens
- {
- using System;
- using System.Collections.ObjectModel;
- using System.Xml;
- /// <summary>
- /// Represents the Assertion element specified in [Saml2Core, 2.3.3].
- /// </summary>
- public class Saml2Assertion
- {
- private Saml2Advice advice;
- private Saml2Conditions conditions;
- private EncryptingCredentials encryptingCredentials;
- private Collection<EncryptedKeyIdentifierClause> externalEncryptedKeys = new Collection<EncryptedKeyIdentifierClause>();
- private Saml2Id id = new Saml2Id();
- private DateTime issueInstant = DateTime.UtcNow;
- private Saml2NameIdentifier issuer;
- private SigningCredentials signingCredentials;
- private XmlTokenStream sourceData;
- private Collection<Saml2Statement> statements = new Collection<Saml2Statement>();
- private Saml2Subject subject;
- private string version = "2.0";
- /// <summary>
- /// Creates an instance of a Saml2Assertion.
- /// </summary>
- /// <param name="issuer">Issuer of the assertion.</param>
- public Saml2Assertion(Saml2NameIdentifier issuer)
- {
- if (issuer == null)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer");
- }
- this.issuer = issuer;
- }
- /// <summary>
- /// Gets or sets additional information related to the assertion that assists processing in certain
- /// situations but which may be ignored by applications that do not understand the
- /// advice or do not wish to make use of it. [Saml2Core, 2.3.3]
- /// </summary>
- public Saml2Advice Advice
- {
- get { return this.advice; }
- set { this.advice = value; }
- }
- /// <summary>
- /// Gets a value indicating whether this assertion was deserialized from XML source
- /// and can re-emit the XML data unchanged.
- /// </summary>
- /// <remarks>
- /// <para>
- /// The default implementation preserves the source data when read using
- /// Saml2AssertionSerializer.ReadAssertion and is willing to re-emit the
- /// original data as long as the Id has not changed from the time that
- /// assertion was read.
- /// </para>
- /// <para>
- /// Note that it is vitally important that SAML assertions with different
- /// data have different IDs. If implementing a scheme whereby an assertion
- /// "template" is loaded and certain bits of data are filled in, the Id
- /// must be changed.
- /// </para>
- /// </remarks>
- /// <returns>'True' if this instance can write the source data.</returns>
- public virtual bool CanWriteSourceData
- {
- get { return null != this.sourceData; }
- }
- /// <summary>
- /// Gets or sets conditions that must be evaluated when assessing the validity of and/or
- /// when using the assertion. [Saml2Core 2.3.3]
- /// </summary>
- public Saml2Conditions Conditions
- {
- get { return this.conditions; }
- set { this.conditions = value; }
- }
- /// <summary>
- /// Gets or sets the credentials used for encrypting the assertion. The key
- /// identifier in the encrypting credentials will be used for the
- /// embedded EncryptedKey in the EncryptedData element.
- /// </summary>
- public EncryptingCredentials EncryptingCredentials
- {
- get { return this.encryptingCredentials; }
- set { this.encryptingCredentials = value; }
- }
- /// <summary>
- /// Gets additional encrypted keys which will be specified external to the
- /// EncryptedData element, as children of the EncryptedAssertion element.
- /// </summary>
- public Collection<EncryptedKeyIdentifierClause> ExternalEncryptedKeys
- {
- get { return this.externalEncryptedKeys; }
- }
- /// <summary>
- /// Gets or sets the <see cref="Saml2Id"/> identifier for this assertion. [Saml2Core, 2.3.3]
- /// </summary>
- public Saml2Id Id
- {
- get
- {
- return this.id;
- }
- set
- {
- if (null == value)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
- }
- this.id = value;
- this.sourceData = null;
- }
- }
- /// <summary>
- /// Gets or sets the time instant of issue in UTC. [Saml2Core, 2.3.3]
- /// </summary>
- public DateTime IssueInstant
- {
- get { return this.issueInstant; }
- set { this.issueInstant = DateTimeUtil.ToUniversalTime(value); }
- }
- /// <summary>
- /// Gets or sets the <see cref="Saml2NameIdentifier"/> as the authority that is making the claim(s) in the assertion. [Saml2Core, 2.3.3]
- /// </summary>
- public Saml2NameIdentifier Issuer
- {
- get
- {
- return this.issuer;
- }
- set
- {
- if (value == null)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
- }
- this.issuer = value;
- }
- }
- /// <summary>
- /// Gets or sets the <see cref="SigningCredentials"/> used by the issuer to protect the integrity of the assertion.
- /// </summary>
- public SigningCredentials SigningCredentials
- {
- get { return this.signingCredentials; }
- set { this.signingCredentials = value; }
- }
- /// <summary>
- /// Gets or sets the <see cref="Saml2Subject"/> of the statement(s) in the assertion. [Saml2Core, 2.3.3]
- /// </summary>
- public Saml2Subject Subject
- {
- get { return this.subject; }
- set { this.subject = value; }
- }
- /// <summary>
- /// Gets the <see cref="Saml2Statement"/>(s) regarding the subject.
- /// </summary>
- public Collection<Saml2Statement> Statements
- {
- get { return this.statements; }
- }
- /// <summary>
- /// Gets the version of this assertion. [Saml2Core, 2.3.3]
- /// </summary>
- /// <remarks>
- /// In this version of the Windows Identity Foundation, only version "2.0" is supported.
- /// </remarks>
- public string Version
- {
- get { return this.version; }
- }
- /// <summary>
- /// Writes the source data, if available.
- /// </summary>
- /// <exception cref="InvalidOperationException">When no source data is available</exception>
- /// <param name="writer">A <see cref="XmlWriter"/> for writting the data.</param>
- public virtual void WriteSourceData(XmlWriter writer)
- {
- if (!this.CanWriteSourceData)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
- new InvalidOperationException(SR.GetString(SR.ID4140)));
- }
- // This call will properly just reuse the existing writer if it already qualifies
- XmlDictionaryWriter dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer);
- this.sourceData.SetElementExclusion(null, null);
- this.sourceData.GetWriter().WriteTo(dictionaryWriter, new DictionaryManager());
- }
- /// <summary>
- /// Captures the XML source data from an EnvelopedSignatureReader.
- /// </summary>
- /// <remarks>
- /// The EnvelopedSignatureReader that was used to read the data for this
- /// assertion should be passed to this method after the </Assertion>
- /// element has been read. This method will preserve the raw XML data
- /// that was read, including the signature, so that it may be re-emitted
- /// without changes and without the need to re-sign the data. See
- /// CanWriteSourceData and WriteSourceData.
- /// </remarks>
- /// <param name="reader"><see cref="EnvelopedSignatureReader"/> that contains the data for the assertion.</param>
- internal virtual void CaptureSourceData(EnvelopedSignatureReader reader)
- {
- if (null == reader)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
- }
- this.sourceData = reader.XmlTokens;
- }
- }
- }