2 // SamlAuthorizationDecisionStatement.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2005 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.Generic;
31 using System.IdentityModel.Claims;
32 using System.IdentityModel.Policy;
33 using System.IdentityModel.Selectors;
35 namespace System.IdentityModel.Tokens
37 public class SamlAuthorizationDecisionStatement : SamlSubjectStatement
39 public static string ClaimType {
40 get { return "http://schemas.microsoft.com/mb/2005/09/ClaimType/SamlAuthorizationDecision"; }
43 public SamlAuthorizationDecisionStatement ()
47 public SamlAuthorizationDecisionStatement (
48 SamlSubject samlSubject, string resource,
49 SamlAccessDecision accessDecision,
50 IEnumerable<SamlAction> samlActions)
53 if (samlActions == null)
54 throw new ArgumentNullException ("samlActions");
55 if (resource == null || resource.Length == 0)
56 throw new SecurityTokenException ("non-zero length string must be set to Resource of SAML AuthorizationDecisionStatement.");
58 AccessDecision = accessDecision;
59 foreach (SamlAction a in samlActions) {
61 throw new ArgumentException ("samlActions contain null item.");
66 public SamlAuthorizationDecisionStatement (
67 SamlSubject samlSubject, string resource,
68 SamlAccessDecision accessDecision,
69 IEnumerable<SamlAction> samlActions,
70 SamlEvidence samlEvidence)
71 : this (samlSubject, resource, accessDecision, samlActions)
73 evidence = samlEvidence;
76 SamlAccessDecision access_decision;
77 SamlEvidence evidence;
79 List<SamlAction> actions = new List<SamlAction> ();
81 public IList<SamlAction> SamlActions {
82 get { return actions; }
85 public SamlAccessDecision AccessDecision {
86 get { return access_decision; }
89 access_decision = value;
93 public SamlEvidence Evidence {
94 get { return evidence; }
101 public string Resource {
102 get { return resource; }
105 if (value == null || value.Length == 0)
106 throw new ArgumentException ("non-zero length string must be set to Resource of SAML AuthorizationDecisionStatement.");
111 public override bool IsReadOnly {
112 get { return base.IsReadOnly; }
115 private void CheckReadOnly ()
118 throw new InvalidOperationException ("This SAML assertion is read-only.");
121 public override void MakeReadOnly ()
123 base.MakeReadOnly ();
127 protected override void AddClaimsToList (IList<Claim> claims)
129 throw new NotImplementedException ();
132 public override void ReadXml (XmlDictionaryReader reader,
133 SamlSerializer samlSerializer,
134 SecurityTokenSerializer keyInfoSerializer,
135 SecurityTokenResolver outOfBandTokenResolver)
138 throw new ArgumentNullException ("reader");
139 if (samlSerializer == null)
140 throw new ArgumentNullException ("samlSerializer");
142 string decision = reader.GetAttribute ("Decision");
145 AccessDecision = SamlAccessDecision.Permit;
148 AccessDecision = SamlAccessDecision.Deny;
150 case "Indeterminate":
151 AccessDecision = SamlAccessDecision.Indeterminate;
154 throw new SecurityTokenException (String.Format ("AccessDecision value is wrong: {0}", decision));
156 Resource = reader.GetAttribute ("Resource");
158 reader.ReadStartElement ("AuthorizationDecisionStatement", SamlConstants.Namespace);
160 reader.MoveToContent ();
161 SamlSubject = new SamlSubject ();
162 SamlSubject.ReadXml (reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
163 SamlActions.Clear ();
164 for (reader.MoveToContent ();
165 reader.LocalName == "Action" &&
166 reader.NamespaceURI == SamlConstants.Namespace;
167 reader.MoveToContent ()) {
168 SamlAction action = new SamlAction ();
169 action.ReadXml (reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
170 SamlActions.Add (action);
172 if (reader.LocalName == "Evidence" &&
173 reader.NamespaceURI == SamlConstants.Namespace) {
174 Evidence = new SamlEvidence ();
175 Evidence.ReadXml (reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
176 reader.MoveToContent ();
178 reader.ReadEndElement ();
181 if (SamlActions.Count == 0)
182 throw new SecurityTokenException ("SAML AuthorizationDecisionStatement must contain at least one Action.");
184 if (SamlSubject == null)
185 throw new SecurityTokenException ("SAML Subject must be set to SAML AuthorizationDecisionStatement before being written.");
186 if (Resource == null || Resource.Length == 0)
187 throw new SecurityTokenException ("non-zero string must be set to Resource on SAML AuthorizationDecisionStatement.");
190 public override void WriteXml (XmlDictionaryWriter writer,
191 SamlSerializer samlSerializer,
192 SecurityTokenSerializer keyInfoSerializer)
195 throw new ArgumentNullException ("writer");
196 if (samlSerializer == null)
197 throw new ArgumentNullException ("samlSerializer");
198 if (SamlActions.Count == 0)
199 throw new SecurityTokenException ("SAML AuthorizationDecisionStatement must contain at least one Action.");
201 if (SamlSubject == null)
202 throw new SecurityTokenException ("SAML Subject must be set to SAML AuthorizationDecisionStatement before being written.");
203 if (Resource == null || Resource.Length == 0)
204 throw new SecurityTokenException ("non-zero string must be set to Resource on SAML AuthorizationDecisionStatement.");
206 writer.WriteStartElement ("saml", "AuthorizationDecisionStatement", SamlConstants.Namespace);
208 writer.WriteStartAttribute ("Decision");
209 switch (AccessDecision) {
210 case SamlAccessDecision.Permit:
211 writer.WriteString ("Permit");
213 case SamlAccessDecision.Deny:
214 writer.WriteString ("Deny");
216 case SamlAccessDecision.Indeterminate:
217 writer.WriteString ("Indeterminate");
220 throw new ArgumentOutOfRangeException ("AccessDecision value is wrong.");
222 writer.WriteEndAttribute ();
224 writer.WriteAttributeString ("Resource", Resource);
225 SamlSubject.WriteXml (writer, samlSerializer, keyInfoSerializer);
226 foreach (SamlAction action in SamlActions)
227 action.WriteXml (writer, samlSerializer, keyInfoSerializer);
228 if (Evidence != null)
229 Evidence.WriteXml (writer, samlSerializer, keyInfoSerializer);
231 writer.WriteEndElement ();