//-----------------------------------------------------------------------
//
// Copyright (c) Andrew Arnott. All rights reserved.
//
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.OAuth2.ChannelElements {
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth2.Messages;
///
/// Serializes access tokens inside an outgoing message.
///
internal class AccessTokenBindingElement : AuthServerBindingElementBase {
///
/// Initializes a new instance of the class.
///
internal AccessTokenBindingElement() {
}
///
/// Gets the protection commonly offered (if any) by this binding element.
///
/// Always MessageProtections.None
///
/// This value is used to assist in sorting binding elements in the channel stack.
///
public override MessageProtections Protection {
get { return MessageProtections.None; }
}
///
/// Prepares a message for sending based on the rules of this channel binding element.
///
/// The message to prepare for sending.
///
/// The protections (if any) that this binding element applied to the message.
/// Null if this binding element did not even apply to this binding element.
///
public override MessageProtections? ProcessOutgoingMessage(IProtocolMessage message) {
var directResponse = message as IDirectResponseProtocolMessage;
IAccessTokenRequest request = directResponse != null ? directResponse.OriginatingRequest as IAccessTokenRequest : null;
var implicitGrantResponse = message as EndUserAuthorizationSuccessAccessTokenResponse;
if (implicitGrantResponse != null) {
IAuthorizationCarryingRequest tokenCarryingResponse = implicitGrantResponse;
tokenCarryingResponse.AuthorizationDescription = new AccessToken(request.ClientIdentifier, implicitGrantResponse.Scope, implicitGrantResponse.AuthorizingUsername, implicitGrantResponse.Lifetime);
return MessageProtections.None;
}
var accessTokenResponse = message as AccessTokenSuccessResponse;
if (accessTokenResponse != null) {
var authCarryingRequest = (IAuthorizationCarryingRequest)request;
var accessToken = new AccessToken(authCarryingRequest.AuthorizationDescription, accessTokenResponse.Lifetime);
using (var resourceServerEncryptionKey = this.AuthorizationServer.GetResourceServerEncryptionKey(request)) {
var accessTokenFormatter = AccessToken.CreateFormatter(this.AuthorizationServer.AccessTokenSigningKey, resourceServerEncryptionKey);
accessTokenResponse.AccessToken = accessTokenFormatter.Serialize(accessToken);
}
if (accessTokenResponse.HasRefreshToken) {
var refreshToken = new RefreshToken(authCarryingRequest.AuthorizationDescription);
var refreshTokenFormatter = RefreshToken.CreateFormatter(this.AuthorizationServer.CryptoKeyStore);
accessTokenResponse.RefreshToken = refreshTokenFormatter.Serialize(refreshToken);
}
}
return null;
}
///
/// Performs any transformation on an incoming message that may be necessary and/or
/// validates an incoming message based on the rules of this channel binding element.
///
/// The incoming message to process.
///
/// The protections (if any) that this binding element applied to the message.
/// Null if this binding element did not even apply to this binding element.
///
///
/// Thrown when the binding element rules indicate that this message is invalid and should
/// NOT be processed.
///
public override MessageProtections? ProcessIncomingMessage(IProtocolMessage message) {
return null;
}
}
}