blob: 84b17ccf6dd0b87979741c2d02fcf6d5ed994ba6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
//-----------------------------------------------------------------------
// <copyright file="AccessToken.cs" company="Outercurve Foundation">
// Copyright (c) Outercurve Foundation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.OAuth2.ChannelElements {
using System;
using System.Collections.Generic;
using System.Diagnostics.Contracts;
using System.Security.Cryptography;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.Messaging.Bindings;
/// <summary>
/// A short-lived token that accompanies HTTP requests to protected data to authorize the request.
/// </summary>
internal class AccessToken : AuthorizationDataBag {
/// <summary>
/// Initializes a new instance of the <see cref="AccessToken"/> class.
/// </summary>
public AccessToken() {
}
/// <summary>
/// Initializes a new instance of the <see cref="AccessToken"/> class.
/// </summary>
/// <param name="authorization">The authorization to be described by the access token.</param>
/// <param name="lifetime">The lifetime of the access token.</param>
internal AccessToken(IAuthorizationDescription authorization, TimeSpan? lifetime) {
Requires.NotNull(authorization, "authorization");
this.ClientIdentifier = authorization.ClientIdentifier;
this.UtcCreationDate = authorization.UtcIssued;
this.User = authorization.User;
this.Scope.ResetContents(authorization.Scope);
this.Lifetime = lifetime;
}
/// <summary>
/// Initializes a new instance of the <see cref="AccessToken"/> class.
/// </summary>
/// <param name="clientIdentifier">The client identifier.</param>
/// <param name="scopes">The scopes.</param>
/// <param name="username">The username of the account that authorized this token.</param>
/// <param name="lifetime">The lifetime for this access token.</param>
internal AccessToken(string clientIdentifier, IEnumerable<string> scopes, string username, TimeSpan? lifetime) {
Requires.NotNullOrEmpty(clientIdentifier, "clientIdentifier");
this.ClientIdentifier = clientIdentifier;
this.Scope.ResetContents(scopes);
this.User = username;
this.Lifetime = lifetime;
this.UtcCreationDate = DateTime.UtcNow;
}
/// <summary>
/// Gets or sets the lifetime of the access token.
/// </summary>
/// <value>The lifetime.</value>
[MessagePart(Encoder = typeof(TimespanSecondsEncoder))]
internal TimeSpan? Lifetime { get; set; }
/// <summary>
/// Creates a formatter capable of serializing/deserializing an access token.
/// </summary>
/// <param name="signingKey">The crypto service provider with the authorization server's private key used to asymmetrically sign the access token.</param>
/// <param name="encryptingKey">The crypto service provider with the resource server's public key used to encrypt the access token.</param>
/// <returns>An access token serializer.</returns>
internal static IDataBagFormatter<AccessToken> CreateFormatter(RSACryptoServiceProvider signingKey, RSACryptoServiceProvider encryptingKey) {
Contract.Requires(signingKey != null || !signingKey.PublicOnly);
Contract.Requires(encryptingKey != null);
Contract.Ensures(Contract.Result<IDataBagFormatter<AccessToken>>() != null);
return new UriStyleMessageFormatter<AccessToken>(signingKey, encryptingKey);
}
/// <summary>
/// Checks the message state for conformity to the protocol specification
/// and throws an exception if the message is invalid.
/// </summary>
/// <remarks>
/// <para>Some messages have required fields, or combinations of fields that must relate to each other
/// in specialized ways. After deserializing a message, this method checks the state of the
/// message to see if it conforms to the protocol.</para>
/// <para>Note that this property should <i>not</i> check signatures or perform any state checks
/// outside this scope of this particular message.</para>
/// </remarks>
/// <exception cref="ProtocolException">Thrown if the message is invalid.</exception>
protected override void EnsureValidMessage() {
base.EnsureValidMessage();
// Has this token expired?
if (this.Lifetime.HasValue) {
DateTime expirationDate = this.UtcCreationDate + this.Lifetime.Value;
if (expirationDate < DateTime.UtcNow) {
throw new ExpiredMessageException(expirationDate, this.ContainingMessage);
}
}
}
}
}
|
