Enable add Claims and AdditionalRequestParameters to request (#4987)

imcarolwang · web-flow · commit 6fd88a640c07 · 2023-02-17T15:57:57.000+08:00
* Enable add Claims and AdditionalRequestParameters to request

* Address review feedback.
diff --git a/src/System.ServiceModel.Federation/src/System/ServiceModel/Federation/WSTrustChannelSecurityTokenProvider.cs b/src/System.ServiceModel.Federation/src/System/ServiceModel/Federation/WSTrustChannelSecurityTokenProvider.cs
@@ -2,9 +2,9 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+using System.Collections.Generic;
 using System.ComponentModel;
 using System.Diagnostics.Tracing;
-using System.IdentityModel.Security;
 using System.IdentityModel.Selectors;
 using System.IdentityModel.Tokens;
 using System.IO;
@@ -20,6 +20,7 @@
 using System.Xml;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.WsAddressing;
+using Microsoft.IdentityModel.Protocols.WsFed;
 using Microsoft.IdentityModel.Protocols.WsPolicy;
 using Microsoft.IdentityModel.Protocols.WsTrust;
 using SecurityToken = System.IdentityModel.Tokens.SecurityToken;
@@ -107,7 +108,7 @@ private void CacheSecurityTokenResponse(WsTrustRequest request, WsTrustResponse
         /// <returns></returns>
         internal virtual ChannelFactory<IRequestChannel> ChannelFactory { get; set; }
 
-        internal ClientCredentials ClientCredentials { get; set; }
+        internal protected ClientCredentials ClientCredentials { get; set; }
 
         /// <summary>
         /// Creates a <see cref="WsTrustRequest"/> from the <see cref="WSTrustTokenParameters"/>
@@ -167,6 +168,27 @@ protected virtual WsTrustRequest CreateWsTrustRequest()
                 trustRequest.ComputedKeyAlgorithm = _requestSerializationContext.TrustKeyTypes.PSHA1;
             }
 
+            if (WSTrustTokenParameters.Claims != null)
+            {
+                List<ClaimType> claimTypes = new List<ClaimType>();
+                foreach (ClaimType claimType in WSTrustTokenParameters.Claims.ClaimTypes)
+                {
+                    claimTypes.Add(new ClaimType()
+                    {
+                        IsOptional = claimType.IsOptional,
+                        Uri = claimType.Uri,
+                        Value = claimType.Value
+                    });
+                }
+
+                trustRequest.Claims = new Claims(WSTrustTokenParameters.Claims.Dialect, claimTypes);
+            }
+            
+            foreach (XmlElement parameter in WSTrustTokenParameters.AdditionalRequestParameters)
+            {
+                trustRequest.AdditionalXmlElements.Add((XmlElement)parameter.CloneNode(true));
+            }
+
             return trustRequest;
         }
 
diff --git a/src/System.ServiceModel.Federation/src/System/ServiceModel/Federation/WsTrustTokenParameters.cs b/src/System.ServiceModel.Federation/src/System/ServiceModel/Federation/WsTrustTokenParameters.cs
@@ -9,6 +9,7 @@
 using System.ServiceModel.Channels;
 using System.ServiceModel.Security.Tokens;
 using System.Xml;
+using Microsoft.IdentityModel.Protocols.WsFed;
 using Microsoft.IdentityModel.Protocols.WsTrust;
 using Microsoft.IdentityModel.Tokens.Saml2;
 
@@ -49,11 +50,25 @@ protected WSTrustTokenParameters(WSTrustTokenParameters other)
             : base(other)
         {
             foreach (var parameter in other.AdditionalRequestParameters)
-                AdditionalRequestParameters.Add(parameter);
+                AdditionalRequestParameters.Add((XmlElement)parameter.CloneNode(true));
 
             CacheIssuedTokens = other.CacheIssuedTokens;
-            foreach (var claimType in ClaimTypes)
-                ClaimTypes.Add(claimType);
+
+            if (other.Claims != null)
+            {
+                List<ClaimType> claimTypes = new List<ClaimType>();
+                foreach (var claimType in other.Claims.ClaimTypes)
+                {
+                    claimTypes.Add(new ClaimType()
+                    {
+                        IsOptional = claimType.IsOptional,
+                        Uri = claimType.Uri,
+                        Value = claimType.Value
+                    });
+                }
+
+                Claims = new Claims(other.Claims.Dialect, claimTypes);
+            }
 
             _issuedTokenRenewalThresholdPercentage = other.IssuedTokenRenewalThresholdPercentage;
             KeySize = other.KeySize;
@@ -84,7 +99,7 @@ protected override SecurityTokenParameters CloneCore()
         /// Allows the addition of <see cref="Claims"/> to the WSTrust request
         /// <para>see: http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html </para>
         /// </summary>
-        public ICollection<Claims> ClaimTypes { get; } = new Collection<Claims>();
+        public Claims Claims { get; set; }
 
         /// <summary>
         /// Gets or sets the percentage of the issued token's lifetime at which it should be renewed instead of cached.
diff --git a/src/System.ServiceModel.Federation/tests/WSTrustChannelSecurityTokenProviderTest.cs b/src/System.ServiceModel.Federation/tests/WSTrustChannelSecurityTokenProviderTest.cs
@@ -0,0 +1,91 @@
+﻿// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.Linq;
+using System.ServiceModel.Description;
+using System.Xml;
+using Infrastructure.Common;
+using Microsoft.IdentityModel.Protocols.WsFed;
+using Microsoft.IdentityModel.Protocols.WsTrust;
+using Microsoft.IdentityModel.Tokens.Saml2;
+using Xunit;
+
+namespace System.ServiceModel.Federation.Tests
+{
+    public static class WSTrustChannelSecurityTokenProviderTest
+    {
+        [WcfFact]
+        public static void EnsibilityTest()
+        {
+            string claimUri = "http://example.org/claims/simplecustomclaim";
+            string claimValue = "sample claim value";
+            var claims = new Claims("dialect", new List<ClaimType>() { new ClaimType() { Uri = claimUri, IsOptional = false, Value = claimValue } });
+            var issuerAddress = new EndpointAddress(new Uri("http://localhost/issuer.svc"));
+            var targetAddress = new EndpointAddress(new Uri("http://localhost/target.svc"));
+            var issuerBinding = new WSHttpBinding(SecurityMode.Transport);
+            string eln1 = "Element1";
+            string eln2 = "Element2";
+            var additionalElements= new Collection<XmlElement>() { new XmlDocument().CreateElement(eln1), new XmlDocument().CreateElement(eln2) };
+            
+            var tokenParams = new WSTrustTokenParameters
+            {
+                Claims= claims,
+                IssuerAddress = issuerAddress,
+                IssuerBinding = issuerBinding,
+                KeyType = SecurityKeyType.SymmetricKey,
+                TokenType = Saml2Constants.OasisWssSaml2TokenProfile11,
+                MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11
+            };
+            
+            foreach(XmlElement element in additionalElements)
+            {
+                tokenParams.AdditionalRequestParameters.Add(element);
+            }
+
+            var tokenRequirement = new System.IdentityModel.Selectors.SecurityTokenRequirement()
+            {
+                TokenType = "urn:oasis:names:tc:SAML:1.0:assertion"
+            };
+
+            tokenRequirement.Properties["http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/IssuedSecurityTokenParameters"] = tokenParams;
+            tokenRequirement.Properties["http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/TargetAddress"] = targetAddress;
+            tokenRequirement.Properties["http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityAlgorithmSuite"] = System.ServiceModel.Security.SecurityAlgorithmSuite.Default;
+
+            var derivedTokenProvider = new WSTrustChannelSecurityTokenProviderDerived(tokenRequirement);
+
+            (derivedTokenProvider as ICommunicationObject).Open();
+            
+            WsTrustRequest trustRequest = derivedTokenProvider.CreateWsTrustRequestHelper();
+
+            Assert.NotNull(trustRequest);
+            Assert.NotNull(trustRequest.Claims);
+            Assert.Equal(claims.Dialect, trustRequest.Claims.Dialect);
+            ClaimType ctype = trustRequest.Claims.ClaimTypes.FirstOrDefault();
+            Assert.NotNull(ctype);
+            Assert.Equal(claimUri, ctype.Uri);
+            Assert.Equal(claimValue, ctype.Value);
+            Assert.False(ctype.IsOptional);
+            Assert.Equal(2, trustRequest.AdditionalXmlElements.Count);
+            Assert.Equal(eln1, trustRequest.AdditionalXmlElements[0].Name);
+            Assert.Equal(eln2, trustRequest.AdditionalXmlElements[1].Name);
+        }
+    }
+
+    public class WSTrustChannelSecurityTokenProviderDerived : WSTrustChannelSecurityTokenProvider
+    {
+        public WSTrustChannelSecurityTokenProviderDerived(SecurityTokenRequirement tokenRequirement) : base(tokenRequirement)
+        {
+        }
+        
+        public Microsoft.IdentityModel.Protocols.WsTrust.WsTrustRequest CreateWsTrustRequestHelper()
+        {
+            ClientCredentials = new ClientCredentials();
+            return base.CreateWsTrustRequest();
+        }
+    }
+}
