Moved some JSON serialization logic to MessagingUtilities and added a unit test.

3 files changed, 75 insertions, 18 deletions

diff --git a/src/DotNetOpenAuth.Core/Messaging/Channel.cs b/src/DotNetOpenAuth.Core/Messaging/Channel.cs
index 2018801..672a942 100644
--- a/src/DotNetOpenAuth.Core/Messaging/Channel.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/Channel.cs
@@ -38,6 +38,16 @@ namespace DotNetOpenAuth.Messaging {
 		internal static readonly Encoding PostEntityEncoding = new UTF8Encoding(false);
 
 		/// <summary>
+		/// A default set of XML dictionary reader quotas that are relatively safe from causing unbounded memory consumption.
+		/// </summary>
+		internal static readonly XmlDictionaryReaderQuotas DefaultUntrustedXmlDictionaryReaderQuotas = new XmlDictionaryReaderQuotas {
+			MaxArrayLength = 1,
+			MaxDepth = 2,
+			MaxBytesPerRead = 8 * 1024,
+			MaxStringContentLength = 16 * 1024,
+		};
+
+		/// <summary>
 		/// The content-type used on HTTP POST requests where the POST entity is a
 		/// URL-encoded series of key=value pairs.
 		/// </summary>
@@ -152,12 +162,7 @@ namespace DotNetOpenAuth.Messaging {
 
 			this.messageTypeProvider = messageTypeProvider;
 			this.WebRequestHandler = new StandardWebRequestHandler();
-			this.XmlDictionaryReaderQuotas = new XmlDictionaryReaderQuotas {
-				MaxArrayLength = 1,
-				MaxDepth = 2,
-				MaxBytesPerRead = 8 * 1024,
-				MaxStringContentLength = 16 * 1024,
-			};
+			this.XmlDictionaryReaderQuotas = DefaultUntrustedXmlDictionaryReaderQuotas;
 
 			this.outgoingBindingElements = new List<IChannelBindingElement>(ValidateAndPrepareBindingElements(bindingElements));
 			this.incomingBindingElements = new List<IChannelBindingElement>(this.outgoingBindingElements);
@@ -991,17 +996,7 @@ namespace DotNetOpenAuth.Messaging {
 		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		protected virtual string SerializeAsJson(IMessage message) {
 			Requires.NotNull(message, "message");
-
-			MessageDictionary messageDictionary = this.MessageDescriptions.GetAccessor(message);
-			using (var memoryStream = new MemoryStream()) {
-				using (var jsonWriter = JsonReaderWriterFactory.CreateJsonWriter(memoryStream, Encoding.UTF8)) {
-					MessageSerializer.Serialize(messageDictionary, jsonWriter);
-					jsonWriter.Flush();
-				}
-
-				string json = Encoding.UTF8.GetString(memoryStream.ToArray());
-				return json;
-			}
+			return MessagingUtilities.SerializeAsJson(message, this.MessageDescriptions);
 		}
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessageSerializer.cs b/src/DotNetOpenAuth.Core/Messaging/MessageSerializer.cs
index bdca190..15df48a 100644
--- a/src/DotNetOpenAuth.Core/Messaging/MessageSerializer.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/MessageSerializer.cs
@@ -74,7 +74,7 @@ namespace DotNetOpenAuth.Messaging {
 		}
 
 		/// <summary>
-		/// Reads the data from a message instance and writes a XML/JSON encoding of it.
+		/// Reads the data from a message instance and writes an XML/JSON encoding of it.
 		/// </summary>
 		/// <param name="messageDictionary">The message to be serialized.</param>
 		/// <param name="writer">The writer to use for the serialized form.</param>
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
index 47d3834..e821953 100644
--- a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
@@ -1672,6 +1672,68 @@ namespace DotNetOpenAuth.Messaging {
 		}
 
 		/// <summary>
+		/// Serializes the given message as a JSON string.
+		/// </summary>
+		/// <param name="message">The message to serialize.</param>
+		/// <param name="messageDescriptions">The cached message descriptions to use for reflection.</param>
+		/// <returns>A JSON string.</returns>
+		[SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "This Dispose is safe.")]
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
+		internal static string SerializeAsJson(IMessage message, MessageDescriptionCollection messageDescriptions) {
+			Requires.NotNull(message, "message");
+			Requires.NotNull(messageDescriptions, "messageDescriptions");
+
+			var encoding = Encoding.UTF8;
+			var bytes = SerializeAsJsonBytes(message, messageDescriptions, encoding);
+			string json = encoding.GetString(bytes);
+			return json;
+		}
+
+		/// <summary>
+		/// Serializes the given message as a JSON string.
+		/// </summary>
+		/// <param name="message">The message to serialize.</param>
+		/// <param name="messageDescriptions">The cached message descriptions to use for reflection.</param>
+		/// <param name="encoding">The encoding to use.  Defaults to <see cref="Encoding.UTF8"/></param>
+		/// <returns>A JSON string.</returns>
+		[SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "This Dispose is safe.")]
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
+		internal static byte[] SerializeAsJsonBytes(IMessage message, MessageDescriptionCollection messageDescriptions, Encoding encoding = null) {
+			Requires.NotNull(message, "message");
+			Requires.NotNull(messageDescriptions, "messageDescriptions");
+
+			encoding = encoding ?? Encoding.UTF8;
+			MessageDictionary messageDictionary = messageDescriptions.GetAccessor(message);
+			using (var memoryStream = new MemoryStream()) {
+				using (var jsonWriter = JsonReaderWriterFactory.CreateJsonWriter(memoryStream, encoding)) {
+					MessageSerializer.Serialize(messageDictionary, jsonWriter);
+					jsonWriter.Flush();
+				}
+
+				return memoryStream.ToArray();
+			}
+		}
+
+		/// <summary>
+		/// Deserializes a JSON object into a message.
+		/// </summary>
+		/// <param name="jsonBytes">The buffer containing the JSON string.</param>
+		/// <param name="receivingMessage">The message to deserialize the object into.</param>
+		/// <param name="messageDescriptions">The cache of message descriptions.</param>
+		/// <param name="encoding">The encoding that the JSON bytes are in.</param>
+		internal static void DeserializeFromJson(byte[] jsonBytes, IMessage receivingMessage, MessageDescriptionCollection messageDescriptions, Encoding encoding = null) {
+			Requires.NotNull(jsonBytes, "jsonBytes");
+			Requires.NotNull(receivingMessage, "receivingMessage");
+			Requires.NotNull(messageDescriptions, "messageDescriptions");
+
+			encoding = encoding ?? Encoding.UTF8;
+			MessageDictionary messageDictionary = messageDescriptions.GetAccessor(receivingMessage);
+			using (var jsonReader = JsonReaderWriterFactory.CreateJsonReader(jsonBytes, 0, jsonBytes.Length, encoding, Channel.DefaultUntrustedXmlDictionaryReaderQuotas, null)) {
+				MessageSerializer.Deserialize(messageDictionary, jsonReader);
+			}
+		}
+
+		/// <summary>
 		/// Prepares what SHOULD be simply a string value for safe injection into Javascript
 		/// by using appropriate character escaping.
 		/// </summary>