First pass at dividing DotNetOpenAuth features into separate assemblies.

Nothing compiles at this point.

1 files changed, 75 insertions, 0 deletions

diff --git a/src/DotNetOpenAuth.OAuth/Configuration/OAuthServiceProviderSecuritySettingsElement.cs b/src/DotNetOpenAuth.OAuth/Configuration/OAuthServiceProviderSecuritySettingsElement.cs
new file mode 100644
index 0000000..723b607
--- /dev/null
+++ b/src/DotNetOpenAuth.OAuth/Configuration/OAuthServiceProviderSecuritySettingsElement.cs
@@ -0,0 +1,75 @@
+//-----------------------------------------------------------------------
+// <copyright file="OAuthServiceProviderSecuritySettingsElement.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+	using System;
+	using System.Collections.Generic;
+	using System.Configuration;
+	using System.Linq;
+	using System.Text;
+	using DotNetOpenAuth.OAuth;
+
+	/// <summary>
+	/// Security settings that are applicable to service providers.
+	/// </summary>
+	internal class OAuthServiceProviderSecuritySettingsElement : ConfigurationElement {
+		/// <summary>
+		/// Gets the name of the @minimumRequiredOAuthVersion attribute.
+		/// </summary>
+		private const string MinimumRequiredOAuthVersionConfigName = "minimumRequiredOAuthVersion";
+
+		/// <summary>
+		/// Gets the name of the @maxAuthorizationTime attribute.
+		/// </summary>
+		private const string MaximumRequestTokenTimeToLiveConfigName = "maxAuthorizationTime";
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="OAuthServiceProviderSecuritySettingsElement"/> class.
+		/// </summary>
+		internal OAuthServiceProviderSecuritySettingsElement() {
+		}
+
+		/// <summary>
+		/// Gets or sets the minimum OAuth version a Consumer is required to support in order for this library to interoperate with it.
+		/// </summary>
+		/// <remarks>
+		/// Although the earliest versions of OAuth are supported, for security reasons it may be desirable to require the
+		/// remote party to support a later version of OAuth.
+		/// </remarks>
+		[ConfigurationProperty(MinimumRequiredOAuthVersionConfigName, DefaultValue = "V10")]
+		public ProtocolVersion MinimumRequiredOAuthVersion {
+			get { return (ProtocolVersion)this[MinimumRequiredOAuthVersionConfigName]; }
+			set { this[MinimumRequiredOAuthVersionConfigName] = value; }
+		}
+
+		/// <summary>
+		/// Gets or sets the maximum time a user can take to complete authorization.
+		/// </summary>
+		/// <remarks>
+		/// This time limit serves as a security mitigation against brute force attacks to
+		/// compromise (unauthorized or authorized) request tokens.
+		/// Longer time limits is more friendly to slow users or consumers, while shorter
+		/// time limits provide better security.
+		/// </remarks>
+		[ConfigurationProperty(MaximumRequestTokenTimeToLiveConfigName, DefaultValue = "0:05")] // 5 minutes
+		[PositiveTimeSpanValidator]
+		public TimeSpan MaximumRequestTokenTimeToLive {
+			get { return (TimeSpan)this[MaximumRequestTokenTimeToLiveConfigName]; }
+			set { this[MaximumRequestTokenTimeToLiveConfigName] = value; }
+		}
+
+		/// <summary>
+		/// Initializes a programmatically manipulatable bag of these security settings with the settings from the config file.
+		/// </summary>
+		/// <returns>The newly created security settings object.</returns>
+		internal ServiceProviderSecuritySettings CreateSecuritySettings() {
+			return new ServiceProviderSecuritySettings {
+				MinimumRequiredOAuthVersion = this.MinimumRequiredOAuthVersion,
+				MaximumRequestTokenTimeToLive = this.MaximumRequestTokenTimeToLive,
+			};
+		}
+	}
+}