diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-12-02 15:57:23 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-12-02 15:57:23 -0800 |
| commit | c7509b6d29ffe07098d0c2b81acbd1af34e1c076 (patch) | |
| tree | 058db773e244038713f121b9381a962eca327ce3 /src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs | |
| parent | 67f3936edd8ed795f16e596f349a2f12712810e9 (diff) | |
| parent | 84ef4b74365fe78156792cf17bb945a9ace4e03f (diff) | |
| download | DotNetOpenAuth-c7509b6d29ffe07098d0c2b81acbd1af34e1c076.zip DotNetOpenAuth-c7509b6d29ffe07098d0c2b81acbd1af34e1c076.tar.gz DotNetOpenAuth-c7509b6d29ffe07098d0c2b81acbd1af34e1c076.tar.bz2 | |
Merge branch 'v4.1'
Conflicts:
src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs
src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs
src/version.txt
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs')
| -rw-r--r-- | src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs index a03bdab..62436ec 100644 --- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs +++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs @@ -8,6 +8,7 @@ namespace DotNetOpenAuth.OAuth2 { using System; using System.Collections.Generic; using System.Diagnostics.Contracts; + using System.IO; using System.Security.Cryptography; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth2.ChannelElements; @@ -23,8 +24,7 @@ namespace DotNetOpenAuth.OAuth2 { /// <param name="resourceServerPrivateEncryptionKey">The crypto service provider with the resource server private encryption key.</param> public StandardAccessTokenAnalyzer(RSACryptoServiceProvider authorizationServerPublicSigningKey, RSACryptoServiceProvider resourceServerPrivateEncryptionKey) { Requires.NotNull(authorizationServerPublicSigningKey, "authorizationServerPublicSigningKey"); - Requires.NotNull(resourceServerPrivateEncryptionKey, "resourceServerPrivateEncryptionKey"); - Requires.True(!resourceServerPrivateEncryptionKey.PublicOnly, "resourceServerPrivateEncryptionKey"); + Requires.True(resourceServerPrivateEncryptionKey == null || !resourceServerPrivateEncryptionKey.PublicOnly, "resourceServerPrivateEncryptionKey"); this.AuthorizationServerPublicSigningKey = authorizationServerPublicSigningKey; this.ResourceServerPrivateEncryptionKey = resourceServerPrivateEncryptionKey; } @@ -49,9 +49,15 @@ namespace DotNetOpenAuth.OAuth2 { /// <returns>The deserialized, validated token.</returns> /// <exception cref="ProtocolException">Thrown if the access token is expired, invalid, or from an untrusted authorization server.</exception> public virtual AccessToken DeserializeAccessToken(IDirectedProtocolMessage message, string accessToken) { + ErrorUtilities.VerifyProtocol(!string.IsNullOrEmpty(accessToken), ResourceServerStrings.MissingAccessToken); var accessTokenFormatter = AccessToken.CreateFormatter(this.AuthorizationServerPublicSigningKey, this.ResourceServerPrivateEncryptionKey); var token = new AccessToken(); - accessTokenFormatter.Deserialize(token, accessToken, message, Protocol.access_token); + try { + accessTokenFormatter.Deserialize(token, accessToken, message, Protocol.access_token); + } catch (IOException ex) { + throw new ProtocolException(ResourceServerStrings.InvalidAccessToken, ex); + } + return token; } } |