Splitting up the OpenID profile into OpenID RP and OP. The core OpenID DLL compiles, but the RP and OP ones do not.

1 files changed, 82 insertions, 0 deletions

diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs
new file mode 100644
index 0000000..80743f7
--- /dev/null
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs
@@ -0,0 +1,82 @@
+//-----------------------------------------------------------------------
+// <copyright file="AssociateDiffieHellmanResponse.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.OpenId.Messages {
+	using System;
+	using System.Diagnostics.Contracts;
+	using System.Security.Cryptography;
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.Messaging.Reflection;
+	using DotNetOpenAuth.OpenId.Provider;
+	using Org.Mentalis.Security.Cryptography;
+
+	/// <summary>
+	/// The successful Diffie-Hellman association response message.
+	/// </summary>
+	/// <remarks>
+	/// Association response messages are described in OpenID 2.0 section 8.2.  This type covers section 8.2.3.
+	/// </remarks>
+	internal class AssociateDiffieHellmanProviderResponse : AssociateDiffieHellmanResponse {
+		/// <summary>
+		/// Initializes a new instance of the <see cref="AssociateDiffieHellmanProviderResponse"/> class.
+		/// </summary>
+		/// <param name="responseVersion">The OpenID version of the response message.</param>
+		/// <param name="originatingRequest">The originating request.</param>
+		internal AssociateDiffieHellmanProviderResponse(Version responseVersion, AssociateDiffieHellmanRequest originatingRequest)
+			: base(responseVersion, originatingRequest) {
+		}
+
+		/// <summary>
+		/// Creates the association at relying party side after the association response has been received.
+		/// </summary>
+		/// <param name="request">The original association request that was already sent and responded to.</param>
+		/// <returns>The newly created association.</returns>
+		/// <remarks>
+		/// The resulting association is <i>not</i> added to the association store and must be done by the caller.
+		/// </remarks>
+		protected override Association CreateAssociationAtRelyingParty(AssociateRequest request) {
+			throw new NotImplementedException();
+		}
+
+		/// <summary>
+		/// Creates the association at the provider side after the association request has been received.
+		/// </summary>
+		/// <param name="request">The association request.</param>
+		/// <param name="associationStore">The OpenID Provider's association store or handle encoder.</param>
+		/// <param name="securitySettings">The security settings of the Provider.</param>
+		/// <returns>
+		/// The newly created association.
+		/// </returns>
+		/// <remarks>
+		/// The response message is updated to include the details of the created association by this method,
+		/// but the resulting association is <i>not</i> added to the association store and must be done by the caller.
+		/// </remarks>
+		protected override Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) {
+			var diffieHellmanRequest = request as AssociateDiffieHellmanRequest;
+			ErrorUtilities.VerifyInternal(diffieHellmanRequest != null, "Expected a DH request type.");
+
+			this.SessionType = this.SessionType ?? request.SessionType;
+
+			// Go ahead and create the association first, complete with its secret that we're about to share.
+			Association association = HmacShaAssociation.Create(this.Protocol, this.AssociationType, AssociationRelyingPartyType.Smart, associationStore, securitySettings);
+
+			// We now need to securely communicate the secret to the relying party using Diffie-Hellman.
+			// We do this by performing a DH algorithm on the secret and setting a couple of properties
+			// that will be transmitted to the Relying Party.  The RP will perform an inverse operation
+			// using its part of a DH secret in order to decrypt the shared secret we just invented 
+			// above when we created the association.
+			using (DiffieHellman dh = new DiffieHellmanManaged(
+				diffieHellmanRequest.DiffieHellmanModulus ?? AssociateDiffieHellmanRequest.DefaultMod,
+				diffieHellmanRequest.DiffieHellmanGen ?? AssociateDiffieHellmanRequest.DefaultGen,
+				AssociateDiffieHellmanRequest.DefaultX)) {
+				HashAlgorithm hasher = DiffieHellmanUtilities.Lookup(this.Protocol, this.SessionType);
+				this.DiffieHellmanServerPublic = DiffieHellmanUtilities.EnsurePositive(dh.CreateKeyExchange());
+				this.EncodedMacKey = DiffieHellmanUtilities.SHAHashXorSecret(hasher, dh, diffieHellmanRequest.DiffieHellmanConsumerPublic, association.SecretKey);
+			}
+			return association;
+		}
+	}
+}