diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-03-05 16:04:35 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-03-05 16:04:35 -0800 |
| commit | c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2 (patch) | |
| tree | e3c41cfcd6bb9c905b2648ea08cda7ca0c6edd4a /src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs | |
| parent | f02074e93cd1a1bd8b5b013c51fe26c0fb332bc6 (diff) | |
| download | DotNetOpenAuth-c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2.zip DotNetOpenAuth-c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2.tar.gz DotNetOpenAuth-c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2.tar.bz2 | |
Added OpenID Provider downlevel protection for 1.x Relying Parties and turning it on by default.
Diffstat (limited to 'src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs')
| -rw-r--r-- | src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs b/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs index 6607162..e26e25c 100644 --- a/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs +++ b/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs @@ -73,8 +73,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements { /// Signs the outgoing message. /// </summary> /// <param name="message">The message to sign.</param> - /// <returns>True if the message was signed. False otherwise.</returns> - public bool PrepareMessageForSending(IProtocolMessage message) { + public MessageProtections? PrepareMessageForSending(IProtocolMessage message) { var signedMessage = message as ITamperResistantOAuthMessage; if (signedMessage != null && this.IsMessageApplicable(signedMessage)) { if (this.SignatureCallback != null) { @@ -86,26 +85,25 @@ namespace DotNetOpenAuth.OAuth.ChannelElements { signedMessage.SignatureMethod = this.signatureMethod; Logger.DebugFormat("Signing {0} message using {1}.", message.GetType().Name, this.signatureMethod); signedMessage.Signature = this.GetSignature(signedMessage); - return true; + return MessageProtections.TamperProtection; } - return false; + return null; } /// <summary> /// Verifies the signature on an incoming message. /// </summary> /// <param name="message">The message whose signature should be verified.</param> - /// <returns>True if the signature was verified. False if the message had no signature.</returns> /// <exception cref="InvalidSignatureException">Thrown if the signature is invalid.</exception> - public bool PrepareMessageForReceiving(IProtocolMessage message) { + public MessageProtections? PrepareMessageForReceiving(IProtocolMessage message) { var signedMessage = message as ITamperResistantOAuthMessage; if (signedMessage != null && this.IsMessageApplicable(signedMessage)) { Logger.DebugFormat("Verifying incoming {0} message signature of: {1}", message.GetType().Name, signedMessage.Signature); if (!string.Equals(signedMessage.SignatureMethod, this.signatureMethod, StringComparison.Ordinal)) { Logger.WarnFormat("Expected signature method '{0}' but received message with a signature method of '{1}'.", this.signatureMethod, signedMessage.SignatureMethod); - return false; + return MessageProtections.None; } if (this.SignatureCallback != null) { @@ -119,10 +117,10 @@ namespace DotNetOpenAuth.OAuth.ChannelElements { throw new InvalidSignatureException(message); } - return true; + return MessageProtections.TamperProtection; } - return false; + return null; } #endregion |