Added OpenID Provider downlevel protection for 1.x Relying Parties and turning it on by default.

author: Andrew Arnott <andrewarnott@gmail.com> 2009-03-05 16:04:35 -0800
committer: Andrew Arnott <andrewarnott@gmail.com> 2009-03-05 16:04:35 -0800
commit: c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2 (patch)
tree: e3c41cfcd6bb9c905b2648ea08cda7ca0c6edd4a /src/DotNetOpenAuth/OAuth/ChannelElements
parent: f02074e93cd1a1bd8b5b013c51fe26c0fb332bc6 (diff)
download: DotNetOpenAuth-c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2.zip
DotNetOpenAuth-c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2.tar.gz
DotNetOpenAuth-c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2.tar.bz2
3 files changed, 23 insertions, 31 deletions
diff --git a/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthHttpMethodBindingElement.cs b/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthHttpMethodBindingElement.cs
index 8be6c30..afc99d9 100644
--- a/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthHttpMethodBindingElement.cs
+++ b/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthHttpMethodBindingElement.cs
@@ -37,7 +37,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// True if the <paramref name="message"/> applied to this binding element
 		/// and the operation was successful.  False otherwise.
 		/// </returns>
-		public bool PrepareMessageForSending(IProtocolMessage message) {
+		public MessageProtections? PrepareMessageForSending(IProtocolMessage message) {
 			var oauthMessage = message as ITamperResistantOAuthMessage;
 
 			if (oauthMessage != null) {
@@ -47,12 +47,12 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 				} else if ((transmissionMethod & HttpDeliveryMethods.GetRequest) != 0) {
 					oauthMessage.HttpMethod = "GET";
 				} else {
-					return false;
+					return null;
 				}
 
-				return true;
+				return MessageProtections.None;
 			} else {
-				return false;
+				return null;
 			}
 		}
 
@@ -69,8 +69,8 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// Thrown when the binding element rules indicate that this message is invalid and should
 		/// NOT be processed.
 		/// </exception>
-		public bool PrepareMessageForReceiving(IProtocolMessage message) {
-			return false;
+		public MessageProtections? PrepareMessageForReceiving(IProtocolMessage message) {
+			return null;
 		}
 
 		#endregion
diff --git a/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs b/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs
index 6607162..e26e25c 100644
--- a/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs
+++ b/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs
@@ -73,8 +73,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// Signs the outgoing message.
 		/// </summary>
 		/// <param name="message">The message to sign.</param>
-		/// <returns>True if the message was signed.  False otherwise.</returns>
-		public bool PrepareMessageForSending(IProtocolMessage message) {
+		public MessageProtections? PrepareMessageForSending(IProtocolMessage message) {
 			var signedMessage = message as ITamperResistantOAuthMessage;
 			if (signedMessage != null && this.IsMessageApplicable(signedMessage)) {
 				if (this.SignatureCallback != null) {
@@ -86,26 +85,25 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 				signedMessage.SignatureMethod = this.signatureMethod;
 				Logger.DebugFormat("Signing {0} message using {1}.", message.GetType().Name, this.signatureMethod);
 				signedMessage.Signature = this.GetSignature(signedMessage);
-				return true;
+				return MessageProtections.TamperProtection;
 			}
 
-			return false;
+			return null;
 		}
 
 		/// <summary>
 		/// Verifies the signature on an incoming message.
 		/// </summary>
 		/// <param name="message">The message whose signature should be verified.</param>
-		/// <returns>True if the signature was verified.  False if the message had no signature.</returns>
 		/// <exception cref="InvalidSignatureException">Thrown if the signature is invalid.</exception>
-		public bool PrepareMessageForReceiving(IProtocolMessage message) {
+		public MessageProtections? PrepareMessageForReceiving(IProtocolMessage message) {
 			var signedMessage = message as ITamperResistantOAuthMessage;
 			if (signedMessage != null && this.IsMessageApplicable(signedMessage)) {
 				Logger.DebugFormat("Verifying incoming {0} message signature of: {1}", message.GetType().Name, signedMessage.Signature);
 
 				if (!string.Equals(signedMessage.SignatureMethod, this.signatureMethod, StringComparison.Ordinal)) {
 					Logger.WarnFormat("Expected signature method '{0}' but received message with a signature method of '{1}'.", this.signatureMethod, signedMessage.SignatureMethod);
-					return false;
+					return MessageProtections.None;
 				}
 
 				if (this.SignatureCallback != null) {
@@ -119,10 +117,10 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 					throw new InvalidSignatureException(message);
 				}
 
-				return true;
+				return MessageProtections.TamperProtection;
 			}
 
-			return false;
+			return null;
 		}
 
 		#endregion
diff --git a/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementChain.cs b/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementChain.cs
index 0d0f641..448248f 100644
--- a/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementChain.cs
+++ b/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementChain.cs
@@ -95,18 +95,15 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
-		/// <returns>
-		/// True if the <paramref name="message"/> applied to this binding element
-		/// and the operation was successful.  False otherwise.
-		/// </returns>
-		public bool PrepareMessageForSending(IProtocolMessage message) {
+		public MessageProtections? PrepareMessageForSending(IProtocolMessage message) {
 			foreach (IChannelBindingElement signer in this.signers) {
-				if (signer.PrepareMessageForSending(message)) {
-					return true;
+				MessageProtections? result = signer.PrepareMessageForSending(message);
+				if (result.HasValue) {
+					return result;
 				}
 			}
 
-			return false;
+			return null;
 		}
 
 		/// <summary>
@@ -114,18 +111,15 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
-		/// <returns>
-		/// True if the <paramref name="message"/> applied to this binding element
-		/// and the operation was successful.  False if the operation did not apply to this message.
-		/// </returns>
-		public bool PrepareMessageForReceiving(IProtocolMessage message) {
+		public MessageProtections? PrepareMessageForReceiving(IProtocolMessage message) {
 			foreach (IChannelBindingElement signer in this.signers) {
-				if (signer.PrepareMessageForReceiving(message)) {
-					return true;
+				MessageProtections? result = signer.PrepareMessageForReceiving(message);
+				if (result.HasValue) {
+					return result;
 				}
 			}
 
-			return false;
+			return null;
 		}
 
 		#endregion
author	Andrew Arnott <andrewarnott@gmail.com>	2009-03-05 16:04:35 -0800
committer	Andrew Arnott <andrewarnott@gmail.com>	2009-03-05 16:04:35 -0800
commit	c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2 (patch)
tree	e3c41cfcd6bb9c905b2648ea08cda7ca0c6edd4a /src/DotNetOpenAuth/OAuth/ChannelElements
parent	f02074e93cd1a1bd8b5b013c51fe26c0fb332bc6 (diff)
download	DotNetOpenAuth-c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2.zip DotNetOpenAuth-c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2.tar.gz DotNetOpenAuth-c282f35b8ccab78f6782d17c4ffab2b1ed96e5d2.tar.bz2