diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-12-15 22:17:20 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-12-15 22:17:20 -0800 |
| commit | e12782c1a6727390b2107ff2e39d4ac6173d86fc (patch) | |
| tree | 3be0ccda0a9425927263f5b6b9616ef8ba11ac08 /src/DotNetOpenId/SecuritySettings.cs | |
| parent | 078b1f350eb40ceee7423c25b1d833dd1f242da4 (diff) | |
| parent | a545f7be2693596fa14540c359e43150a6a7cf88 (diff) | |
| download | DotNetOpenAuth-origin/mono.zip DotNetOpenAuth-origin/mono.tar.gz DotNetOpenAuth-origin/mono.tar.bz2 | |
Merge branch 'v2.5' into monoorigin/mono
Conflicts:
src/DotNetOpenId/Properties/AssemblyInfo.cs
src/DotNetOpenId/RelyingParty/AuthenticationResponse.cs
Diffstat (limited to 'src/DotNetOpenId/SecuritySettings.cs')
| -rw-r--r-- | src/DotNetOpenId/SecuritySettings.cs | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/src/DotNetOpenId/SecuritySettings.cs b/src/DotNetOpenId/SecuritySettings.cs new file mode 100644 index 0000000..fb9c079 --- /dev/null +++ b/src/DotNetOpenId/SecuritySettings.cs @@ -0,0 +1,58 @@ +using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace DotNetOpenId {
+ /// <summary>
+ /// Security settings that may be applicable to both relying parties and providers.
+ /// </summary>
+ public class SecuritySettings {
+ internal SecuritySettings(bool isProvider) {
+ if (isProvider) {
+ maximumHashBitLength = maximumHashBitLengthOPDefault;
+ }
+ }
+
+ internal const int minimumHashBitLengthDefault = 160;
+ int minimumHashBitLength = minimumHashBitLengthDefault;
+ /// <summary>
+ /// Gets/sets the minimum hash length (in bits) allowed to be used in an <see cref="Association"/>
+ /// with the remote party. The default is 160.
+ /// </summary>
+ /// <remarks>
+ /// SHA-1 (160 bits) has been broken. The minimum secure hash length is now 256 bits.
+ /// The default is still a 160 bit minimum to allow interop with common remote parties,
+ /// such as Yahoo! that only supports 160 bits.
+ /// For sites that require high security such as to store bank account information and
+ /// health records, 256 is the recommended value.
+ /// </remarks>
+ public int MinimumHashBitLength {
+ get { return minimumHashBitLength; }
+ set { minimumHashBitLength = value; }
+ }
+ internal const int maximumHashBitLengthRPDefault = 256;
+ internal const int maximumHashBitLengthOPDefault = 512;
+ int maximumHashBitLength = maximumHashBitLengthRPDefault;
+ /// <summary>
+ /// Gets/sets the maximum hash length (in bits) allowed to be used in an <see cref="Association"/>
+ /// with the remote party. The default is 256 for relying parties and 512 for providers.
+ /// </summary>
+ /// <remarks>
+ /// The longer the bit length, the more secure the identities of your visitors are.
+ /// Setting a value higher than 256 on a relying party site may reduce performance
+ /// as many association requests will be denied, causing secondary requests or even
+ /// authentication failures.
+ /// Setting a value higher than 256 on a provider increases security where possible
+ /// without these side-effects.
+ /// </remarks>
+ public int MaximumHashBitLength {
+ get { return maximumHashBitLength; }
+ set { maximumHashBitLength = value; }
+ }
+
+ internal bool IsAssociationInPermittedRange(Protocol protocol, string associationType) {
+ int lengthInBits = HmacShaAssociation.GetSecretLength(protocol, associationType) * 8;
+ return lengthInBits >= MinimumHashBitLength && lengthInBits <= MaximumHashBitLength;
+ }
+ }
+}
|