diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-10-14 19:58:54 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-10-14 19:58:54 -0700 |
| commit | 1147c2afd97ce408f2e4d08458ca68b108c35b1e (patch) | |
| tree | d812ae4d013142db03091abf61742a3753eb7ed2 /src | |
| parent | 0484ade3bd35282c8b30cfa27730498ab5168859 (diff) | |
| parent | 321267ee6a54e917395694f270d3f6fe7fae3c51 (diff) | |
| download | DotNetOpenAuth-1147c2afd97ce408f2e4d08458ca68b108c35b1e.zip DotNetOpenAuth-1147c2afd97ce408f2e4d08458ca68b108c35b1e.tar.gz DotNetOpenAuth-1147c2afd97ce408f2e4d08458ca68b108c35b1e.tar.bz2 | |
Merge branch 'v4.1'
Diffstat (limited to 'src')
65 files changed, 764 insertions, 353 deletions
diff --git a/src/DotNetOpenAuth.AspNet.Test/OAuth2ClientTest.cs b/src/DotNetOpenAuth.AspNet.Test/OAuth2ClientTest.cs index 89a483c..e60df01 100644 --- a/src/DotNetOpenAuth.AspNet.Test/OAuth2ClientTest.cs +++ b/src/DotNetOpenAuth.AspNet.Test/OAuth2ClientTest.cs @@ -47,7 +47,16 @@ namespace DotNetOpenAuth.AspNet.Test { var client = new MockOAuth2Client(); // Act && Assert - Assert.Throws<ArgumentNullException>(() => client.VerifyAuthentication(null)); + Assert.Throws<ArgumentNullException>(() => client.VerifyAuthentication(null, new Uri("http://me.com"))); + } + + [TestCase] + public void VerifyAuthenticationWithoutReturnUrlThrows() { + // Arrange + var client = new MockOAuth2Client(); + + // Act && Assert + Assert.Throws<InvalidOperationException>(() => client.VerifyAuthentication(new Mock<HttpContextBase>().Object)); } [TestCase] @@ -59,7 +68,7 @@ namespace DotNetOpenAuth.AspNet.Test { context.Setup(c => c.Request.QueryString).Returns(queryStrings); // Act - AuthenticationResult result = client.VerifyAuthentication(context.Object); + AuthenticationResult result = client.VerifyAuthentication(context.Object, new Uri("http://me.com")); // Assert Assert.IsFalse(result.IsSuccessful); @@ -75,7 +84,7 @@ namespace DotNetOpenAuth.AspNet.Test { context.Setup(c => c.Request.QueryString).Returns(queryStrings); // Act - AuthenticationResult result = client.VerifyAuthentication(context.Object); + AuthenticationResult result = client.VerifyAuthentication(context.Object, new Uri("http://me.com")); // Assert Assert.IsFalse(result.IsSuccessful); @@ -91,7 +100,7 @@ namespace DotNetOpenAuth.AspNet.Test { context.Setup(c => c.Request.QueryString).Returns(queryStrings); // Act - AuthenticationResult result = client.VerifyAuthentication(context.Object); + AuthenticationResult result = client.VerifyAuthentication(context.Object, new Uri("http://me.com")); // Assert Assert.True(result.IsSuccessful); diff --git a/src/DotNetOpenAuth.AspNet.Test/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.AspNet.Test/Properties/AssemblyInfo.cs index d8a6a0b..cb15d63 100644 --- a/src/DotNetOpenAuth.AspNet.Test/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.AspNet.Test/Properties/AssemblyInfo.cs @@ -11,14 +11,8 @@ using System.Runtime.InteropServices; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth.AspNet.Test")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("Microsoft")] -[assembly: AssemblyProduct("DotNetOpenAuth.AspNet.Test")] [assembly: AssemblyCopyright("Copyright © Microsoft 2011")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] // Setting ComVisible to false makes the types in this assembly not visible // to COM components. If you need to access a type in this assembly from diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth/OAuthClient.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth/OAuthClient.cs index 9a9f40d..1ae64fc 100644 --- a/src/DotNetOpenAuth.AspNet/Clients/OAuth/OAuthClient.cs +++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth/OAuthClient.cs @@ -164,9 +164,8 @@ namespace DotNetOpenAuth.AspNet.Clients { internal static XDocument LoadXDocumentFromStream(Stream stream) { const int MaxChars = 0x10000; // 64k - XmlReaderSettings settings = new XmlReaderSettings() { - MaxCharactersInDocument = MaxChars - }; + var settings = MessagingUtilities.CreateUntrustedXmlReaderSettings(); + settings.MaxCharactersInDocument = MaxChars; return XDocument.Load(XmlReader.Create(stream, settings)); } diff --git a/src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs b/src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs index 6a898a1..2d18b7b 100644 --- a/src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs +++ b/src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs @@ -64,15 +64,6 @@ namespace DotNetOpenAuth.AspNet { /// <param name="requestContext"> /// The request context. /// </param> - public OpenAuthSecurityManager(HttpContextBase requestContext) - : this(requestContext, provider: null, dataProvider: null) { } - - /// <summary> - /// Initializes a new instance of the <see cref="OpenAuthSecurityManager"/> class. - /// </summary> - /// <param name="requestContext"> - /// The request context. - /// </param> /// <param name="provider"> /// The provider. /// </param> @@ -81,9 +72,9 @@ namespace DotNetOpenAuth.AspNet { /// </param> public OpenAuthSecurityManager( HttpContextBase requestContext, IAuthenticationClient provider, IOpenAuthDataProvider dataProvider) { - if (requestContext == null) { - throw new ArgumentNullException("requestContext"); - } + Requires.NotNull(requestContext, "requestContext"); + Requires.NotNull(provider, "provider"); + Requires.NotNull(dataProvider, "dataProvider"); this.requestContext = requestContext; this.dataProvider = dataProvider; diff --git a/src/DotNetOpenAuth.AspNet/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.AspNet/Properties/AssemblyInfo.cs index 15b7d9e..f1b7f25 100644 --- a/src/DotNetOpenAuth.AspNet/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.AspNet/Properties/AssemblyInfo.cs @@ -13,15 +13,8 @@ using System.Runtime.InteropServices; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth.AspNet")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("Microsoft")] -[assembly: AssemblyProduct("DotNetOpenAuth.AspNet")] [assembly: AssemblyCopyright("Copyright © Microsoft 2011")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.BuildTasks/DotNetOpenAuth.BuildTasks.sln b/src/DotNetOpenAuth.BuildTasks/DotNetOpenAuth.BuildTasks.sln index 76f9103..f749f1b 100644 --- a/src/DotNetOpenAuth.BuildTasks/DotNetOpenAuth.BuildTasks.sln +++ b/src/DotNetOpenAuth.BuildTasks/DotNetOpenAuth.BuildTasks.sln @@ -1,6 +1,6 @@ -Microsoft Visual Studio Solution File, Format Version 11.00 -# Visual Studio 2010 +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 2012 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{ABBE14A3-0404-4123-9093-E598C3DD3E9B}" ProjectSection(SolutionItems) = preProject ..\..\build.proj = ..\..\build.proj @@ -42,6 +42,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "NuGet", "NuGet", "{D49E2011 ..\..\nuget\DotNetOpenAuth.OAuth2.AuthorizationServer.nuspec = ..\..\nuget\DotNetOpenAuth.OAuth2.AuthorizationServer.nuspec ..\..\nuget\DotNetOpenAuth.OAuth2.Client.nuspec = ..\..\nuget\DotNetOpenAuth.OAuth2.Client.nuspec ..\..\nuget\DotNetOpenAuth.OAuth2.Client.UI.nuspec = ..\..\nuget\DotNetOpenAuth.OAuth2.Client.UI.nuspec + ..\..\nuget\DotNetOpenAuth.OAuth2.ClientAuthorization.nuspec = ..\..\nuget\DotNetOpenAuth.OAuth2.ClientAuthorization.nuspec ..\..\nuget\DotNetOpenAuth.OAuth2.Core.nuspec = ..\..\nuget\DotNetOpenAuth.OAuth2.Core.nuspec ..\..\nuget\DotNetOpenAuth.OAuth2.ResourceServer.nuspec = ..\..\nuget\DotNetOpenAuth.OAuth2.ResourceServer.nuspec ..\..\nuget\DotNetOpenAuth.OpenId.Core.nuspec = ..\..\nuget\DotNetOpenAuth.OpenId.Core.nuspec diff --git a/src/DotNetOpenAuth.Core.UI/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.Core.UI/Properties/AssemblyInfo.cs index c383749..4eb88a3 100644 --- a/src/DotNetOpenAuth.Core.UI/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.Core.UI/Properties/AssemblyInfo.cs @@ -22,15 +22,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.Core/Configuration/DotNetOpenAuth.xsd b/src/DotNetOpenAuth.Core/Configuration/DotNetOpenAuth.xsd index 74d4db4..8a970f4 100644 --- a/src/DotNetOpenAuth.Core/Configuration/DotNetOpenAuth.xsd +++ b/src/DotNetOpenAuth.Core/Configuration/DotNetOpenAuth.xsd @@ -475,6 +475,11 @@ </xs:complexType> </xs:element> <xs:element name="discoveryServices"> + <xs:annotation> + <xs:documentation> + Adds or removes OpenID discovery mechanisms to use on OpenID identifiers. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="add"> @@ -502,6 +507,24 @@ </xs:choice> </xs:complexType> </xs:element> + <xs:element name="hostMetaDiscovery"> + <xs:annotation> + <xs:documentation> + Customizes the non-standard host-meta discovery process, when that discovery service is enabled. + </xs:documentation> + </xs:annotation> + <xs:complexType> + <xs:attribute name="enableCertificateValidationCache" type="xs:boolean" default="false"> + <xs:annotation> + <xs:documentation> + Allows DotNetOpenAuth to remember X509Certificates that it has already verified are valid + to avoid validating them each time. Use when operating on a server with long delays when + validating certificates. + </xs:documentation> + </xs:annotation> + </xs:attribute> + </xs:complexType> + </xs:element> <xs:element name="store"> <xs:annotation> <xs:documentation> diff --git a/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj b/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj index 5e079a0..eb38711 100644 --- a/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj +++ b/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj @@ -29,6 +29,7 @@ <Compile Include="Messaging\CachedDirectWebResponse.cs" /> <Compile Include="Messaging\ChannelContract.cs" /> <Compile Include="Messaging\DataBagFormatterBase.cs" /> + <Compile Include="Messaging\HmacAlgorithms.cs" /> <Compile Include="Messaging\HttpRequestHeaders.cs" /> <Compile Include="Messaging\IHttpDirectRequest.cs" /> <Compile Include="Messaging\IHttpDirectRequestContract.cs" /> diff --git a/src/DotNetOpenAuth.Core/Loggers/TraceLogger.cs b/src/DotNetOpenAuth.Core/Loggers/TraceLogger.cs index 9b0bb0f..1b80c7d 100644 --- a/src/DotNetOpenAuth.Core/Loggers/TraceLogger.cs +++ b/src/DotNetOpenAuth.Core/Loggers/TraceLogger.cs @@ -77,210 +77,270 @@ namespace DotNetOpenAuth.Loggers { /// See <see cref="ILog"/>. /// </summary> public void Debug(object message) { - Trace.TraceInformation(message.ToString()); + if (this.IsDebugEnabled) { + Trace.TraceInformation(message.ToString()); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void Debug(object message, Exception exception) { - Trace.TraceInformation(message + ": " + exception.ToString()); + if (this.IsDebugEnabled) { + Trace.TraceInformation(message + ": " + exception.ToString()); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void DebugFormat(string format, params object[] args) { - Trace.TraceInformation(format, args); + if (this.IsDebugEnabled) { + Trace.TraceInformation(format, args); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void DebugFormat(string format, object arg0) { - Trace.TraceInformation(format, arg0); + if (this.IsDebugEnabled) { + Trace.TraceInformation(format, arg0); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void DebugFormat(string format, object arg0, object arg1) { - Trace.TraceInformation(format, arg0, arg1); + if (this.IsDebugEnabled) { + Trace.TraceInformation(format, arg0, arg1); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void DebugFormat(string format, object arg0, object arg1, object arg2) { - Trace.TraceInformation(format, arg0, arg1, arg2); + if (this.IsDebugEnabled) { + Trace.TraceInformation(format, arg0, arg1, arg2); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void Info(object message) { - Trace.TraceInformation(message.ToString()); + if (this.IsInfoEnabled) { + Trace.TraceInformation(message.ToString()); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void Info(object message, Exception exception) { - Trace.TraceInformation(message + ": " + exception.ToString()); + if (this.IsInfoEnabled) { + Trace.TraceInformation(message + ": " + exception.ToString()); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void InfoFormat(string format, params object[] args) { - Trace.TraceInformation(format, args); + if (this.IsInfoEnabled) { + Trace.TraceInformation(format, args); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void InfoFormat(string format, object arg0) { - Trace.TraceInformation(format, arg0); + if (this.IsInfoEnabled) { + Trace.TraceInformation(format, arg0); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void InfoFormat(string format, object arg0, object arg1) { - Trace.TraceInformation(format, arg0, arg1); + if (this.IsInfoEnabled) { + Trace.TraceInformation(format, arg0, arg1); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void InfoFormat(string format, object arg0, object arg1, object arg2) { - Trace.TraceInformation(format, arg0, arg1, arg2); + if (this.IsInfoEnabled) { + Trace.TraceInformation(format, arg0, arg1, arg2); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void Warn(object message) { - Trace.TraceWarning(message.ToString()); + if (this.IsWarnEnabled) { + Trace.TraceWarning(message.ToString()); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void Warn(object message, Exception exception) { - Trace.TraceWarning(message + ": " + exception.ToString()); + if (this.IsWarnEnabled) { + Trace.TraceWarning(message + ": " + exception.ToString()); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void WarnFormat(string format, params object[] args) { - Trace.TraceWarning(format, args); + if (this.IsWarnEnabled) { + Trace.TraceWarning(format, args); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void WarnFormat(string format, object arg0) { - Trace.TraceWarning(format, arg0); + if (this.IsWarnEnabled) { + Trace.TraceWarning(format, arg0); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void WarnFormat(string format, object arg0, object arg1) { - Trace.TraceWarning(format, arg0, arg1); + if (this.IsWarnEnabled) { + Trace.TraceWarning(format, arg0, arg1); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void WarnFormat(string format, object arg0, object arg1, object arg2) { - Trace.TraceWarning(format, arg0, arg1, arg2); + if (this.IsWarnEnabled) { + Trace.TraceWarning(format, arg0, arg1, arg2); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void Error(object message) { - Trace.TraceError(message.ToString()); + if (this.IsErrorEnabled) { + Trace.TraceError(message.ToString()); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void Error(object message, Exception exception) { - Trace.TraceError(message + ": " + exception.ToString()); + if (this.IsErrorEnabled) { + Trace.TraceError(message + ": " + exception.ToString()); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void ErrorFormat(string format, params object[] args) { - Trace.TraceError(format, args); + if (this.IsErrorEnabled) { + Trace.TraceError(format, args); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void ErrorFormat(string format, object arg0) { - Trace.TraceError(format, arg0); + if (this.IsErrorEnabled) { + Trace.TraceError(format, arg0); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void ErrorFormat(string format, object arg0, object arg1) { - Trace.TraceError(format, arg0, arg1); + if (this.IsErrorEnabled) { + Trace.TraceError(format, arg0, arg1); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void ErrorFormat(string format, object arg0, object arg1, object arg2) { - Trace.TraceError(format, arg0, arg1, arg2); + if (this.IsErrorEnabled) { + Trace.TraceError(format, arg0, arg1, arg2); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void Fatal(object message) { - Trace.TraceError(message.ToString()); + if (this.IsFatalEnabled) { + Trace.TraceError(message.ToString()); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void Fatal(object message, Exception exception) { - Trace.TraceError(message + ": " + exception.ToString()); + if (this.IsFatalEnabled) { + Trace.TraceError(message + ": " + exception.ToString()); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void FatalFormat(string format, params object[] args) { - Trace.TraceError(format, args); + if (this.IsFatalEnabled) { + Trace.TraceError(format, args); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void FatalFormat(string format, object arg0) { - Trace.TraceError(format, arg0); + if (this.IsFatalEnabled) { + Trace.TraceError(format, arg0); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void FatalFormat(string format, object arg0, object arg1) { - Trace.TraceError(format, arg0, arg1); + if (this.IsFatalEnabled) { + Trace.TraceError(format, arg0, arg1); + } } /// <summary> /// See <see cref="ILog"/>. /// </summary> public void FatalFormat(string format, object arg0, object arg1, object arg2) { - Trace.TraceError(format, arg0, arg1, arg2); + if (this.IsFatalEnabled) { + Trace.TraceError(format, arg0, arg1, arg2); + } } #endregion diff --git a/src/DotNetOpenAuth.Core/Messaging/DataBagFormatterBase.cs b/src/DotNetOpenAuth.Core/Messaging/DataBagFormatterBase.cs index c9ceb81..69ee8dc 100644 --- a/src/DotNetOpenAuth.Core/Messaging/DataBagFormatterBase.cs +++ b/src/DotNetOpenAuth.Core/Messaging/DataBagFormatterBase.cs @@ -286,7 +286,7 @@ namespace DotNetOpenAuth.Messaging { Requires.NotNull(signature, "signature"); if (this.asymmetricSigning != null) { - using (var hasher = new SHA1CryptoServiceProvider()) { + using (var hasher = SHA1.Create()) { return this.asymmetricSigning.VerifyData(signedData, hasher, signature); } } else { @@ -309,13 +309,13 @@ namespace DotNetOpenAuth.Messaging { Contract.Ensures(Contract.Result<byte[]>() != null); if (this.asymmetricSigning != null) { - using (var hasher = new SHA1CryptoServiceProvider()) { + using (var hasher = SHA1.Create()) { return this.asymmetricSigning.SignData(bytesToSign, hasher); } } else { var key = this.cryptoKeyStore.GetKey(this.cryptoKeyBucket, symmetricSecretHandle); ErrorUtilities.VerifyProtocol(key != null, MessagingStrings.MissingDecryptionKeyForHandle, this.cryptoKeyBucket, symmetricSecretHandle); - using (var symmetricHasher = new HMACSHA256(key.Key)) { + using (var symmetricHasher = HmacAlgorithms.Create(HmacAlgorithms.HmacSha256, key.Key)) { return symmetricHasher.ComputeHash(bytesToSign); } } diff --git a/src/DotNetOpenAuth.Core/Messaging/HmacAlgorithms.cs b/src/DotNetOpenAuth.Core/Messaging/HmacAlgorithms.cs new file mode 100644 index 0000000..872b4ac --- /dev/null +++ b/src/DotNetOpenAuth.Core/Messaging/HmacAlgorithms.cs @@ -0,0 +1,60 @@ +//----------------------------------------------------------------------- +// <copyright file="HmacAlgorithms.cs" company="Outercurve Foundation"> +// Copyright (c) Outercurve Foundation. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Messaging { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Security.Cryptography; + using System.Text; + + /// <summary> + /// HMAC-SHA algorithm names that can be passed to the <see cref="HMAC.Create(string)"/> method. + /// </summary> + internal static class HmacAlgorithms { + /// <summary> + /// The name of the HMAC-SHA1 algorithm. + /// </summary> + internal const string HmacSha1 = "HMACSHA1"; + + /// <summary> + /// The name of the HMAC-SHA256 algorithm. + /// </summary> + internal const string HmacSha256 = "HMACSHA256"; + + /// <summary> + /// The name of the HMAC-SHA384 algorithm. + /// </summary> + internal const string HmacSha384 = "HMACSHA384"; + + /// <summary> + /// The name of the HMAC-SHA512 algorithm. + /// </summary> + internal const string HmacSha512 = "HMACSHA512"; + + /// <summary> + /// Creates an HMAC-SHA algorithm with the specified name and key. + /// </summary> + /// <param name="algorithmName">A name from the available choices in the static const members of this class.</param> + /// <param name="key">The secret key used as the HMAC.</param> + /// <returns>The HMAC algorithm instance.</returns> + internal static HMAC Create(string algorithmName, byte[] key) { + Requires.NotNullOrEmpty(algorithmName, "algorithmName"); + Requires.NotNull(key, "key"); + + HMAC hmac = HMAC.Create(algorithmName); + try { + hmac.Key = key; + return hmac; + } catch { +#if CLR4 + hmac.Dispose(); +#endif + throw; + } + } + } +} diff --git a/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs b/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs index f613dc5..4b4a3fe 100644 --- a/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs +++ b/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs @@ -13,6 +13,10 @@ namespace DotNetOpenAuth.Messaging { using System.Globalization; using System.IO; using System.Net; +#if CLR4 + using System.Net.Http; + using System.Net.Http.Headers; +#endif using System.Net.Mime; using System.ServiceModel.Channels; using System.Web; @@ -105,12 +109,33 @@ namespace DotNetOpenAuth.Messaging { this.requestUri = listenerRequest.Url; this.queryString = listenerRequest.QueryString; this.headers = listenerRequest.Headers; - this.form = ParseFormData(listenerRequest.HttpMethod, listenerRequest.Headers, listenerRequest.InputStream); + this.form = ParseFormData(listenerRequest.HttpMethod, listenerRequest.Headers, () => listenerRequest.InputStream); this.serverVariables = new NameValueCollection(); Reporting.RecordRequestStatistics(this); } +#if CLR4 + /// <summary> + /// Initializes a new instance of the <see cref="HttpRequestInfo" /> class. + /// </summary> + /// <param name="request">The request.</param> + internal HttpRequestInfo(HttpRequestMessage request) { + Requires.NotNull(request, "request"); + + this.httpMethod = request.Method.ToString(); + this.requestUri = request.RequestUri; + this.queryString = HttpUtility.ParseQueryString(request.RequestUri.Query); + this.headers = new NameValueCollection(); + AddHeaders(this.headers, request.Headers); + AddHeaders(this.headers, request.Content.Headers); + this.form = ParseFormData(this.httpMethod, this.headers, () => request.Content.ReadAsStreamAsync().Result); + this.serverVariables = new NameValueCollection(); + + Reporting.RecordRequestStatistics(this); + } +#endif + /// <summary> /// Initializes a new instance of the <see cref="HttpRequestInfo"/> class. /// </summary> @@ -126,7 +151,7 @@ namespace DotNetOpenAuth.Messaging { this.requestUri = requestUri; this.headers = headers; this.queryString = HttpUtility.ParseQueryString(requestUri.Query); - this.form = ParseFormData(httpMethod, headers, inputStream); + this.form = ParseFormData(httpMethod, headers, () => inputStream); this.serverVariables = new NameValueCollection(); Reporting.RecordRequestStatistics(this); @@ -200,6 +225,17 @@ namespace DotNetOpenAuth.Messaging { return new HttpRequestInfo(listenerRequest); } +#if CLR4 + /// <summary> + /// Creates an <see cref="HttpRequestBase"/> instance that describes the specified HTTP request. + /// </summary> + /// <param name="request">The HTTP request.</param> + /// <returns>An instance of <see cref="HttpRequestBase"/>.</returns> + public static HttpRequestBase Create(HttpRequestMessage request) { + return new HttpRequestInfo(request); + } +#endif + /// <summary> /// Creates an <see cref="HttpRequestBase"/> instance that describes the specified HTTP request. /// </summary> @@ -229,14 +265,15 @@ namespace DotNetOpenAuth.Messaging { /// </summary> /// <param name="httpMethod">The HTTP method.</param> /// <param name="headers">The headers.</param> - /// <param name="inputStream">The input stream.</param> + /// <param name="inputStreamFunc">A function that returns the input stream.</param> /// <returns>The non-null collection of form variables.</returns> - private static NameValueCollection ParseFormData(string httpMethod, NameValueCollection headers, Stream inputStream) { + private static NameValueCollection ParseFormData(string httpMethod, NameValueCollection headers, Func<Stream> inputStreamFunc) { Requires.NotNullOrEmpty(httpMethod, "httpMethod"); Requires.NotNull(headers, "headers"); ContentType contentType = string.IsNullOrEmpty(headers[HttpRequestHeaders.ContentType]) ? null : new ContentType(headers[HttpRequestHeaders.ContentType]); - if (inputStream != null && httpMethod == "POST" && contentType != null && string.Equals(contentType.MediaType, Channel.HttpFormUrlEncoded, StringComparison.Ordinal)) { + if (httpMethod == "POST" && contentType != null && string.Equals(contentType.MediaType, Channel.HttpFormUrlEncoded, StringComparison.Ordinal) && inputStreamFunc != null) { + var inputStream = inputStreamFunc(); var reader = new StreamReader(inputStream); long originalPosition = 0; if (inputStream.CanSeek) { @@ -252,5 +289,23 @@ namespace DotNetOpenAuth.Messaging { return new NameValueCollection(); } + +#if CLR4 + /// <summary> + /// Adds HTTP headers to a <see cref="NameValueCollection"/>. + /// </summary> + /// <param name="collectionToFill">The collection to be modified with added entries.</param> + /// <param name="headers">The collection to read from.</param> + private static void AddHeaders(NameValueCollection collectionToFill, HttpHeaders headers) { + Requires.NotNull(collectionToFill, "collectionToFill"); + Requires.NotNull(headers, "headers"); + + foreach (var header in headers) { + foreach (var value in header.Value) { + collectionToFill.Add(header.Key, value); + } + } + } +#endif } } diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs index 2d049c1..7c03555 100644 --- a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs +++ b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs @@ -15,6 +15,9 @@ namespace DotNetOpenAuth.Messaging { using System.IO.Compression; using System.Linq; using System.Net; +#if CLR4 + using System.Net.Http; +#endif using System.Net.Mime; using System.Runtime.Serialization.Json; using System.Security; @@ -161,6 +164,28 @@ namespace DotNetOpenAuth.Messaging { return new OutgoingWebResponseActionResult(response); } +#if CLR4 + /// <summary> + /// Transforms an OutgoingWebResponse to a Web API-friendly HttpResponseMessage. + /// </summary> + /// <param name="outgoingResponse">The response to send to the user agent.</param> + /// <returns>The <see cref="HttpResponseMessage"/> instance to be returned by the Web API method.</returns> + public static HttpResponseMessage AsHttpResponseMessage(this OutgoingWebResponse outgoingResponse) { + HttpResponseMessage response = new HttpResponseMessage(outgoingResponse.Status) { + Content = new StreamContent(outgoingResponse.ResponseStream) + }; + + var responseHeaders = outgoingResponse.Headers; + foreach (var header in responseHeaders.AllKeys) { + if (!response.Headers.TryAddWithoutValidation(header, responseHeaders[header])) { + response.Content.Headers.TryAddWithoutValidation(header, responseHeaders[header]); + } + } + + return response; + } +#endif + /// <summary> /// Gets the original request URL, as seen from the browser before any URL rewrites on the server if any. /// Cookieless session directory (if applicable) is also included. @@ -357,6 +382,28 @@ namespace DotNetOpenAuth.Messaging { } /// <summary> + /// Creates the XML reader settings to use for reading XML from untrusted sources. + /// </summary> + /// <returns> + /// The new instance of <see cref="XmlReaderSettings"/>. + /// </returns> + /// <remarks> + /// The default values set here are based on recommendations from + /// http://msdn.microsoft.com/en-us/magazine/ee335713.aspx + /// </remarks> + internal static XmlReaderSettings CreateUntrustedXmlReaderSettings() { + return new XmlReaderSettings { + MaxCharactersFromEntities = 1024, + XmlResolver = null, +#if CLR4 + DtdProcessing = DtdProcessing.Prohibit, +#else + ProhibitDtd = true, +#endif + }; + } + + /// <summary> /// Clears any existing elements in a collection and fills the collection with a given set of values. /// </summary> /// <typeparam name="T">The type of value kept in the collection.</typeparam> diff --git a/src/DotNetOpenAuth.Core/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.Core/Properties/AssemblyInfo.cs index 91d27f5..21cbb94 100644 --- a/src/DotNetOpenAuth.Core/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.Core/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.InfoCard.UI/InfoCard/InfoCardSelector.cs b/src/DotNetOpenAuth.InfoCard.UI/InfoCard/InfoCardSelector.cs index c4563f2..3862e39 100644 --- a/src/DotNetOpenAuth.InfoCard.UI/InfoCard/InfoCardSelector.cs +++ b/src/DotNetOpenAuth.InfoCard.UI/InfoCard/InfoCardSelector.cs @@ -688,7 +688,7 @@ namespace DotNetOpenAuth.InfoCard { script.AppendLine(CreateParamJs("privacyVersion", this.PrivacyVersion)); } - script.AppendLine(@"if (document.infoCard.isSupported()) { document.write(obj.outerHTML); } + script.AppendLine(@"if (document.infoCard.isSupported()) { document.getElementsByTagName('head')[0].appendChild(obj); } }"); this.Page.ClientScript.RegisterClientScriptBlock(typeof(InfoCardSelector), this.ClientID + "tag", script.ToString(), true); diff --git a/src/DotNetOpenAuth.InfoCard.UI/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.InfoCard.UI/Properties/AssemblyInfo.cs index 178c77a..69b7345 100644 --- a/src/DotNetOpenAuth.InfoCard.UI/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.InfoCard.UI/Properties/AssemblyInfo.cs @@ -22,15 +22,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth InfoCard")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs b/src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs index 5526bfd..0660ec7 100644 --- a/src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs +++ b/src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs @@ -51,7 +51,8 @@ namespace DotNetOpenAuth.InfoCard { string decryptedString; using (StringReader xmlReader = new StringReader(tokenXml)) { - using (XmlReader tokenReader = XmlReader.Create(xmlReader)) { + var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings(); + using (XmlReader tokenReader = XmlReader.Create(xmlReader, readerSettings)) { Contract.Assume(tokenReader != null); // BCL contract should say XmlReader.Create result != null if (IsEncrypted(tokenReader)) { Logger.InfoCard.DebugFormat("Incoming SAML token, before decryption: {0}", tokenXml); @@ -206,7 +207,8 @@ namespace DotNetOpenAuth.InfoCard { var stringReader = new StringReader(tokenXml); XmlReader tokenReader; try { - tokenReader = XmlReader.Create(stringReader); + var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings(); + tokenReader = XmlReader.Create(stringReader, readerSettings); } catch { stringReader.Dispose(); throw; diff --git a/src/DotNetOpenAuth.InfoCard/InfoCard/Token/TokenUtility.cs b/src/DotNetOpenAuth.InfoCard/InfoCard/Token/TokenUtility.cs index e50cafd..8b9eef8 100644 --- a/src/DotNetOpenAuth.InfoCard/InfoCard/Token/TokenUtility.cs +++ b/src/DotNetOpenAuth.InfoCard/InfoCard/Token/TokenUtility.cs @@ -123,7 +123,7 @@ namespace DotNetOpenAuth.InfoCard { ICspAsymmetricAlgorithm rsa = claim.Resource as ICspAsymmetricAlgorithm; if (null != rsa) { - using (SHA256 sha = new SHA256Managed()) { + using (SHA256 sha = SHA256.Create()) { return Convert.ToBase64String(sha.ComputeHash(rsa.ExportCspBlob(false))); } } diff --git a/src/DotNetOpenAuth.InfoCard/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.InfoCard/Properties/AssemblyInfo.cs index 8f1bd23..e9f2c20 100644 --- a/src/DotNetOpenAuth.InfoCard/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.InfoCard/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth InfoCard")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth.Common/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth.Common/Properties/AssemblyInfo.cs index 08c3ec2..759bd3f 100644 --- a/src/DotNetOpenAuth.OAuth.Common/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth.Common/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth.Consumer/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth.Consumer/Properties/AssemblyInfo.cs index 026bb60..6c9e910 100644 --- a/src/DotNetOpenAuth.OAuth.Consumer/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth.Consumer/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OAuth")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth.Consumer/Properties/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth.Consumer/Properties/Properties/AssemblyInfo.cs index cf7bb52..bfbaf4d 100644 --- a/src/DotNetOpenAuth.OAuth.Consumer/Properties/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth.Consumer/Properties/Properties/AssemblyInfo.cs @@ -22,15 +22,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OAuth")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth.ServiceProvider/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth.ServiceProvider/Properties/AssemblyInfo.cs index d583099..aa99a01 100644 --- a/src/DotNetOpenAuth.OAuth.ServiceProvider/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth.ServiceProvider/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OAuth")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/HmacSha1SigningBindingElement.cs b/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/HmacSha1SigningBindingElement.cs index 64e8a77..ee05614 100644 --- a/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/HmacSha1SigningBindingElement.cs +++ b/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/HmacSha1SigningBindingElement.cs @@ -34,7 +34,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements { [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "False positive.")] protected override string GetSignature(ITamperResistantOAuthMessage message) { string key = GetConsumerAndTokenSecretString(message); - using (HashAlgorithm hasher = new HMACSHA1(Encoding.ASCII.GetBytes(key))) { + using (var hasher = HmacAlgorithms.Create(HmacAlgorithms.HmacSha1, Encoding.ASCII.GetBytes(key))) { string baseString = ConstructSignatureBaseString(message, this.Channel.MessageDescriptions.GetAccessor(message)); byte[] digest = hasher.ComputeHash(Encoding.ASCII.GetBytes(baseString)); return Convert.ToBase64String(digest); diff --git a/src/DotNetOpenAuth.OAuth/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth/Properties/AssemblyInfo.cs index 7f63d1b..465f646 100644 --- a/src/DotNetOpenAuth.OAuth/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth/Properties/AssemblyInfo.cs @@ -22,15 +22,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OAuth")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthorizationCode.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthorizationCode.cs index 853a629..08da8d2 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthorizationCode.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthorizationCode.cs @@ -110,7 +110,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { return null; } - using (var hasher = new SHA256Managed()) { + using (var hasher = SHA256.Create()) { return hasher.ComputeHash(Encoding.UTF8.GetBytes(callback.AbsoluteUri)); } } diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs index 80b843a..27b71db 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs @@ -122,7 +122,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { try { string canonicalUserName; if (this.AuthorizationServer.TryAuthorizeResourceOwnerCredentialGrant(resourceOwnerPasswordCarrier.UserName, resourceOwnerPasswordCarrier.Password, resourceOwnerPasswordCarrier, out canonicalUserName)) { - ErrorUtilities.VerifyHost(!string.IsNullOrEmpty(canonicalUserName), "IsResourceOwnerCredentialValid did not initialize out parameter."); + ErrorUtilities.VerifyHost(!string.IsNullOrEmpty(canonicalUserName), "TryAuthorizeResourceOwnerCredentialGrant did not initialize out parameter."); resourceOwnerPasswordCarrier.CredentialsValidated = true; resourceOwnerPasswordCarrier.UserName = canonicalUserName; } else { diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/Properties/AssemblyInfo.cs index 1227c7b..397b35d 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OAuth 2.0")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth2.Client.UI/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth2.Client.UI/Properties/AssemblyInfo.cs index 1227c7b..397b35d 100644 --- a/src/DotNetOpenAuth.OAuth2.Client.UI/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth2.Client.UI/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OAuth 2.0")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj b/src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj index e72ee1a..e595df2 100644 --- a/src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj +++ b/src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj @@ -21,6 +21,7 @@ <Compile Include="Configuration\OAuth2ClientSection.cs" /> <Compile Include="OAuth2\AuthorizationServerDescription.cs" /> <Compile Include="OAuth2\AuthorizationState.cs" /> + <Compile Include="OAuth2\BearerTokenHttpMessageHandler.cs" /> <Compile Include="OAuth2\ChannelElements\IOAuth2ChannelWithClient.cs" /> <Compile Include="OAuth2\ChannelElements\OAuth2ClientChannel.cs" /> <Compile Include="OAuth2\ClientCredentialApplicator.cs" /> diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/BearerTokenHttpMessageHandler.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/BearerTokenHttpMessageHandler.cs new file mode 100644 index 0000000..6b2e937 --- /dev/null +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/BearerTokenHttpMessageHandler.cs @@ -0,0 +1,93 @@ +//----------------------------------------------------------------------- +// <copyright file="BearerTokenHttpMessageHandler.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +#if CLR4 +namespace DotNetOpenAuth.OAuth2 { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Net.Http; + using System.Net.Http.Headers; + using System.Text; + using System.Threading; + using System.Threading.Tasks; + using DotNetOpenAuth.Messaging; + + /// <summary> + /// An <see cref="HttpMessageHandler"/> that applies a bearer token to each outbound HTTP request. + /// </summary> + internal class BearerTokenHttpMessageHandler : DelegatingHandler { + /// <summary> + /// Initializes a new instance of the <see cref="BearerTokenHttpMessageHandler" /> class. + /// </summary> + /// <param name="bearerToken">The bearer token.</param> + /// <param name="innerHandler">The inner handler.</param> + public BearerTokenHttpMessageHandler(string bearerToken, HttpMessageHandler innerHandler) + : base(innerHandler) { + Requires.NotNullOrEmpty(bearerToken, "bearerToken"); + this.BearerToken = bearerToken; + } + + /// <summary> + /// Initializes a new instance of the <see cref="BearerTokenHttpMessageHandler" /> class. + /// </summary> + /// <param name="client">The client associated with the authorization.</param> + /// <param name="authorization">The authorization.</param> + /// <param name="innerHandler">The inner handler.</param> + public BearerTokenHttpMessageHandler(ClientBase client, IAuthorizationState authorization, HttpMessageHandler innerHandler) + : base(innerHandler) { + Requires.NotNull(client, "client"); + Requires.NotNull(authorization, "authorization"); + Requires.True(!string.IsNullOrEmpty(authorization.AccessToken), "authorization.AccessToken"); + this.Client = client; + this.Authorization = authorization; + } + + /// <summary> + /// Gets the bearer token. + /// </summary> + /// <value> + /// The bearer token. + /// </value> + internal string BearerToken { get; private set; } + + /// <summary> + /// Gets the authorization. + /// </summary> + internal IAuthorizationState Authorization { get; private set; } + + /// <summary> + /// Gets the OAuth 2 client associated with the <see cref="Authorization"/>. + /// </summary> + internal ClientBase Client { get; private set; } + + /// <summary> + /// Sends an HTTP request to the inner handler to send to the server as an asynchronous operation. + /// </summary> + /// <param name="request">The HTTP request message to send to the server.</param> + /// <param name="cancellationToken">A cancellation token to cancel operation.</param> + /// <returns> + /// Returns <see cref="T:System.Threading.Tasks.Task`1" />. The task object representing the asynchronous operation. + /// </returns> + protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { + string bearerToken = this.BearerToken; + if (bearerToken == null) { + ErrorUtilities.VerifyProtocol(!this.Authorization.AccessTokenExpirationUtc.HasValue || this.Authorization.AccessTokenExpirationUtc < DateTime.UtcNow || this.Authorization.RefreshToken != null, ClientStrings.AuthorizationExpired); + + if (this.Authorization.AccessTokenExpirationUtc.HasValue && this.Authorization.AccessTokenExpirationUtc.Value < DateTime.UtcNow) { + ErrorUtilities.VerifyProtocol(this.Authorization.RefreshToken != null, ClientStrings.AccessTokenRefreshFailed); + this.Client.RefreshAuthorization(this.Authorization); + } + + bearerToken = this.Authorization.AccessToken; + } + + request.Headers.Authorization = new AuthenticationHeaderValue(Protocol.BearerHttpAuthorizationScheme, bearerToken); + return base.SendAsync(request, cancellationToken); + } + } +} +#endif
\ No newline at end of file diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs index 5f377ae..c983f8c 100644 --- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs @@ -11,6 +11,9 @@ namespace DotNetOpenAuth.OAuth2 { using System.Globalization; using System.Linq; using System.Net; +#if CLR4 + using System.Net.Http; +#endif using System.Security; using System.Text; using DotNetOpenAuth.Messaging; @@ -107,6 +110,32 @@ namespace DotNetOpenAuth.OAuth2 { AuthorizeRequest(request, authorization.AccessToken); } +#if CLR4 + /// <summary> + /// Creates an HTTP handler that automatically applies an OAuth 2 (bearer) access token to outbound HTTP requests. + /// The result of this method can be supplied to the <see cref="HttpClient(HttpMessageHandler)"/> constructor. + /// </summary> + /// <param name="bearerAccessToken">The bearer token to apply to each outbound HTTP message.</param> + /// <param name="innerHandler">The inner HTTP handler to use. The default uses <see cref="HttpClientHandler"/> as the inner handler.</param> + /// <returns>An <see cref="HttpMessageHandler"/> instance.</returns> + public DelegatingHandler CreateAuthorizingHandler(string bearerAccessToken, HttpMessageHandler innerHandler = null) { + Requires.NotNullOrEmpty(bearerAccessToken, "bearerAccessToken"); + return new BearerTokenHttpMessageHandler(bearerAccessToken, innerHandler ?? new HttpClientHandler()); + } + + /// <summary> + /// Creates an HTTP handler that automatically applies the OAuth 2 access token to outbound HTTP requests. + /// The result of this method can be supplied to the <see cref="HttpClient(HttpMessageHandler)"/> constructor. + /// </summary> + /// <param name="authorization">The authorization to apply to the message.</param> + /// <param name="innerHandler">The inner HTTP handler to use. The default uses <see cref="HttpClientHandler"/> as the inner handler.</param> + /// <returns>An <see cref="HttpMessageHandler"/> instance.</returns> + public DelegatingHandler CreateAuthorizingHandler(IAuthorizationState authorization, HttpMessageHandler innerHandler = null) { + Requires.NotNull(authorization, "authorization"); + return new BearerTokenHttpMessageHandler(this, authorization, innerHandler ?? new HttpClientHandler()); + } +#endif + /// <summary> /// Refreshes a short-lived access token using a longer-lived refresh token /// with a new access token that has the same scope as the refresh token. diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientCredentialApplicator.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientCredentialApplicator.cs index 415c893..cc4e45f 100644 --- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientCredentialApplicator.cs +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientCredentialApplicator.cs @@ -127,8 +127,12 @@ namespace DotNetOpenAuth.OAuth2 { /// <param name="request">The outbound message to apply authentication information to.</param> public override void ApplyClientCredential(string clientIdentifier, HttpWebRequest request) { if (clientIdentifier != null) { - if (this.credential != null && this.credential.UserName == clientIdentifier) { - ErrorUtilities.VerifyHost(false, "Client identifiers \"{0}\" and \"{1}\" do not match.", this.credential.UserName, clientIdentifier); + if (this.credential != null) { + ErrorUtilities.VerifyHost( + string.Equals(this.credential.UserName, clientIdentifier, StringComparison.Ordinal), + "Client identifiers \"{0}\" and \"{1}\" do not match.", + this.credential.UserName, + clientIdentifier); } request.Credentials = this.credential ?? new NetworkCredential(clientIdentifier, this.clientSecret); diff --git a/src/DotNetOpenAuth.OAuth2.Client/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth2.Client/Properties/AssemblyInfo.cs index 1227c7b..397b35d 100644 --- a/src/DotNetOpenAuth.OAuth2.Client/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth2.Client/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OAuth 2.0")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/Properties/AssemblyInfo.cs index d536886..3d9e231 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OAuth 2.0")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs index cd0fb55..896588f 100644 --- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs +++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs @@ -11,6 +11,9 @@ namespace DotNetOpenAuth.OAuth2 { using System.Diagnostics.Contracts; using System.Linq; using System.Net; +#if CLR4 + using System.Net.Http; +#endif using System.Security.Principal; using System.ServiceModel.Channels; using System.Text; @@ -126,6 +129,25 @@ namespace DotNetOpenAuth.OAuth2 { } } +#if CLR4 + /// <summary> + /// Discovers what access the client should have considering the access token in the current request. + /// </summary> + /// <param name="request">The HTTP request message.</param> + /// <param name="requiredScopes">The set of scopes required to approve this request.</param> + /// <returns> + /// The access token describing the authorization the client has. Never <c>null</c>. + /// </returns> + /// <exception cref="ProtocolFaultResponseException"> + /// Thrown when the client is not authorized. This exception should be caught and the + /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client. + /// </exception> + public virtual AccessToken GetAccessToken(HttpRequestMessage request, params string[] requiredScopes) { + Requires.NotNull(request, "request"); + return this.GetAccessToken(new HttpRequestInfo(request), requiredScopes); + } +#endif + /// <summary> /// Discovers what access the client should have considering the access token in the current request. /// </summary> @@ -174,5 +196,24 @@ namespace DotNetOpenAuth.OAuth2 { return this.GetPrincipal(new HttpRequestInfo(request, requestUri), requiredScopes); } + +#if CLR4 + /// <summary> + /// Discovers what access the client should have considering the access token in the current request. + /// </summary> + /// <param name="request">HTTP details from an incoming HTTP request message.</param> + /// <param name="requiredScopes">The set of scopes required to approve this request.</param> + /// <returns> + /// The principal that contains the user and roles that the access token is authorized for. Never <c>null</c>. + /// </returns> + /// <exception cref="ProtocolFaultResponseException"> + /// Thrown when the client is not authorized. This exception should be caught and the + /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client. + /// </exception> + public IPrincipal GetPrincipal(HttpRequestMessage request, params string[] requiredScopes) { + Requires.NotNull(request, "request"); + return this.GetPrincipal(new HttpRequestInfo(request), requiredScopes); + } +#endif } } diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/Properties/AssemblyInfo.cs index 1227c7b..397b35d 100644 --- a/src/DotNetOpenAuth.OAuth2.ResourceServer/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OAuth 2.0")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OAuth2/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth2/Properties/AssemblyInfo.cs index 26b1318..d89d8c1 100644 --- a/src/DotNetOpenAuth.OAuth2/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OAuth2/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OAuth 2.0")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OpenId.Provider.UI/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OpenId.Provider.UI/Properties/AssemblyInfo.cs index 5e905bc..f05fec0 100644 --- a/src/DotNetOpenAuth.OpenId.Provider.UI/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OpenId.Provider.UI/Properties/AssemblyInfo.cs @@ -22,15 +22,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OpenID")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OpenId.Provider/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OpenId.Provider/Properties/AssemblyInfo.cs index 2db1016..397b35d 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OpenID")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty.UI/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OpenId.RelyingParty.UI/Properties/AssemblyInfo.cs index 495c621..5ea4ad7 100644 --- a/src/DotNetOpenAuth.OpenId.RelyingParty.UI/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OpenId.RelyingParty.UI/Properties/AssemblyInfo.cs @@ -22,15 +22,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OpenID")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/HostMetaDiscoveryService.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/HostMetaDiscoveryService.cs index 450f9e0..7336275 100644 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/HostMetaDiscoveryService.cs +++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/HostMetaDiscoveryService.cs @@ -7,6 +7,7 @@ namespace DotNetOpenAuth.OpenId { using System; using System.Collections.Generic; + using System.Collections.ObjectModel; using System.Diagnostics.CodeAnalysis; using System.Diagnostics.Contracts; using System.Globalization; @@ -21,6 +22,7 @@ namespace DotNetOpenAuth.OpenId { using System.Text.RegularExpressions; using System.Xml; using System.Xml.XPath; + using DotNetOpenAuth.Configuration; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OpenId.RelyingParty; using DotNetOpenAuth.Xrds; @@ -53,6 +55,11 @@ namespace DotNetOpenAuth.OpenId { private static readonly Regex HostMetaLink = new Regex(@"^Link: <(?<location>.+?)>; rel=""describedby http://reltype.google.com/openid/xrd-op""; type=""application/xrds\+xml""$"); /// <summary> + /// A set of certificate thumbprints that have been verified. + /// </summary> + private static readonly HashSet<string> ApprovedCertificateThumbprintCache = new HashSet<string>(StringComparer.Ordinal); + + /// <summary> /// Initializes a new instance of the <see cref="HostMetaDiscoveryService"/> class. /// </summary> public HostMetaDiscoveryService() { @@ -113,7 +120,8 @@ namespace DotNetOpenAuth.OpenId { using (var response = GetXrdsResponse(uriIdentifier, requestHandler, out signingHost)) { if (response != null) { try { - var document = new XrdsDocument(XmlReader.Create(response.ResponseStream)); + var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings(); + var document = new XrdsDocument(XmlReader.Create(response.ResponseStream, readerSettings)); ValidateXmlDSig(document, uriIdentifier, response, signingHost); var xrds = GetXrdElements(document, uriIdentifier.Uri.Host); @@ -189,7 +197,8 @@ namespace DotNetOpenAuth.OpenId { string nextAuthority = nextAuthorityNode != null ? nextAuthorityNode.Value.Trim() : identifier.Uri.Host; try { using (var externalXrdsResponse = GetXrdsResponse(identifier, requestHandler, externalLocation)) { - XrdsDocument externalXrds = new XrdsDocument(XmlReader.Create(externalXrdsResponse.ResponseStream)); + var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings(); + XrdsDocument externalXrds = new XrdsDocument(XmlReader.Create(externalXrdsResponse.ResponseStream, readerSettings)); ValidateXmlDSig(externalXrds, identifier, externalXrdsResponse, nextAuthority); results.AddRange(GetXrdElements(externalXrds, identifier).CreateServiceEndpoints(identifier, identifier)); } @@ -232,21 +241,7 @@ namespace DotNetOpenAuth.OpenId { ErrorUtilities.VerifyProtocol(certNodes.Count > 0, OpenIdStrings.MissingElement, "X509Certificate"); var certs = certNodes.Cast<XPathNavigator>().Select(n => new X509Certificate2(Convert.FromBase64String(n.Value.Trim()))).ToList(); - // Verify that we trust the signer of the certificates. - // Start by trying to validate just the certificate used to sign the XRDS document, - // since we can do that with partial trust. - Logger.OpenId.Debug("Verifying that we trust the certificate used to sign the discovery document."); - if (!certs[0].Verify()) { - // We couldn't verify just the signing certificate, so try to verify the whole certificate chain. - try { - Logger.OpenId.Debug("Verifying the whole certificate chain."); - VerifyCertChain(certs); - Logger.OpenId.Debug("Certificate chain verified."); - } catch (SecurityException) { - Logger.Yadis.Warn("Signing certificate verification failed and we have insufficient code access security permissions to perform certificate chain validation."); - ErrorUtilities.ThrowProtocol(OpenIdStrings.X509CertificateNotTrusted); - } - } + VerifyCertificateChain(certs); // Verify that the certificate is issued to the host on whom we are performing discovery. string hostName = certs[0].GetNameInfo(X509NameType.DnsName, false); @@ -272,8 +267,9 @@ namespace DotNetOpenAuth.OpenId { /// an alternative plan. /// </remarks> /// <exception cref="ProtocolException">Thrown if the certificate chain is invalid or unverifiable.</exception> - [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "DotNetOpenAuth.Messaging.ErrorUtilities.ThrowProtocol(System.String,System.Object[])", Justification = "The localized portion is a string resource already."), SuppressMessage("Microsoft.Security", "CA2122:DoNotIndirectlyExposeMethodsWithLinkDemands", Justification = "By design")] - private static void VerifyCertChain(List<X509Certificate2> certs) { + [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "DotNetOpenAuth.Messaging.ErrorUtilities.ThrowProtocol(System.String,System.Object[])", Justification = "The localized portion is a string resource already.")] + [SuppressMessage("Microsoft.Security", "CA2122:DoNotIndirectlyExposeMethodsWithLinkDemands", Justification = "By design")] + private static void VerifyCertChain(IEnumerable<X509Certificate2> certs) { var chain = new X509Chain(); foreach (var cert in certs) { chain.Build(cert); @@ -317,6 +313,48 @@ namespace DotNetOpenAuth.OpenId { } /// <summary> + /// Verifies that a certificate chain is trusted. + /// </summary> + /// <param name="certificates">The chain of certificates to verify.</param> + private static void VerifyCertificateChain(IList<X509Certificate2> certificates) { + Contract.Requires(certificates.Count > 0); + Contract.Requires(certificates.All(c => c != null)); + + // Before calling into the OS to validate the certificate, since that can for some bizzare reason hang for 5 seconds + // on some systems, check a cache of previously verified certificates first. + if (OpenIdElement.Configuration.RelyingParty.HostMetaDiscovery.EnableCertificateValidationCache) { + lock (ApprovedCertificateThumbprintCache) { + // HashSet<T> isn't thread-safe. + if (ApprovedCertificateThumbprintCache.Contains(certificates[0].Thumbprint)) { + return; + } + } + } + + // Verify that we trust the signer of the certificates. + // Start by trying to validate just the certificate used to sign the XRDS document, + // since we can do that with partial trust. + Logger.OpenId.Debug("Verifying that we trust the certificate used to sign the discovery document."); + if (!certificates[0].Verify()) { + // We couldn't verify just the signing certificate, so try to verify the whole certificate chain. + try { + Logger.OpenId.Debug("Verifying the whole certificate chain."); + VerifyCertChain(certificates); + Logger.OpenId.Debug("Certificate chain verified."); + } catch (SecurityException) { + Logger.Yadis.Warn("Signing certificate verification failed and we have insufficient code access security permissions to perform certificate chain validation."); + ErrorUtilities.ThrowProtocol(OpenIdStrings.X509CertificateNotTrusted); + } + } + + if (OpenIdElement.Configuration.RelyingParty.HostMetaDiscovery.EnableCertificateValidationCache) { + lock (ApprovedCertificateThumbprintCache) { + ApprovedCertificateThumbprintCache.Add(certificates[0].Thumbprint); + } + } + } + + /// <summary> /// Gets the XRDS HTTP response for a given identifier. /// </summary> /// <param name="identifier">The identifier.</param> diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/Properties/AssemblyInfo.cs index 6741077..4d35e76 100644 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OpenId.RelyingParty/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OpenID")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OpenId.UI/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OpenId.UI/Properties/AssemblyInfo.cs index 8b1ae74..a488d1d 100644 --- a/src/DotNetOpenAuth.OpenId.UI/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OpenId.UI/Properties/AssemblyInfo.cs @@ -22,15 +22,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OpenID")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OpenId/Configuration/HostMetaDiscoveryElement.cs b/src/DotNetOpenAuth.OpenId/Configuration/HostMetaDiscoveryElement.cs new file mode 100644 index 0000000..437b12f --- /dev/null +++ b/src/DotNetOpenAuth.OpenId/Configuration/HostMetaDiscoveryElement.cs @@ -0,0 +1,37 @@ +//----------------------------------------------------------------------- +// <copyright file="HostMetaDiscoveryElement.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Configuration { + using System.Configuration; + + /// <summary> + /// The configuration element that can adjust how hostmeta discovery works. + /// </summary> + internal class HostMetaDiscoveryElement : ConfigurationElement { + /// <summary> + /// The property name for enableCertificateValidationCache. + /// </summary> + private const string EnableCertificateValidationCacheConfigName = "enableCertificateValidationCache"; + + /// <summary> + /// Initializes a new instance of the <see cref="HostMetaDiscoveryElement"/> class. + /// </summary> + public HostMetaDiscoveryElement() { + } + + /// <summary> + /// Gets or sets a value indicating whether validated certificates should be cached and not validated again. + /// </summary> + /// <remarks> + /// This helps to avoid unexplained 5-10 second delays in certificate validation for Google Apps for Domains that impact some servers. + /// </remarks> + [ConfigurationProperty(EnableCertificateValidationCacheConfigName, DefaultValue = false)] + public bool EnableCertificateValidationCache { + get { return (bool)this[EnableCertificateValidationCacheConfigName]; } + set { this[EnableCertificateValidationCacheConfigName] = value; } + } + } +} diff --git a/src/DotNetOpenAuth.OpenId/Configuration/OpenIdRelyingPartyElement.cs b/src/DotNetOpenAuth.OpenId/Configuration/OpenIdRelyingPartyElement.cs index 7d8c050..8af1129 100644 --- a/src/DotNetOpenAuth.OpenId/Configuration/OpenIdRelyingPartyElement.cs +++ b/src/DotNetOpenAuth.OpenId/Configuration/OpenIdRelyingPartyElement.cs @@ -47,6 +47,11 @@ namespace DotNetOpenAuth.Configuration { private const string DiscoveryServicesElementName = "discoveryServices"; /// <summary> + /// The name of the <hostMetaDiscovery> sub-element. + /// </summary> + private const string HostMetaDiscoveryElementName = "hostMetaDiscovery"; + + /// <summary> /// The built-in set of identifier discovery services. /// </summary> private static readonly TypeConfigurationCollection<IIdentifierDiscoveryService> defaultDiscoveryServices = @@ -99,6 +104,15 @@ namespace DotNetOpenAuth.Configuration { } /// <summary> + /// Gets or sets the host meta discovery configuration element. + /// </summary> + [ConfigurationProperty(HostMetaDiscoveryElementName)] + internal HostMetaDiscoveryElement HostMetaDiscovery { + get { return (HostMetaDiscoveryElement)this[HostMetaDiscoveryElementName] ?? new HostMetaDiscoveryElement(); } + set { this[HostMetaDiscoveryElementName] = value; } + } + + /// <summary> /// Gets or sets the services to use for discovering service endpoints for identifiers. /// </summary> /// <remarks> diff --git a/src/DotNetOpenAuth.OpenId/DotNetOpenAuth.OpenId.csproj b/src/DotNetOpenAuth.OpenId/DotNetOpenAuth.OpenId.csproj index 95dccc1..75bd113 100644 --- a/src/DotNetOpenAuth.OpenId/DotNetOpenAuth.OpenId.csproj +++ b/src/DotNetOpenAuth.OpenId/DotNetOpenAuth.OpenId.csproj @@ -22,6 +22,7 @@ <ItemGroup> <Compile Include="Configuration\AssociationTypeCollection.cs" /> <Compile Include="Configuration\AssociationTypeElement.cs" /> + <Compile Include="Configuration\HostMetaDiscoveryElement.cs" /> <Compile Include="Configuration\OpenIdElement.cs" /> <Compile Include="Configuration\OpenIdProviderElement.cs" /> <Compile Include="Configuration\OpenIdProviderSecuritySettingsElement.cs" /> diff --git a/src/DotNetOpenAuth.OpenId/OpenId/Association.cs b/src/DotNetOpenAuth.OpenId/OpenId/Association.cs index 764f4fa..a0f5bae 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/Association.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/Association.cs @@ -240,7 +240,7 @@ namespace DotNetOpenAuth.OpenId { /// A hash code for the current <see cref="T:System.Object"/>. /// </returns> public override int GetHashCode() { - HMACSHA1 hmac = new HMACSHA1(this.SecretKey); + var hmac = HmacAlgorithms.Create(HmacAlgorithms.HmacSha1, this.SecretKey); try { CryptoStream cs = new CryptoStream(Stream.Null, hmac, CryptoStreamMode.Write); diff --git a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs index ec16fae..fa7768b 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs @@ -197,7 +197,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { cryptoKey = this.cryptoKeyStore.GetKey(SecretUri.AbsoluteUri, returnToParameters[ReturnToSignatureHandleParameterName]); } - using (var signer = new HMACSHA256(cryptoKey.Key)) { + using (var signer = HmacAlgorithms.Create(HmacAlgorithms.HmacSha256, cryptoKey.Key)) { signature = signer.ComputeHash(bytesToSign); } } catch (ProtocolException ex) { diff --git a/src/DotNetOpenAuth.OpenId/OpenId/HmacShaAssociation.cs b/src/DotNetOpenAuth.OpenId/OpenId/HmacShaAssociation.cs index 5e3553d..bf0111d 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/HmacShaAssociation.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/HmacShaAssociation.cs @@ -226,22 +226,22 @@ namespace DotNetOpenAuth.OpenId { private static HmacSha[] CreateAssociationTypes() { return new[] { new HmacSha { - CreateHasher = secretKey => new HMACSHA512(secretKey), + HmacAlgorithmName = HmacAlgorithms.HmacSha384, GetAssociationType = protocol => protocol.Args.SignatureAlgorithm.HMAC_SHA512, BaseHashAlgorithm = SHA512.Create(), }, new HmacSha { - CreateHasher = secretKey => new HMACSHA384(secretKey), + HmacAlgorithmName = HmacAlgorithms.HmacSha384, GetAssociationType = protocol => protocol.Args.SignatureAlgorithm.HMAC_SHA384, BaseHashAlgorithm = SHA384.Create(), }, new HmacSha { - CreateHasher = secretKey => new HMACSHA256(secretKey), + HmacAlgorithmName = HmacAlgorithms.HmacSha256, GetAssociationType = protocol => protocol.Args.SignatureAlgorithm.HMAC_SHA256, BaseHashAlgorithm = SHA256.Create(), }, new HmacSha { - CreateHasher = secretKey => new HMACSHA1(secretKey), + HmacAlgorithmName = HmacAlgorithms.HmacSha1, GetAssociationType = protocol => protocol.Args.SignatureAlgorithm.HMAC_SHA1, BaseHashAlgorithm = SHA1.Create(), }, @@ -258,9 +258,9 @@ namespace DotNetOpenAuth.OpenId { internal Func<Protocol, string> GetAssociationType { get; set; } /// <summary> - /// Gets or sets a function that will create the <see cref="HashAlgorithm"/> using a given shared secret for the mac. + /// Gets or sets the name of the HMAC-SHA algorithm. (e.g. "HMAC-SHA256") /// </summary> - internal Func<byte[], HashAlgorithm> CreateHasher { get; set; } + internal string HmacAlgorithmName { get; set; } /// <summary> /// Gets or sets the base hash algorithm. @@ -271,6 +271,15 @@ namespace DotNetOpenAuth.OpenId { /// Gets the size of the hash (in bytes). /// </summary> internal int SecretLength { get { return this.BaseHashAlgorithm.HashSize / 8; } } + + /// <summary> + /// Creates the <see cref="HashAlgorithm"/> using a given shared secret for the mac. + /// </summary> + /// <param name="secret">The HMAC secret.</param> + /// <returns>The algorithm.</returns> + internal HashAlgorithm CreateHasher(byte[] secret) { + return HmacAlgorithms.Create(this.HmacAlgorithmName, secret); + } } } }
\ No newline at end of file diff --git a/src/DotNetOpenAuth.OpenId/OpenId/UriIdentifier.cs b/src/DotNetOpenAuth.OpenId/OpenId/UriIdentifier.cs index d601aed..631eab6 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/UriIdentifier.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/UriIdentifier.cs @@ -90,6 +90,10 @@ namespace DotNetOpenAuth.OpenId { // We must be running in partial trust. Nothing more we can do. Logger.OpenId.Warn("Unable to coerce .NET to stop compressing URI paths due to partial trust limitations. Some URL identifiers may be unable to complete login."); Reporting.RecordFeatureUse("PartialTrust"); + } catch (FieldAccessException) { // one customer reported getting this exception + // We must be running in partial trust. Nothing more we can do. + Logger.OpenId.Warn("Unable to coerce .NET to stop compressing URI paths due to partial trust limitations. Some URL identifiers may be unable to complete login."); + Reporting.RecordFeatureUse("PartialTrust"); } } diff --git a/src/DotNetOpenAuth.OpenId/OpenId/XriDiscoveryProxyService.cs b/src/DotNetOpenAuth.OpenId/OpenId/XriDiscoveryProxyService.cs index 8265c75..3189a5d 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/XriDiscoveryProxyService.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/XriDiscoveryProxyService.cs @@ -77,7 +77,8 @@ namespace DotNetOpenAuth.OpenId { Contract.Ensures(Contract.Result<XrdsDocument>() != null); XrdsDocument doc; using (var xrdsResponse = Yadis.Request(requestHandler, GetXrdsUrl(identifier), identifier.IsDiscoverySecureEndToEnd)) { - doc = new XrdsDocument(XmlReader.Create(xrdsResponse.ResponseStream)); + var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings(); + doc = new XrdsDocument(XmlReader.Create(xrdsResponse.ResponseStream, readerSettings)); } ErrorUtilities.VerifyProtocol(doc.IsXrdResolutionSuccessful, OpenIdStrings.XriResolutionFailed); return doc; diff --git a/src/DotNetOpenAuth.OpenId/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OpenId/Properties/AssemblyInfo.cs index 00fb93f..42aa959 100644 --- a/src/DotNetOpenAuth.OpenId/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OpenId/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth OpenID")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OpenId/Yadis/Yadis.cs b/src/DotNetOpenAuth.OpenId/Yadis/Yadis.cs index f71ad46..a23e019 100644 --- a/src/DotNetOpenAuth.OpenId/Yadis/Yadis.cs +++ b/src/DotNetOpenAuth.OpenId/Yadis/Yadis.cs @@ -190,7 +190,8 @@ namespace DotNetOpenAuth.Yadis { if (response.ContentType.MediaType == ContentTypes.Xml) { // This COULD be an XRDS document with an imprecise content-type. response.ResponseStream.Seek(0, SeekOrigin.Begin); - XmlReader reader = XmlReader.Create(response.ResponseStream); + var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings(); + XmlReader reader = XmlReader.Create(response.ResponseStream, readerSettings); while (reader.Read() && reader.NodeType != XmlNodeType.Element) { // intentionally blank } diff --git a/src/DotNetOpenAuth.OpenIdInfoCard.UI/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OpenIdInfoCard.UI/Properties/AssemblyInfo.cs index 194cdca..5c9dc63 100644 --- a/src/DotNetOpenAuth.OpenIdInfoCard.UI/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OpenIdInfoCard.UI/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.OpenIdOAuth/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OpenIdOAuth/Properties/AssemblyInfo.cs index 08c3ec2..759bd3f 100644 --- a/src/DotNetOpenAuth.OpenIdOAuth/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.OpenIdOAuth/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj index 84bdf7d..b58aa17 100644 --- a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj +++ b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj @@ -175,6 +175,7 @@ <Reference Include="System.Data.DataSetExtensions"> <RequiredTargetFramework>3.5</RequiredTargetFramework> </Reference> + <Reference Include="System.Net.Http" /> <Reference Include="System.Runtime.Serialization"> <RequiredTargetFramework>3.0</RequiredTargetFramework> </Reference> @@ -224,6 +225,7 @@ <Compile Include="Mocks\CoordinatingOAuthConsumerChannel.cs" /> <Compile Include="Mocks\IBaseMessageExplicitMembers.cs" /> <Compile Include="Mocks\InMemoryTokenManager.cs" /> + <Compile Include="Mocks\MockHttpMessageHandler.cs" /> <Compile Include="Mocks\MockHttpRequest.cs" /> <Compile Include="Mocks\MockIdentifier.cs" /> <Compile Include="Mocks\MockIdentifierDiscoveryService.cs" /> diff --git a/src/DotNetOpenAuth.Test/Messaging/MessagingUtilitiesTests.cs b/src/DotNetOpenAuth.Test/Messaging/MessagingUtilitiesTests.cs index f3a881b..0610018 100644 --- a/src/DotNetOpenAuth.Test/Messaging/MessagingUtilitiesTests.cs +++ b/src/DotNetOpenAuth.Test/Messaging/MessagingUtilitiesTests.cs @@ -9,13 +9,17 @@ namespace DotNetOpenAuth.Test.Messaging { using System.Collections.Generic; using System.Collections.Specialized; using System.Diagnostics; + using System.Globalization; using System.IO; + using System.Linq; using System.Net; + using System.Net.Http; using System.Text; using System.Text.RegularExpressions; using System.Web; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.Test.Mocks; + using Moq; using NUnit.Framework; [TestFixture] @@ -63,6 +67,30 @@ namespace DotNetOpenAuth.Test.Messaging { } [Test] + public void AsHttpResponseMessage() { + var responseContent = new byte[10]; + (new Random()).NextBytes(responseContent); + var responseStream = new MemoryStream(responseContent); + var outgoingResponse = new OutgoingWebResponse(); + outgoingResponse.Headers.Add("X-SOME-HEADER", "value"); + outgoingResponse.Headers.Add("Content-Length", responseContent.Length.ToString(CultureInfo.InvariantCulture)); + outgoingResponse.ResponseStream = responseStream; + + var httpResponseMessage = outgoingResponse.AsHttpResponseMessage(); + Assert.That(httpResponseMessage, Is.Not.Null); + Assert.That(httpResponseMessage.Headers.GetValues("X-SOME-HEADER").ToList(), Is.EqualTo(new[] { "value" })); + Assert.That( + httpResponseMessage.Content.Headers.GetValues("Content-Length").ToList(), + Is.EqualTo(new[] { responseContent.Length.ToString(CultureInfo.InvariantCulture) })); + var actualContent = new byte[responseContent.Length + 1]; // give the opportunity to provide a bit more data than we expect. + var bytesRead = httpResponseMessage.Content.ReadAsStreamAsync().Result.Read(actualContent, 0, actualContent.Length); + Assert.That(bytesRead, Is.EqualTo(responseContent.Length)); // verify that only the data we expected came back. + var trimmedActualContent = new byte[bytesRead]; + Array.Copy(actualContent, trimmedActualContent, bytesRead); + Assert.That(trimmedActualContent, Is.EqualTo(responseContent)); + } + + [Test] public void ToDictionary() { NameValueCollection nvc = new NameValueCollection(); nvc["a"] = "b"; @@ -151,7 +179,7 @@ namespace DotNetOpenAuth.Test.Messaging { var httpHandler = new TestWebRequestHandler(); bool callbackTriggered = false; httpHandler.Callback = req => { - Match m = Regex.Match(req.ContentType, "multipart/form-data; boundary=(.+)"); + var m = Regex.Match(req.ContentType, "multipart/form-data; boundary=(.+)"); Assert.IsTrue(m.Success, "Content-Type HTTP header not set correctly."); string boundary = m.Groups[1].Value; boundary = boundary.Substring(0, boundary.IndexOf(';')); // trim off charset diff --git a/src/DotNetOpenAuth.Test/Mocks/MockHttpMessageHandler.cs b/src/DotNetOpenAuth.Test/Mocks/MockHttpMessageHandler.cs new file mode 100644 index 0000000..fba107e --- /dev/null +++ b/src/DotNetOpenAuth.Test/Mocks/MockHttpMessageHandler.cs @@ -0,0 +1,46 @@ +//----------------------------------------------------------------------- +// <copyright file="MockHttpMessageHandler.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Test.Mocks { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Net.Http; + using System.Text; + using System.Threading; + using System.Threading.Tasks; + + /// <summary> + /// An <see cref="HttpMessageHandler"/> that sends each request to the specified delegate. + /// </summary> + internal class MockHttpMessageHandler : HttpMessageHandler { + /// <summary> + /// The handler to invoke for each request. + /// </summary> + private readonly Func<HttpRequestMessage, CancellationToken, Task<HttpResponseMessage>> handler; + + /// <summary> + /// Initializes a new instance of the <see cref="MockHttpMessageHandler" /> class. + /// </summary> + /// <param name="handler">The handler.</param> + internal MockHttpMessageHandler(Func<HttpRequestMessage, CancellationToken, Task<HttpResponseMessage>> handler) { + Requires.NotNull(handler, "handler"); + this.handler = handler; + } + + /// <summary> + /// Send an HTTP request as an asynchronous operation. + /// </summary> + /// <param name="request">The HTTP request message to send.</param> + /// <param name="cancellationToken">The cancellation token to cancel operation.</param> + /// <returns> + /// Returns <see cref="T:System.Threading.Tasks.Task`1" />.The task object representing the asynchronous operation. + /// </returns> + protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { + return this.handler(request, cancellationToken); + } + } +} diff --git a/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs b/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs index f5d9b8c..9a9c078 100644 --- a/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs +++ b/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs @@ -9,7 +9,9 @@ namespace DotNetOpenAuth.Test.OAuth2 { using System.Collections.Generic; using System.Linq; using System.Net; + using System.Net.Http; using System.Text; + using System.Threading.Tasks; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth2; using DotNetOpenAuth.OAuth2.ChannelElements; @@ -98,5 +100,45 @@ namespace DotNetOpenAuth.Test.OAuth2 { }); coordinator.Run(); } + + [Test] + public void CreateAuthorizingHandlerBearer() { + var client = new WebServerClient(AuthorizationServerDescription); + string bearerToken = "mytoken"; + var tcs = new TaskCompletionSource<HttpResponseMessage>(); + var expectedResponse = new HttpResponseMessage(); + + var mockHandler = new Mocks.MockHttpMessageHandler((req, ct) => { + Assert.That(req.Headers.Authorization.Scheme, Is.EqualTo(Protocol.BearerHttpAuthorizationScheme)); + Assert.That(req.Headers.Authorization.Parameter, Is.EqualTo(bearerToken)); + tcs.SetResult(expectedResponse); + return tcs.Task; + }); + var applicator = client.CreateAuthorizingHandler("mytoken", mockHandler); + var httpClient = new HttpClient(applicator); + var actualResponse = httpClient.GetAsync("http://localhost/someMessage").Result; + Assert.That(actualResponse, Is.SameAs(expectedResponse)); + } + + [Test] + public void CreateAuthorizingHandlerAuthorization() { + var client = new WebServerClient(AuthorizationServerDescription); + string bearerToken = "mytoken"; + var authorization = new Mock<IAuthorizationState>(); + authorization.SetupGet(a => a.AccessToken).Returns(bearerToken); + var tcs = new TaskCompletionSource<HttpResponseMessage>(); + var expectedResponse = new HttpResponseMessage(); + + var mockHandler = new Mocks.MockHttpMessageHandler((req, ct) => { + Assert.That(req.Headers.Authorization.Scheme, Is.EqualTo(Protocol.BearerHttpAuthorizationScheme)); + Assert.That(req.Headers.Authorization.Parameter, Is.EqualTo(bearerToken)); + tcs.SetResult(expectedResponse); + return tcs.Task; + }); + var applicator = client.CreateAuthorizingHandler(authorization.Object, mockHandler); + var httpClient = new HttpClient(applicator); + var actualResponse = httpClient.GetAsync("http://localhost/someMessage").Result; + Assert.That(actualResponse, Is.SameAs(expectedResponse)); + } } } diff --git a/src/DotNetOpenAuth.Test/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.Test/Properties/AssemblyInfo.cs index f8bf9d0..2960d75 100644 --- a/src/DotNetOpenAuth.Test/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth.Test/Properties/AssemblyInfo.cs @@ -12,14 +12,7 @@ using System.Runtime.InteropServices; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth.Test")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth.Test")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] // Setting ComVisible to false makes the types in this assembly not visible // to COM componenets. If you need to access a type in this assembly from diff --git a/src/DotNetOpenAuth/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth/Properties/AssemblyInfo.cs index eb429c2..c41a228 100644 --- a/src/DotNetOpenAuth/Properties/AssemblyInfo.cs +++ b/src/DotNetOpenAuth/Properties/AssemblyInfo.cs @@ -19,15 +19,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("DotNetOpenAuth")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/Mono.Math/Properties/AssemblyInfo.cs b/src/Mono.Math/Properties/AssemblyInfo.cs index 00cc4f4..0e40bff 100644 --- a/src/Mono.Math/Properties/AssemblyInfo.cs +++ b/src/Mono.Math/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("Mono Math")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible diff --git a/src/Org.Mentalis.Security.Cryptography/Properties/AssemblyInfo.cs b/src/Org.Mentalis.Security.Cryptography/Properties/AssemblyInfo.cs index 0e6f4b3..4a9e9b9 100644 --- a/src/Org.Mentalis.Security.Cryptography/Properties/AssemblyInfo.cs +++ b/src/Org.Mentalis.Security.Cryptography/Properties/AssemblyInfo.cs @@ -20,15 +20,7 @@ using System.Web.UI; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("Org.Mentalis.Security.Cryptography")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("DotNetOpenAuth")] -[assembly: AssemblyCopyright("Copyright © 2011 Outercurve Foundation")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] -[assembly: NeutralResourcesLanguage("en-US")] +[assembly: AssemblyCopyright("Copyright © 2012 Outercurve Foundation")] [assembly: CLSCompliant(true)] // Setting ComVisible to false makes the types in this assembly not visible |