diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-03-25 14:15:46 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-03-25 14:44:24 -0700 |
| commit | 1a52277e464f55354890cc052d78ba90c7802fe0 (patch) | |
| tree | 19ff0799b2e3200605647744a795a492477d2911 /src | |
| parent | be1d9746c979fc35b3a836038a7ab768ca00757a (diff) | |
| download | DotNetOpenAuth-1a52277e464f55354890cc052d78ba90c7802fe0.zip DotNetOpenAuth-1a52277e464f55354890cc052d78ba90c7802fe0.tar.gz DotNetOpenAuth-1a52277e464f55354890cc052d78ba90c7802fe0.tar.bz2 | |
Added some InfoCard logging for Audience tags.
Diffstat (limited to 'src')
| -rw-r--r-- | src/DotNetOpenAuth/InfoCard/Token/TokenUtility.cs | 34 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/Logger.cs | 10 |
2 files changed, 31 insertions, 13 deletions
diff --git a/src/DotNetOpenAuth/InfoCard/Token/TokenUtility.cs b/src/DotNetOpenAuth/InfoCard/Token/TokenUtility.cs index a22949f..34b028d 100644 --- a/src/DotNetOpenAuth/InfoCard/Token/TokenUtility.cs +++ b/src/DotNetOpenAuth/InfoCard/Token/TokenUtility.cs @@ -61,19 +61,27 @@ namespace DotNetOpenAuth.InfoCard { ////if (null != token.SecurityKeys && token.SecurityKeys.Count > 0) //// throw new InformationCardException("Token Security Keys Exist"); - if (audience != null && - token.Assertion.Conditions != null && - token.Assertion.Conditions.Conditions != null) { - foreach (SamlCondition condition in token.Assertion.Conditions.Conditions) { - SamlAudienceRestrictionCondition audienceCondition = condition as SamlAudienceRestrictionCondition; - - if (audienceCondition != null) { - bool match = audienceCondition.Audiences.Contains(audience); - - // The token is invalid if any condition is not valid. - // An audience restriction condition is valid if any audience - // matches the Relying Party. - ErrorUtilities.VerifyInfoCard(match, InfoCardStrings.AudienceMismatch); + if (audience == null) { + Logger.InfoCard.WarnFormat("SAML token Audience checking will be skipped."); + } else { + if (token.Assertion.Conditions != null && + token.Assertion.Conditions.Conditions != null) { + foreach (SamlCondition condition in token.Assertion.Conditions.Conditions) { + SamlAudienceRestrictionCondition audienceCondition = condition as SamlAudienceRestrictionCondition; + + if (audienceCondition != null) { + Logger.InfoCard.DebugFormat("SAML token audience(s): {0}", audienceCondition.Audiences.ToStringDeferred()); + bool match = audienceCondition.Audiences.Contains(audience); + + if (!match && Logger.InfoCard.IsErrorEnabled) { + Logger.InfoCard.ErrorFormat("Expected SAML token audience of {0} but found {1}.", audience, audienceCondition.Audiences.ToStringDeferred()); + } + + // The token is invalid if any condition is not valid. + // An audience restriction condition is valid if any audience + // matches the Relying Party. + ErrorUtilities.VerifyInfoCard(match, InfoCardStrings.AudienceMismatch); + } } } } diff --git a/src/DotNetOpenAuth/Logger.cs b/src/DotNetOpenAuth/Logger.cs index eec423b..1ab913c 100644 --- a/src/DotNetOpenAuth/Logger.cs +++ b/src/DotNetOpenAuth/Logger.cs @@ -69,6 +69,11 @@ namespace DotNetOpenAuth { private static readonly ILog oauth = Create("DotNetOpenAuth.OAuth"); /// <summary> + /// Backing field for the <see cref="InfoCard"/> property. + /// </summary> + private static readonly ILog infocard = Create("DotNetOpenAuth.InfoCard"); + + /// <summary> /// Gets the logger for service discovery and selection events. /// </summary> internal static ILog Yadis { get { return yadis; } } @@ -108,6 +113,11 @@ namespace DotNetOpenAuth { /// </summary> internal static ILog OAuth { get { return oauth; } } + /// <summary> + /// Gets the logger for high-level InfoCard events. + /// </summary> + internal static ILog InfoCard { get { return infocard; } } + #endregion /// <summary> |