Hooked up trusted provider check during OpenID identifier discovery and positive assertion processing at the RP.

4 files changed, 46 insertions, 20 deletions

diff --git a/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs b/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
index 43283ac..ff3fea6 100644
--- a/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
+++ b/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
@@ -1,7 +1,7 @@
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:4.0.30319.1
+//     Runtime Version:4.0.30319.225
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
 //     the code is regenerated.
@@ -524,11 +524,11 @@ namespace DotNetOpenAuth.OpenId {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to An positive OpenID assertion was received from OP endpoint {0} that is not on this relying party&apos;s whitelist..
+        ///   Looks up a localized string similar to An positive OpenID assertion was received from OP endpoint {0} and was rejected based on this site&apos;s security settings..
         /// </summary>
-        internal static string PositiveAssertionFromNonWhitelistedProvider {
+        internal static string PositiveAssertionFromNonQualifiedProvider {
             get {
-                return ResourceManager.GetString("PositiveAssertionFromNonWhitelistedProvider", resourceCulture);
+                return ResourceManager.GetString("PositiveAssertionFromNonQualifiedProvider", resourceCulture);
             }
         }
         
diff --git a/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx b/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
index fab03a9..13764bb 100644
--- a/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
+++ b/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
@@ -337,8 +337,8 @@ Discovered endpoint info:
   <data name="BadExtension" xml:space="preserve">
     <value>The {0} extension failed to deserialize and will be skipped.  {1}</value>
   </data>
-  <data name="PositiveAssertionFromNonWhitelistedProvider" xml:space="preserve">
-    <value>An positive OpenID assertion was received from OP endpoint {0} that is not on this relying party's whitelist.</value>
+  <data name="PositiveAssertionFromNonQualifiedProvider" xml:space="preserve">
+    <value>An positive OpenID assertion was received from OP endpoint {0} and was rejected based on this site's security settings.</value>
   </data>
   <data name="HeadTagMustIncludeRunatServer" xml:space="preserve">
     <value>The HTML head tag must include runat="server".</value>
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs
index 967ef60..3a17263 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs
@@ -501,14 +501,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 			Contract.Requires<ArgumentNullException>(endpoints != null);
 			Contract.Requires<ArgumentNullException>(relyingParty != null);
 
-			// Construct the endpoints filters based on criteria given by the host web site.
-			EndpointSelector versionFilter = ep => ep.Version >= Protocol.Lookup(relyingParty.SecuritySettings.MinimumRequiredOpenIdVersion).Version;
-			EndpointSelector hostingSiteFilter = relyingParty.EndpointFilter ?? (ep => true);
-
 			bool anyFilteredOut = false;
 			var filteredEndpoints = new List<IdentifierDiscoveryResult>();
 			foreach (var endpoint in endpoints) {
-				if (versionFilter(endpoint) && hostingSiteFilter(endpoint)) {
+				if (relyingParty.FilterEndpoint(endpoint)) {
 					filteredEndpoints.Add(endpoint);
 				} else {
 					anyFilteredOut = true;
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
index a5fdf9b..b9c67bd 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
@@ -542,15 +542,13 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 				NegativeAssertionResponse negativeAssertion;
 				IndirectSignedResponse positiveExtensionOnly;
 				if ((positiveAssertion = message as PositiveAssertionResponse) != null) {
-					if (this.EndpointFilter != null) {
-						// We need to make sure that this assertion is coming from an endpoint
-						// that the host deems acceptable.
-						var providerEndpoint = new SimpleXrdsProviderEndpoint(positiveAssertion);
-						ErrorUtilities.VerifyProtocol(
-							this.EndpointFilter(providerEndpoint),
-							OpenIdStrings.PositiveAssertionFromNonWhitelistedProvider,
-							providerEndpoint.Uri);
-					}
+					// We need to make sure that this assertion is coming from an endpoint
+					// that the host deems acceptable.
+					var providerEndpoint = new SimpleXrdsProviderEndpoint(positiveAssertion);
+					ErrorUtilities.VerifyProtocol(
+						this.FilterEndpoint(providerEndpoint),
+						OpenIdStrings.PositiveAssertionFromNonQualifiedProvider,
+						providerEndpoint.Uri);
 
 					var response = new PositiveAuthenticationResponse(positiveAssertion, this);
 					foreach (var behavior in this.Behaviors) {
@@ -761,6 +759,38 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		}
 
 		/// <summary>
+		/// Checks whether a given OP Endpoint is permitted by the host relying party.
+		/// </summary>
+		/// <param name="endpoint">The OP endpoint.</param>
+		/// <returns><c>true</c> if the OP Endpoint is allowed; <c>false</c> otherwise.</returns>
+		protected internal bool FilterEndpoint(IProviderEndpoint endpoint) {
+			if (this.SecuritySettings.RejectAssertionsFromUntrustedProviders) {
+				if (!this.SecuritySettings.TrustedProviderEndpoints.ContainsKey(endpoint.Uri)) {
+					Logger.OpenId.InfoFormat("Filtering out OP endpoint {0} because it is not on the exclusive trusted provider whitelist.", endpoint.Uri.AbsoluteUri);
+					return false;
+				}
+			}
+
+			if (endpoint.Version < Protocol.Lookup(this.SecuritySettings.MinimumRequiredOpenIdVersion).Version) {
+				Logger.OpenId.InfoFormat(
+					"Filtering out OP endpoint {0} because it implements OpenID {1} but this relying party requires OpenID {2} or later.",
+					endpoint.Uri.AbsoluteUri,
+					endpoint.Version,
+					Protocol.Lookup(this.SecuritySettings.MinimumRequiredOpenIdVersion).Version);
+				return false;
+			}
+
+			if (this.EndpointFilter != null) {
+				if (!this.EndpointFilter(endpoint)) {
+					Logger.OpenId.InfoFormat("Filtering out OP endpoint {0} because the host rejected it.", endpoint.Uri.AbsoluteUri);
+					return false;
+				}
+			}
+
+			return true;
+		}
+
+		/// <summary>
 		/// Releases unmanaged and - optionally - managed resources
 		/// </summary>
 		/// <param name="disposing"><c>true</c> to release both managed and unmanaged resources; <c>false</c> to release only unmanaged resources.</param>