diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-03-07 11:17:17 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-03-08 01:08:56 -0800 |
| commit | eb2952ea357476f073755c5a7d0c4cc08484487b (patch) | |
| tree | 16740fb0a204b705ade71bdcb2a8be3a58f6de3b /src | |
| parent | 7d460c9b12b06106d6be31edfd6b49329501f730 (diff) | |
| download | DotNetOpenAuth-eb2952ea357476f073755c5a7d0c4cc08484487b.zip DotNetOpenAuth-eb2952ea357476f073755c5a7d0c4cc08484487b.tar.gz DotNetOpenAuth-eb2952ea357476f073755c5a7d0c4cc08484487b.tar.bz2 | |
Fixed Provider to not re-send the check_auth request if it does not recognize the association handle.
Diffstat (limited to 'src')
| -rw-r--r-- | src/DotNetOpenAuth/OpenId/ChannelElements/SigningBindingElement.cs | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/SigningBindingElement.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/SigningBindingElement.cs index 1ebe144..d2eef6c 100644 --- a/src/DotNetOpenAuth/OpenId/ChannelElements/SigningBindingElement.cs +++ b/src/DotNetOpenAuth/OpenId/ChannelElements/SigningBindingElement.cs @@ -144,6 +144,12 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { } else { ErrorUtilities.VerifyInternal(this.Channel != null, "Cannot verify private association signature because we don't have a channel."); + // If we're on the Provider, then the RP sent us a check_auth with a signature + // we don't have an association for. (It may have expired, or it may be a faulty RP). + if (this.IsOnProvider) { + throw new InvalidSignatureException(message); + } + // We did not recognize the association the provider used to sign the message. // Ask the provider to check the signature then. var indirectSignedResponse = (IndirectSignedResponse)signedMessage; |