diff options
Diffstat (limited to 'src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider')
8 files changed, 16 insertions, 1049 deletions
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs index ec0c58a..2fdcebb 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs @@ -105,17 +105,19 @@ namespace DotNetOpenAuth.OpenId.Provider { /// Gets a value indicating whether verification of the return URL claimed by the Relying Party /// succeeded. /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns>Result of realm discovery.</returns> + /// <param name="requestHandler">The request handler.</param> + /// <returns> + /// Result of realm discovery. + /// </returns> /// <remarks> /// Return URL verification is only attempted if this property is queried. /// The result of the verification is cached per request so calling this /// property getter multiple times in one request is not a performance hit. /// See OpenID Authentication 2.0 spec section 9.2.1. /// </remarks> - public RelyingPartyDiscoveryResult IsReturnUrlDiscoverable(OpenIdProvider provider) { + public RelyingPartyDiscoveryResult IsReturnUrlDiscoverable(IDirectWebRequestHandler requestHandler) { if (!this.realmDiscoveryResult.HasValue) { - this.realmDiscoveryResult = this.IsReturnUrlDiscoverableCore(provider); + this.realmDiscoveryResult = this.IsReturnUrlDiscoverableCore(requestHandler); } return this.realmDiscoveryResult.Value; @@ -125,10 +127,12 @@ namespace DotNetOpenAuth.OpenId.Provider { /// Gets a value indicating whether verification of the return URL claimed by the Relying Party /// succeeded. /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns>Result of realm discovery.</returns> - private RelyingPartyDiscoveryResult IsReturnUrlDiscoverableCore(OpenIdProvider provider) { - Contract.Requires<ArgumentNullException>(provider != null); + /// <param name="requestHandler">The request handler.</param> + /// <returns> + /// Result of realm discovery. + /// </returns> + private RelyingPartyDiscoveryResult IsReturnUrlDiscoverableCore(IDirectWebRequestHandler requestHandler) { + Contract.Requires<ArgumentNullException>(requestHandler != null); ErrorUtilities.VerifyInternal(this.Realm != null, "Realm should have been read or derived by now."); @@ -138,7 +142,7 @@ namespace DotNetOpenAuth.OpenId.Provider { return RelyingPartyDiscoveryResult.NoServiceDocument; } - var returnToEndpoints = this.Realm.DiscoverReturnToEndpoints(provider.Channel.WebRequestHandler, false); + var returnToEndpoints = this.Realm.DiscoverReturnToEndpoints(requestHandler, false); if (returnToEndpoints == null) { return RelyingPartyDiscoveryResult.NoServiceDocument; } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IAuthenticationRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IAuthenticationRequest.cs deleted file mode 100644 index f59d436..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IAuthenticationRequest.cs +++ /dev/null @@ -1,367 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IAuthenticationRequest.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Collections.Generic; - using System.Diagnostics.Contracts; - using System.Text; - using DotNetOpenAuth.Messaging; - - /// <summary> - /// Instances of this interface represent incoming authentication requests. - /// This interface provides the details of the request and allows setting - /// the response. - /// </summary> - [ContractClass(typeof(IAuthenticationRequestContract))] - public interface IAuthenticationRequest : IHostProcessedRequest { - /// <summary> - /// Gets a value indicating whether the Provider should help the user - /// select a Claimed Identifier to send back to the relying party. - /// </summary> - bool IsDirectedIdentity { get; } - - /// <summary> - /// Gets a value indicating whether the requesting Relying Party is using a delegated URL. - /// </summary> - /// <remarks> - /// When delegated identifiers are used, the <see cref="ClaimedIdentifier"/> should not - /// be changed at the Provider during authentication. - /// Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - /// A relying party implementing only OpenID 1.x may use delegation and this property will - /// return false anyway. - /// </remarks> - bool IsDelegatedIdentifier { get; } - - /// <summary> - /// Gets or sets the Local Identifier to this OpenID Provider of the user attempting - /// to authenticate. Check <see cref="IsDirectedIdentity"/> to see if - /// this value is valid. - /// </summary> - /// <remarks> - /// This may or may not be the same as the Claimed Identifier that the user agent - /// originally supplied to the relying party. The Claimed Identifier - /// endpoint may be delegating authentication to this provider using - /// this provider's local id, which is what this property contains. - /// Use this identifier when looking up this user in the provider's user account - /// list. - /// </remarks> - Identifier LocalIdentifier { get; set; } - - /// <summary> - /// Gets or sets the identifier that the user agent is claiming at the relying party site. - /// Check <see cref="IsDirectedIdentity"/> to see if this value is valid. - /// </summary> - /// <remarks> - /// <para>This property can only be set if <see cref="IsDelegatedIdentifier"/> is - /// false, to prevent breaking URL delegation.</para> - /// <para>This will not be the same as this provider's local identifier for the user - /// if the user has set up his/her own identity page that points to this - /// provider for authentication.</para> - /// <para>The provider may use this identifier for displaying to the user when - /// asking for the user's permission to authenticate to the relying party.</para> - /// </remarks> - /// <exception cref="InvalidOperationException">Thrown from the setter - /// if <see cref="IsDelegatedIdentifier"/> is true.</exception> - Identifier ClaimedIdentifier { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether the provider has determined that the - /// <see cref="ClaimedIdentifier"/> belongs to the currently logged in user - /// and wishes to share this information with the consumer. - /// </summary> - bool? IsAuthenticated { get; set; } - - /// <summary> - /// Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - /// Useful for identifier recycling. - /// </summary> - /// <param name="fragment"> - /// Should not include the # prefix character as that will be added internally. - /// May be null or the empty string to clear a previously set fragment. - /// </param> - /// <remarks> - /// <para>Unlike the <see cref="ClaimedIdentifier"/> property, which can only be set if - /// using directed identity, this method can be called on any URI claimed identifier.</para> - /// <para>Because XRI claimed identifiers (the canonical IDs) are never recycled, - /// this method should<i>not</i> be called for XRIs.</para> - /// </remarks> - /// <exception cref="InvalidOperationException"> - /// Thrown when this method is called on an XRI, or on a directed identity - /// request before the <see cref="ClaimedIdentifier"/> property is set. - /// </exception> - void SetClaimedIdentifierFragment(string fragment); - } - - /// <summary> - /// Code contract class for the <see cref="IAuthenticationRequest"/> type. - /// </summary> - [ContractClassFor(typeof(IAuthenticationRequest))] - internal abstract class IAuthenticationRequestContract : IAuthenticationRequest { - /// <summary> - /// Initializes a new instance of the <see cref="IAuthenticationRequestContract"/> class. - /// </summary> - protected IAuthenticationRequestContract() { - } - - #region IAuthenticationRequest Properties - - /// <summary> - /// Gets a value indicating whether the Provider should help the user - /// select a Claimed Identifier to send back to the relying party. - /// </summary> - bool IAuthenticationRequest.IsDirectedIdentity { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the requesting Relying Party is using a delegated URL. - /// </summary> - /// <remarks> - /// When delegated identifiers are used, the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> should not - /// be changed at the Provider during authentication. - /// Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - /// A relying party implementing only OpenID 1.x may use delegation and this property will - /// return false anyway. - /// </remarks> - bool IAuthenticationRequest.IsDelegatedIdentifier { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the Local Identifier to this OpenID Provider of the user attempting - /// to authenticate. Check <see cref="IAuthenticationRequest.IsDirectedIdentity"/> to see if - /// this value is valid. - /// </summary> - /// <remarks> - /// This may or may not be the same as the Claimed Identifier that the user agent - /// originally supplied to the relying party. The Claimed Identifier - /// endpoint may be delegating authentication to this provider using - /// this provider's local id, which is what this property contains. - /// Use this identifier when looking up this user in the provider's user account - /// list. - /// </remarks> - Identifier IAuthenticationRequest.LocalIdentifier { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - /// <summary> - /// Gets or sets the identifier that the user agent is claiming at the relying party site. - /// Check <see cref="IAuthenticationRequest.IsDirectedIdentity"/> to see if this value is valid. - /// </summary> - /// <remarks> - /// <para>This property can only be set if <see cref="IAuthenticationRequest.IsDelegatedIdentifier"/> is - /// false, to prevent breaking URL delegation.</para> - /// <para>This will not be the same as this provider's local identifier for the user - /// if the user has set up his/her own identity page that points to this - /// provider for authentication.</para> - /// <para>The provider may use this identifier for displaying to the user when - /// asking for the user's permission to authenticate to the relying party.</para> - /// </remarks> - /// <exception cref="InvalidOperationException">Thrown from the setter - /// if <see cref="IAuthenticationRequest.IsDelegatedIdentifier"/> is true.</exception> - Identifier IAuthenticationRequest.ClaimedIdentifier { - get { - throw new NotImplementedException(); - } - - set { - IAuthenticationRequest req = this; - Contract.Requires<InvalidOperationException>(!req.IsDelegatedIdentifier, OpenIdStrings.ClaimedIdentifierCannotBeSetOnDelegatedAuthentication); - Contract.Requires<InvalidOperationException>(!req.IsDirectedIdentity || !(req.LocalIdentifier != null && req.LocalIdentifier != value), OpenIdStrings.IdentifierSelectRequiresMatchingIdentifiers); - } - } - - /// <summary> - /// Gets or sets a value indicating whether the provider has determined that the - /// <see cref="IAuthenticationRequest.ClaimedIdentifier"/> belongs to the currently logged in user - /// and wishes to share this information with the consumer. - /// </summary> - bool? IAuthenticationRequest.IsAuthenticated { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - #endregion - - #region IHostProcessedRequest Properties - - /// <summary> - /// Gets the version of OpenID being used by the relying party that sent the request. - /// </summary> - ProtocolVersion IHostProcessedRequest.RelyingPartyVersion { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets the URL the consumer site claims to use as its 'base' address. - /// </summary> - Realm IHostProcessedRequest.Realm { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the consumer demands an immediate response. - /// If false, the consumer is willing to wait for the identity provider - /// to authenticate the user. - /// </summary> - bool IHostProcessedRequest.Immediate { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the provider endpoint claimed in the positive assertion. - /// </summary> - /// <value> - /// The default value is the URL that the request came in on from the relying party. - /// This value MUST match the value for the OP Endpoint in the discovery results for the - /// claimed identifier being asserted in a positive response. - /// </value> - Uri IHostProcessedRequest.ProviderEndpoint { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - #endregion - - #region IRequest Properties - - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IRequest.IsResponseReady { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value> - /// Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>. - /// </value> - ProviderSecuritySettings IRequest.SecuritySettings { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - #endregion - - #region IAuthenticationRequest Methods - - /// <summary> - /// Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - /// Useful for identifier recycling. - /// </summary> - /// <param name="fragment">Should not include the # prefix character as that will be added internally. - /// May be null or the empty string to clear a previously set fragment.</param> - /// <remarks> - /// <para>Unlike the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> property, which can only be set if - /// using directed identity, this method can be called on any URI claimed identifier.</para> - /// <para>Because XRI claimed identifiers (the canonical IDs) are never recycled, - /// this method should<i>not</i> be called for XRIs.</para> - /// </remarks> - /// <exception cref="InvalidOperationException"> - /// Thrown when this method is called on an XRI, or on a directed identity - /// request before the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> property is set. - /// </exception> - void IAuthenticationRequest.SetClaimedIdentifierFragment(string fragment) { - Contract.Requires<InvalidOperationException>(!(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null), OpenIdStrings.ClaimedIdentifierMustBeSetFirst); - Contract.Requires<InvalidOperationException>(!(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier), OpenIdStrings.FragmentNotAllowedOnXRIs); - - throw new NotImplementedException(); - } - - #endregion - - #region IHostProcessedRequest Methods - - /// <summary> - /// Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns> - /// The details of how successful the relying party discovery was. - /// </returns> - /// <remarks> - /// <para>Return URL verification is only attempted if this method is called.</para> - /// <para>See OpenID Authentication 2.0 spec section 9.2.1.</para> - /// </remarks> - RelyingPartyDiscoveryResult IHostProcessedRequest.IsReturnUrlDiscoverable(OpenIdProvider provider) { - throw new NotImplementedException(); - } - - #endregion - - #region IRequest Methods - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void IRequest.AddResponseExtension(DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension extension) { - throw new NotImplementedException(); - } - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void IRequest.ClearResponseExtensions() { - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - T IRequest.GetExtension<T>() { - throw new NotImplementedException(); - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension IRequest.GetExtension(Type extensionType) { - throw new NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IHostProcessedRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IHostProcessedRequest.cs deleted file mode 100644 index 1c38d4b..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IHostProcessedRequest.cs +++ /dev/null @@ -1,202 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IHostProcessedRequest.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Diagnostics.Contracts; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.Messages; - - /// <summary> - /// Interface exposing incoming messages to the OpenID Provider that - /// require interaction with the host site. - /// </summary> - [ContractClass(typeof(IHostProcessedRequestContract))] - public interface IHostProcessedRequest : IRequest { - /// <summary> - /// Gets the version of OpenID being used by the relying party that sent the request. - /// </summary> - ProtocolVersion RelyingPartyVersion { get; } - - /// <summary> - /// Gets the URL the consumer site claims to use as its 'base' address. - /// </summary> - Realm Realm { get; } - - /// <summary> - /// Gets a value indicating whether the consumer demands an immediate response. - /// If false, the consumer is willing to wait for the identity provider - /// to authenticate the user. - /// </summary> - bool Immediate { get; } - - /// <summary> - /// Gets or sets the provider endpoint claimed in the positive assertion. - /// </summary> - /// <value> - /// The default value is the URL that the request came in on from the relying party. - /// This value MUST match the value for the OP Endpoint in the discovery results for the - /// claimed identifier being asserted in a positive response. - /// </value> - Uri ProviderEndpoint { get; set; } - - /// <summary> - /// Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns> - /// The details of how successful the relying party discovery was. - /// </returns> - /// <remarks> - /// <para>Return URL verification is only attempted if this method is called.</para> - /// <para>See OpenID Authentication 2.0 spec section 9.2.1.</para> - /// </remarks> - RelyingPartyDiscoveryResult IsReturnUrlDiscoverable(OpenIdProvider provider); - } - - /// <summary> - /// Code contract for the <see cref="IHostProcessedRequest"/> type. - /// </summary> - [ContractClassFor(typeof(IHostProcessedRequest))] - internal abstract class IHostProcessedRequestContract : IHostProcessedRequest { - /// <summary> - /// Initializes a new instance of the <see cref="IHostProcessedRequestContract"/> class. - /// </summary> - protected IHostProcessedRequestContract() { - } - - #region IHostProcessedRequest Properties - - /// <summary> - /// Gets the version of OpenID being used by the relying party that sent the request. - /// </summary> - ProtocolVersion IHostProcessedRequest.RelyingPartyVersion { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Gets the URL the consumer site claims to use as its 'base' address. - /// </summary> - Realm IHostProcessedRequest.Realm { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the consumer demands an immediate response. - /// If false, the consumer is willing to wait for the identity provider - /// to authenticate the user. - /// </summary> - bool IHostProcessedRequest.Immediate { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the provider endpoint. - /// </summary> - /// <value> - /// The default value is the URL that the request came in on from the relying party. - /// </value> - Uri IHostProcessedRequest.ProviderEndpoint { - get { - Contract.Ensures(Contract.Result<Uri>() != null); - throw new NotImplementedException(); - } - - set { - Contract.Requires(value != null); - throw new NotImplementedException(); - } - } - - #endregion - - #region IRequest Members - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value> - /// Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>. - /// </value> - ProviderSecuritySettings IRequest.SecuritySettings { - get { throw new NotImplementedException(); } - set { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IRequest.IsResponseReady { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void IRequest.AddResponseExtension(DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension extension) { - throw new System.NotImplementedException(); - } - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void IRequest.ClearResponseExtensions() { - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - T IRequest.GetExtension<T>() { - throw new System.NotImplementedException(); - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension IRequest.GetExtension(System.Type extensionType) { - throw new System.NotImplementedException(); - } - - #endregion - - #region IHostProcessedRequest Methods - - /// <summary> - /// Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns> - /// The details of how successful the relying party discovery was. - /// </returns> - /// <remarks> - /// <para>Return URL verification is only attempted if this method is called.</para> - /// <para>See OpenID Authentication 2.0 spec section 9.2.1.</para> - /// </remarks> - RelyingPartyDiscoveryResult IHostProcessedRequest.IsReturnUrlDiscoverable(OpenIdProvider provider) { - Contract.Requires<ArgumentNullException>(provider != null); - throw new System.NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IProviderBehavior.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IProviderBehavior.cs deleted file mode 100644 index 01b4ac8..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IProviderBehavior.cs +++ /dev/null @@ -1,114 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IProviderBehavior.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Diagnostics.Contracts; - using DotNetOpenAuth.OpenId.ChannelElements; - - /// <summary> - /// Applies a custom security policy to certain OpenID security settings and behaviors. - /// </summary> - [ContractClass(typeof(IProviderBehaviorContract))] - public interface IProviderBehavior { - /// <summary> - /// Applies a well known set of security requirements to a default set of security settings. - /// </summary> - /// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param> - /// <remarks> - /// Care should be taken to never decrease security when applying a profile. - /// Profiles should only enhance security requirements to avoid being - /// incompatible with each other. - /// </remarks> - void ApplySecuritySettings(ProviderSecuritySettings securitySettings); - - /// <summary> - /// Called when a request is received by the Provider. - /// </summary> - /// <param name="request">The incoming request.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - /// <remarks> - /// Implementations may set a new value to <see cref="IRequest.SecuritySettings"/> but - /// should not change the properties on the instance of <see cref="ProviderSecuritySettings"/> - /// itself as that instance may be shared across many requests. - /// </remarks> - bool OnIncomingRequest(IRequest request); - - /// <summary> - /// Called when the Provider is preparing to send a response to an authentication request. - /// </summary> - /// <param name="request">The request that is configured to generate the outgoing response.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - bool OnOutgoingResponse(IAuthenticationRequest request); - } - - /// <summary> - /// Code contract for the <see cref="IProviderBehavior"/> type. - /// </summary> - [ContractClassFor(typeof(IProviderBehavior))] - internal abstract class IProviderBehaviorContract : IProviderBehavior { - /// <summary> - /// Initializes a new instance of the <see cref="IProviderBehaviorContract"/> class. - /// </summary> - protected IProviderBehaviorContract() { - } - - #region IProviderBehavior Members - - /// <summary> - /// Applies a well known set of security requirements to a default set of security settings. - /// </summary> - /// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param> - /// <remarks> - /// Care should be taken to never decrease security when applying a profile. - /// Profiles should only enhance security requirements to avoid being - /// incompatible with each other. - /// </remarks> - void IProviderBehavior.ApplySecuritySettings(ProviderSecuritySettings securitySettings) { - Contract.Requires<ArgumentNullException>(securitySettings != null); - throw new System.NotImplementedException(); - } - - /// <summary> - /// Called when a request is received by the Provider. - /// </summary> - /// <param name="request">The incoming request.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - /// <remarks> - /// Implementations may set a new value to <see cref="IRequest.SecuritySettings"/> but - /// should not change the properties on the instance of <see cref="ProviderSecuritySettings"/> - /// itself as that instance may be shared across many requests. - /// </remarks> - bool IProviderBehavior.OnIncomingRequest(IRequest request) { - Contract.Requires<ArgumentNullException>(request != null); - throw new System.NotImplementedException(); - } - - /// <summary> - /// Called when the Provider is preparing to send a response to an authentication request. - /// </summary> - /// <param name="request">The request that is configured to generate the outgoing response.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - bool IProviderBehavior.OnOutgoingResponse(IAuthenticationRequest request) { - Contract.Requires<ArgumentNullException>(request != null); - throw new System.NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IRequest.cs deleted file mode 100644 index c231fa3..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IRequest.cs +++ /dev/null @@ -1,151 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IRequest.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Collections.Generic; - using System.Diagnostics.CodeAnalysis; - using System.Diagnostics.Contracts; - using System.Text; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.Messages; - - /// <summary> - /// Represents an incoming OpenId authentication request. - /// </summary> - /// <remarks> - /// Requests may be infrastructural to OpenID and allow auto-responses, or they may - /// be authentication requests where the Provider site has to make decisions based - /// on its own user database and policies. - /// </remarks> - [ContractClass(typeof(IRequestContract))] - public interface IRequest { - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IsResponseReady { get; } - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value>Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>.</value> - ProviderSecuritySettings SecuritySettings { get; set; } - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void AddResponseExtension(IOpenIdMessageExtension extension); - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void ClearResponseExtensions(); - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns>An instance of the extension initialized with values passed in with the request.</returns> - [SuppressMessage("Microsoft.Design", "CA1004:GenericMethodsShouldProvideTypeParameter", Justification = "No parameter to make of type T.")] - T GetExtension<T>() where T : IOpenIdMessageExtension, new(); - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns>An instance of the extension initialized with values passed in with the request.</returns> - IOpenIdMessageExtension GetExtension(Type extensionType); - } - - /// <summary> - /// Code contract for the <see cref="IRequest"/> interface. - /// </summary> - [ContractClassFor(typeof(IRequest))] - internal abstract class IRequestContract : IRequest { - /// <summary> - /// Prevents a default instance of the <see cref="IRequestContract"/> class from being created. - /// </summary> - private IRequestContract() { - } - - #region IRequest Members - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value> - /// Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>. - /// </value> - ProviderSecuritySettings IRequest.SecuritySettings { - get { throw new NotImplementedException(); } - set { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IRequest.IsResponseReady { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void IRequest.AddResponseExtension(IOpenIdMessageExtension extension) { - Contract.Requires<ArgumentNullException>(extension != null); - throw new NotImplementedException(); - } - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void IRequest.ClearResponseExtensions() { - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - T IRequest.GetExtension<T>() { - throw new NotImplementedException(); - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - IOpenIdMessageExtension IRequest.GetExtension(Type extensionType) { - Contract.Requires<ArgumentNullException>(extensionType != null); - throw new NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs index ea19202..6f06024 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs @@ -88,7 +88,7 @@ namespace DotNetOpenAuth.OpenId.Provider { } this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); - this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings); + this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings); this.CryptoKeyStore = cryptoKeyStore; Reporting.RecordFeatureAndDependencyUse(this, nonceStore); @@ -281,12 +281,12 @@ namespace DotNetOpenAuth.OpenId.Provider { if (result == null) { var checkAuthMessage = incomingMessage as CheckAuthenticationRequest; if (checkAuthMessage != null) { - result = new AutoResponsiveRequest(incomingMessage, new CheckAuthenticationResponse(checkAuthMessage, this), this.SecuritySettings); + result = new AutoResponsiveRequest(incomingMessage, new CheckAuthenticationResponseProvider(checkAuthMessage, this), this.SecuritySettings); } } if (result == null) { - var associateMessage = incomingMessage as AssociateRequest; + var associateMessage = incomingMessage as AssociateRequestProvider; if (associateMessage != null) { result = new AutoResponsiveRequest(incomingMessage, associateMessage.CreateResponse(this.AssociationStore, this.SecuritySettings), this.SecuritySettings); } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderSecuritySettings.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderSecuritySettings.cs deleted file mode 100644 index 130e6dd..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderSecuritySettings.cs +++ /dev/null @@ -1,167 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="ProviderSecuritySettings.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Collections.Generic; - using System.Collections.ObjectModel; - using System.Collections.Specialized; - using System.Diagnostics.CodeAnalysis; - using System.Linq; - using DotNetOpenAuth.Messaging; - - /// <summary> - /// Security settings that are applicable to providers. - /// </summary> - [Serializable] - public sealed class ProviderSecuritySettings : SecuritySettings { - /// <summary> - /// The default value for the <see cref="ProtectDownlevelReplayAttacks"/> property. - /// </summary> - internal const bool ProtectDownlevelReplayAttacksDefault = true; - - /// <summary> - /// The default value for the <see cref="EncodeAssociationSecretsInHandles"/> property. - /// </summary> - internal const bool EncodeAssociationSecretsInHandlesDefault = true; - - /// <summary> - /// The default value for the <see cref="SignOutgoingExtensions"/> property. - /// </summary> - internal const bool SignOutgoingExtensionsDefault = true; - - /// <summary> - /// The default value for the <see cref="UnsolicitedAssertionVerification"/> property. - /// </summary> - internal const UnsolicitedAssertionVerificationLevel UnsolicitedAssertionVerificationDefault = UnsolicitedAssertionVerificationLevel.RequireSuccess; - - /// <summary> - /// The subset of association types and their customized lifetimes. - /// </summary> - private IDictionary<string, TimeSpan> associationLifetimes = new Dictionary<string, TimeSpan>(); - - /// <summary> - /// Initializes a new instance of the <see cref="ProviderSecuritySettings"/> class. - /// </summary> - internal ProviderSecuritySettings() - : base(true) { - this.SignOutgoingExtensions = SignOutgoingExtensionsDefault; - this.ProtectDownlevelReplayAttacks = ProtectDownlevelReplayAttacksDefault; - this.UnsolicitedAssertionVerification = UnsolicitedAssertionVerificationDefault; - } - - /// <summary> - /// The behavior a Provider takes when verifying that it is authoritative for an - /// identifier it is about to send an unsolicited assertion for. - /// </summary> - [SuppressMessage("Microsoft.Design", "CA1034:NestedTypesShouldNotBeVisible", Justification = "By design")] - public enum UnsolicitedAssertionVerificationLevel { - /// <summary> - /// Always verify that the Provider is authoritative for an identifier before - /// sending an unsolicited assertion for it and fail if it is not. - /// </summary> - RequireSuccess, - - /// <summary> - /// Always check that the Provider is authoritative for an identifier before - /// sending an unsolicited assertion for it, but only log failures, and proceed - /// to send the unsolicited assertion. - /// </summary> - LogWarningOnFailure, - - /// <summary> - /// Never verify that the Provider is authoritative for an identifier before - /// sending an unsolicited assertion for it. - /// </summary> - /// <remarks> - /// This setting is useful for web servers that refuse to allow a Provider to - /// introspectively perform an HTTP GET on itself, when sending unsolicited assertions - /// for identifiers that the OP controls. - /// </remarks> - NeverVerify, - } - - /// <summary> - /// Gets a subset of the available association types and their - /// customized maximum lifetimes. - /// </summary> - public IDictionary<string, TimeSpan> AssociationLifetimes { - get { return this.associationLifetimes; } - } - - /// <summary> - /// Gets or sets a value indicating whether Relying Party discovery will only - /// succeed if done over a secure HTTPS channel. - /// </summary> - /// <value>Default is <c>false</c>.</value> - public bool RequireSsl { get; set; } - - /// <summary> - /// Gets or sets the level of verification a Provider performs on an identifier before - /// sending an unsolicited assertion for it. - /// </summary> - /// <value>The default value is <see cref="UnsolicitedAssertionVerificationLevel.RequireSuccess"/>.</value> - public UnsolicitedAssertionVerificationLevel UnsolicitedAssertionVerification { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether the Provider should ease the burden of storing associations - /// by encoding them in signed, encrypted form into the association handles themselves, storing only - /// a few rotating, private symmetric keys in the Provider's store instead. - /// </summary> - /// <value>The default value for this property is <c>true</c>.</value> - public bool EncodeAssociationSecretsInHandles { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether OpenID 1.x relying parties that may not be - /// protecting their users from replay attacks are protected from - /// replay attacks by this provider. - /// </summary> - /// <value>The default value is <c>true</c>.</value> - /// <remarks> - /// <para>Nonces for protection against replay attacks were not mandated - /// by OpenID 1.x, which leaves users open to replay attacks.</para> - /// <para>This feature works by preventing associations from being used - /// with OpenID 1.x relying parties, thereby forcing them into - /// "dumb" mode and verifying every claim with this provider. - /// This gives the provider an opportunity to verify its own nonce - /// to protect against replay attacks.</para> - /// </remarks> - internal bool ProtectDownlevelReplayAttacks { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether outgoing extensions are always signed. - /// </summary> - /// <value> - /// <c>true</c> if outgoing extensions should be signed; otherwise, <c>false</c>. - /// The default is <c>true</c>. - /// </value> - /// <remarks> - /// This property is internal because Providers should never turn it off, but it is - /// needed for testing the RP's rejection of unsigned extensions. - /// </remarks> - internal bool SignOutgoingExtensions { get; set; } - - /// <summary> - /// Creates a deep clone of this instance. - /// </summary> - /// <returns>A new instance that is a deep clone of this instance.</returns> - internal ProviderSecuritySettings Clone() { - var securitySettings = new ProviderSecuritySettings(); - foreach (var pair in this.AssociationLifetimes) { - securitySettings.AssociationLifetimes.Add(pair); - } - - securitySettings.MaximumHashBitLength = this.MaximumHashBitLength; - securitySettings.MinimumHashBitLength = this.MinimumHashBitLength; - securitySettings.ProtectDownlevelReplayAttacks = this.ProtectDownlevelReplayAttacks; - securitySettings.RequireSsl = this.RequireSsl; - securitySettings.SignOutgoingExtensions = this.SignOutgoingExtensions; - securitySettings.UnsolicitedAssertionVerification = this.UnsolicitedAssertionVerification; - - return securitySettings; - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/RelyingPartyDiscoveryResult.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/RelyingPartyDiscoveryResult.cs deleted file mode 100644 index 4eca6d6..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/RelyingPartyDiscoveryResult.cs +++ /dev/null @@ -1,36 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="RelyingPartyDiscoveryResult.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - /// <summary> - /// The result codes that may be returned from an attempt at relying party discovery. - /// </summary> - public enum RelyingPartyDiscoveryResult { - /// <summary> - /// Relying Party discovery failed to find an XRDS document or the document was invalid. - /// </summary> - /// <remarks> - /// This can happen either when a relying party does not offer a service document at all, - /// or when a man-in-the-middle attack is in progress that prevents the Provider from being - /// able to discover that document. - /// </remarks> - NoServiceDocument, - - /// <summary> - /// Relying Party discovery yielded a valid XRDS document, but no matching return_to URI was found. - /// </summary> - /// <remarks> - /// This is perhaps the most dangerous rating for a relying party, since it suggests that - /// they are implementing OpenID 2.0 securely, but that a hijack operation may be in progress. - /// </remarks> - NoMatchingReturnTo, - - /// <summary> - /// Relying Party discovery succeeded, and a matching return_to URI was found. - /// </summary> - Success, - } -} |