diff options
Diffstat (limited to 'src/DotNetOpenAuth.OpenId.Provider/OpenId')
17 files changed, 74 insertions, 1079 deletions
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs index 18a992c..7975253 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs @@ -14,6 +14,8 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { using DotNetOpenAuth.OpenId.Messages; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.Messaging.Bindings; + using System.Web; + using DotNetOpenAuth.Messaging.Reflection; internal class ProviderSigningBindingElement : SigningBindingElement { /// <summary> @@ -123,7 +125,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { // If no assoc_handle was given or it was invalid, the only thing // left to do is sign a message using a 'dumb' mode association. Protocol protocol = Protocol.Default; - Association association = HmacShaAssociation.Create(protocol, protocol.Args.SignatureAlgorithm.HMAC_SHA256, AssociationRelyingPartyType.Dumb, this.opAssociations, this.opSecuritySettings); + Association association = HmacShaAssociationProvider.Create(protocol, protocol.Args.SignatureAlgorithm.HMAC_SHA256, AssociationRelyingPartyType.Dumb, this.opAssociations, this.opSecuritySettings); return association; } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/HmacShaAsssociationProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/HmacShaAssociationProvider.cs index b2c9ef3..48b3840 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/HmacShaAsssociationProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/HmacShaAssociationProvider.cs @@ -13,7 +13,7 @@ namespace DotNetOpenAuth.OpenId { using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OpenId.Provider; - internal class HmacShaAsssociationProvider : HmacShaAssociation { + internal static class HmacShaAssociationProvider { /// <summary> /// The default lifetime of a shared association when no lifetime is given /// for a specific association type. @@ -42,7 +42,7 @@ namespace DotNetOpenAuth.OpenId { Contract.Requires<ArgumentNullException>(securitySettings != null); Contract.Ensures(Contract.Result<HmacShaAssociation>() != null); - int secretLength = GetSecretLength(protocol, associationType); + int secretLength = HmacShaAssociation.GetSecretLength(protocol, associationType); // Generate the secret that will be used for signing byte[] secret = MessagingUtilities.GetCryptoRandomData(secretLength); @@ -53,7 +53,7 @@ namespace DotNetOpenAuth.OpenId { lifetime = DefaultMaximumLifetime; } } else { - lifetime = DumbSecretLifetime; + lifetime = HmacShaAssociation.DumbSecretLifetime; } string handle = associationStore.Serialize(secret, DateTime.UtcNow + lifetime, associationUse == AssociationRelyingPartyType.Dumb); @@ -61,7 +61,7 @@ namespace DotNetOpenAuth.OpenId { Contract.Assert(protocol != null); // All the way up to the method call, the condition holds, yet we get a Requires failure next Contract.Assert(secret != null); Contract.Assert(!String.IsNullOrEmpty(associationType)); - var result = Create(protocol, associationType, handle, secret, lifetime); + var result = HmacShaAssociation.Create(protocol, associationType, handle, secret, lifetime); return result; } } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs index 80743f7..cdb5166 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs @@ -30,18 +30,6 @@ namespace DotNetOpenAuth.OpenId.Messages { } /// <summary> - /// Creates the association at relying party side after the association response has been received. - /// </summary> - /// <param name="request">The original association request that was already sent and responded to.</param> - /// <returns>The newly created association.</returns> - /// <remarks> - /// The resulting association is <i>not</i> added to the association store and must be done by the caller. - /// </remarks> - protected override Association CreateAssociationAtRelyingParty(AssociateRequest request) { - throw new NotImplementedException(); - } - - /// <summary> /// Creates the association at the provider side after the association request has been received. /// </summary> /// <param name="request">The association request.</param> @@ -54,14 +42,14 @@ namespace DotNetOpenAuth.OpenId.Messages { /// The response message is updated to include the details of the created association by this method, /// but the resulting association is <i>not</i> added to the association store and must be done by the caller. /// </remarks> - protected override Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { + protected Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { var diffieHellmanRequest = request as AssociateDiffieHellmanRequest; ErrorUtilities.VerifyInternal(diffieHellmanRequest != null, "Expected a DH request type."); this.SessionType = this.SessionType ?? request.SessionType; // Go ahead and create the association first, complete with its secret that we're about to share. - Association association = HmacShaAssociation.Create(this.Protocol, this.AssociationType, AssociationRelyingPartyType.Smart, associationStore, securitySettings); + Association association = HmacShaAssociationProvider.Create(this.Protocol, this.AssociationType, AssociationRelyingPartyType.Smart, associationStore, securitySettings); // We now need to securely communicate the secret to the relying party using Diffie-Hellman. // We do this by performing a DH algorithm on the secret and setting a couple of properties diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateRequestProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateRequestProvider.cs index a4449f8..e2ca117 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateRequestProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateRequestProvider.cs @@ -9,6 +9,15 @@ internal abstract class AssociateRequestProvider : AssociateRequest { /// <summary> + /// Initializes a new instance of the <see cref="AssociateRequestProvider"/> class. + /// </summary> + /// <param name="version">The OpenID version this message must comply with.</param> + /// <param name="providerEndpoint">The OpenID Provider endpoint.</param> + internal AssociateRequestProvider(Version version, Uri providerEndpoint) + : base(version, providerEndpoint) { + } + + /// <summary> /// Creates a Provider's response to an incoming association request. /// </summary> /// <param name="associationStore">The association store.</param> @@ -32,9 +41,9 @@ response = this.CreateResponseCore(); // Create and store the association if this is a successful response. - var successResponse = response as AssociateSuccessfulResponse; + var successResponse = response as AssociateSuccessfulResponseProvider; if (successResponse != null) { - successResponse.CreateAssociation(this, associationStore, securitySettings); + successResponse.CreateAssociationAtProvider(this, associationStore, securitySettings); } } else { response = this.CreateUnsuccessfulResponse(securitySettings); @@ -92,6 +101,5 @@ return unsuccessfulResponse; } - } } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProvider.cs index 3a71bba..36ce544 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProvider.cs @@ -1,12 +1,23 @@ namespace DotNetOpenAuth.OpenId.Messages { using System; using System.Collections.Generic; + using System.Diagnostics.Contracts; using System.Linq; using System.Text; using DotNetOpenAuth.OpenId.Provider; + [ContractClass(typeof(AssociateSuccessfulResponseProviderContract))] internal abstract class AssociateSuccessfulResponseProvider : AssociateSuccessfulResponse { /// <summary> + /// Initializes a new instance of the <see cref="AssociateSuccessfulResponseProvider"/> class. + /// </summary> + /// <param name="version">The version.</param> + /// <param name="request">The request.</param> + internal AssociateSuccessfulResponseProvider(Version version, AssociateRequest request) : + base(version, request) { + } + + /// <summary> /// Called to create the Association based on a request previously given by the Relying Party. /// </summary> /// <param name="request">The prior request for an association.</param> @@ -22,6 +33,6 @@ /// <para>The response message is updated to include the details of the created association by this method, /// but the resulting association is <i>not</i> added to the association store and must be done by the caller.</para> /// </remarks> - protected abstract Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings); + protected internal abstract Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings); } } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProviderContract.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProviderContract.cs index 9824316..9403980 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProviderContract.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProviderContract.cs @@ -8,7 +8,16 @@ [ContractClassFor(typeof(AssociateSuccessfulResponseProvider))] internal abstract class AssociateSuccessfulResponseProviderContract : AssociateSuccessfulResponseProvider { - protected override Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { + /// <summary> + /// Prevents a default instance of the <see cref="AssociateSuccessfulResponseProviderContract"/> class from being created. + /// </summary> + /// <param name="version">The version.</param> + /// <param name="request">The request.</param> + private AssociateSuccessfulResponseProviderContract(Version version, AssociateRequest request) + : base(version, request) { + } + + protected internal override Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { Contract.Requires<ArgumentNullException>(request != null); Contract.Requires<ArgumentNullException>(associationStore != null); Contract.Requires<ArgumentNullException>(securitySettings != null); diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateUnencryptedResponseProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateUnencryptedResponseProvider.cs index c390a5e..ad7c3ae 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateUnencryptedResponseProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateUnencryptedResponseProvider.cs @@ -13,6 +13,15 @@ namespace DotNetOpenAuth.OpenId.Messages { internal class AssociateUnencryptedResponseProvider : AssociateUnencryptedResponse { /// <summary> + /// Initializes a new instance of the <see cref="AssociateUnencryptedResponseProvider"/> class. + /// </summary> + /// <param name="version">The version.</param> + /// <param name="request">The request.</param> + internal AssociateUnencryptedResponseProvider(Version version, AssociateUnencryptedRequest request) + : base(version, request) { + } + + /// <summary> /// Called to create the Association based on a request previously given by the Relying Party. /// </summary> /// <param name="request">The prior request for an association.</param> @@ -30,11 +39,10 @@ namespace DotNetOpenAuth.OpenId.Messages { /// <para>The response message is updated to include the details of the created association by this method, /// but the resulting association is <i>not</i> added to the association store and must be done by the caller.</para> /// </remarks> - protected override Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { - Association association = HmacShaAssociation.Create(Protocol, this.AssociationType, AssociationRelyingPartyType.Smart, associationStore, securitySettings); + protected Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { + Association association = HmacShaAssociationProvider.Create(Protocol, this.AssociationType, AssociationRelyingPartyType.Smart, associationStore, securitySettings); this.MacKey = association.SecretKey; return association; } - } } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/CheckAuthenticationResponseProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/CheckAuthenticationResponseProvider.cs index 3853693..8f00394 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/CheckAuthenticationResponseProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/CheckAuthenticationResponseProvider.cs @@ -2,6 +2,9 @@ using System.Collections.Generic; using System.Linq; using System.Text; +using DotNetOpenAuth.OpenId.Provider; +using System.Diagnostics.Contracts; +using DotNetOpenAuth.OpenId.ChannelElements; namespace DotNetOpenAuth.OpenId.Messages { class CheckAuthenticationResponseProvider : CheckAuthenticationResponse { diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/OpenIdProviderUtilities.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/OpenIdProviderUtilities.cs index 680759b..247f734 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/OpenIdProviderUtilities.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/OpenIdProviderUtilities.cs @@ -29,20 +29,19 @@ namespace DotNetOpenAuth.OpenId { /// This method is called by both the Provider and the Relying Party, but actually performs /// quite different operations in either scenario. /// </remarks> - internal static Association CreateAssociation(AssociateRequest request, AssociateSuccessfulResponse response, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { + internal static Association CreateAssociation(AssociateRequest request, AssociateSuccessfulResponseProvider response, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { Contract.Requires<ArgumentNullException>(request != null); Contract.Requires<ArgumentNullException>(response != null, "response"); Contract.Requires<ArgumentNullException>(securitySettings != null, "securitySettings"); // We need to initialize some common properties based on the created association. - var association = CreateAssociationAtProvider(request, associationStore, securitySettings); + var association = response.CreateAssociationAtProvider(request, associationStore, securitySettings); response.ExpiresIn = association.SecondsTillExpiration; response.AssociationHandle = association.Handle; return association; } - /// <summary> /// Determines whether the association with the specified handle is (still) valid. /// </summary> diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs index ec0c58a..2fdcebb 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs @@ -105,17 +105,19 @@ namespace DotNetOpenAuth.OpenId.Provider { /// Gets a value indicating whether verification of the return URL claimed by the Relying Party /// succeeded. /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns>Result of realm discovery.</returns> + /// <param name="requestHandler">The request handler.</param> + /// <returns> + /// Result of realm discovery. + /// </returns> /// <remarks> /// Return URL verification is only attempted if this property is queried. /// The result of the verification is cached per request so calling this /// property getter multiple times in one request is not a performance hit. /// See OpenID Authentication 2.0 spec section 9.2.1. /// </remarks> - public RelyingPartyDiscoveryResult IsReturnUrlDiscoverable(OpenIdProvider provider) { + public RelyingPartyDiscoveryResult IsReturnUrlDiscoverable(IDirectWebRequestHandler requestHandler) { if (!this.realmDiscoveryResult.HasValue) { - this.realmDiscoveryResult = this.IsReturnUrlDiscoverableCore(provider); + this.realmDiscoveryResult = this.IsReturnUrlDiscoverableCore(requestHandler); } return this.realmDiscoveryResult.Value; @@ -125,10 +127,12 @@ namespace DotNetOpenAuth.OpenId.Provider { /// Gets a value indicating whether verification of the return URL claimed by the Relying Party /// succeeded. /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns>Result of realm discovery.</returns> - private RelyingPartyDiscoveryResult IsReturnUrlDiscoverableCore(OpenIdProvider provider) { - Contract.Requires<ArgumentNullException>(provider != null); + /// <param name="requestHandler">The request handler.</param> + /// <returns> + /// Result of realm discovery. + /// </returns> + private RelyingPartyDiscoveryResult IsReturnUrlDiscoverableCore(IDirectWebRequestHandler requestHandler) { + Contract.Requires<ArgumentNullException>(requestHandler != null); ErrorUtilities.VerifyInternal(this.Realm != null, "Realm should have been read or derived by now."); @@ -138,7 +142,7 @@ namespace DotNetOpenAuth.OpenId.Provider { return RelyingPartyDiscoveryResult.NoServiceDocument; } - var returnToEndpoints = this.Realm.DiscoverReturnToEndpoints(provider.Channel.WebRequestHandler, false); + var returnToEndpoints = this.Realm.DiscoverReturnToEndpoints(requestHandler, false); if (returnToEndpoints == null) { return RelyingPartyDiscoveryResult.NoServiceDocument; } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IAuthenticationRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IAuthenticationRequest.cs deleted file mode 100644 index f59d436..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IAuthenticationRequest.cs +++ /dev/null @@ -1,367 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IAuthenticationRequest.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Collections.Generic; - using System.Diagnostics.Contracts; - using System.Text; - using DotNetOpenAuth.Messaging; - - /// <summary> - /// Instances of this interface represent incoming authentication requests. - /// This interface provides the details of the request and allows setting - /// the response. - /// </summary> - [ContractClass(typeof(IAuthenticationRequestContract))] - public interface IAuthenticationRequest : IHostProcessedRequest { - /// <summary> - /// Gets a value indicating whether the Provider should help the user - /// select a Claimed Identifier to send back to the relying party. - /// </summary> - bool IsDirectedIdentity { get; } - - /// <summary> - /// Gets a value indicating whether the requesting Relying Party is using a delegated URL. - /// </summary> - /// <remarks> - /// When delegated identifiers are used, the <see cref="ClaimedIdentifier"/> should not - /// be changed at the Provider during authentication. - /// Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - /// A relying party implementing only OpenID 1.x may use delegation and this property will - /// return false anyway. - /// </remarks> - bool IsDelegatedIdentifier { get; } - - /// <summary> - /// Gets or sets the Local Identifier to this OpenID Provider of the user attempting - /// to authenticate. Check <see cref="IsDirectedIdentity"/> to see if - /// this value is valid. - /// </summary> - /// <remarks> - /// This may or may not be the same as the Claimed Identifier that the user agent - /// originally supplied to the relying party. The Claimed Identifier - /// endpoint may be delegating authentication to this provider using - /// this provider's local id, which is what this property contains. - /// Use this identifier when looking up this user in the provider's user account - /// list. - /// </remarks> - Identifier LocalIdentifier { get; set; } - - /// <summary> - /// Gets or sets the identifier that the user agent is claiming at the relying party site. - /// Check <see cref="IsDirectedIdentity"/> to see if this value is valid. - /// </summary> - /// <remarks> - /// <para>This property can only be set if <see cref="IsDelegatedIdentifier"/> is - /// false, to prevent breaking URL delegation.</para> - /// <para>This will not be the same as this provider's local identifier for the user - /// if the user has set up his/her own identity page that points to this - /// provider for authentication.</para> - /// <para>The provider may use this identifier for displaying to the user when - /// asking for the user's permission to authenticate to the relying party.</para> - /// </remarks> - /// <exception cref="InvalidOperationException">Thrown from the setter - /// if <see cref="IsDelegatedIdentifier"/> is true.</exception> - Identifier ClaimedIdentifier { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether the provider has determined that the - /// <see cref="ClaimedIdentifier"/> belongs to the currently logged in user - /// and wishes to share this information with the consumer. - /// </summary> - bool? IsAuthenticated { get; set; } - - /// <summary> - /// Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - /// Useful for identifier recycling. - /// </summary> - /// <param name="fragment"> - /// Should not include the # prefix character as that will be added internally. - /// May be null or the empty string to clear a previously set fragment. - /// </param> - /// <remarks> - /// <para>Unlike the <see cref="ClaimedIdentifier"/> property, which can only be set if - /// using directed identity, this method can be called on any URI claimed identifier.</para> - /// <para>Because XRI claimed identifiers (the canonical IDs) are never recycled, - /// this method should<i>not</i> be called for XRIs.</para> - /// </remarks> - /// <exception cref="InvalidOperationException"> - /// Thrown when this method is called on an XRI, or on a directed identity - /// request before the <see cref="ClaimedIdentifier"/> property is set. - /// </exception> - void SetClaimedIdentifierFragment(string fragment); - } - - /// <summary> - /// Code contract class for the <see cref="IAuthenticationRequest"/> type. - /// </summary> - [ContractClassFor(typeof(IAuthenticationRequest))] - internal abstract class IAuthenticationRequestContract : IAuthenticationRequest { - /// <summary> - /// Initializes a new instance of the <see cref="IAuthenticationRequestContract"/> class. - /// </summary> - protected IAuthenticationRequestContract() { - } - - #region IAuthenticationRequest Properties - - /// <summary> - /// Gets a value indicating whether the Provider should help the user - /// select a Claimed Identifier to send back to the relying party. - /// </summary> - bool IAuthenticationRequest.IsDirectedIdentity { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the requesting Relying Party is using a delegated URL. - /// </summary> - /// <remarks> - /// When delegated identifiers are used, the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> should not - /// be changed at the Provider during authentication. - /// Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - /// A relying party implementing only OpenID 1.x may use delegation and this property will - /// return false anyway. - /// </remarks> - bool IAuthenticationRequest.IsDelegatedIdentifier { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the Local Identifier to this OpenID Provider of the user attempting - /// to authenticate. Check <see cref="IAuthenticationRequest.IsDirectedIdentity"/> to see if - /// this value is valid. - /// </summary> - /// <remarks> - /// This may or may not be the same as the Claimed Identifier that the user agent - /// originally supplied to the relying party. The Claimed Identifier - /// endpoint may be delegating authentication to this provider using - /// this provider's local id, which is what this property contains. - /// Use this identifier when looking up this user in the provider's user account - /// list. - /// </remarks> - Identifier IAuthenticationRequest.LocalIdentifier { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - /// <summary> - /// Gets or sets the identifier that the user agent is claiming at the relying party site. - /// Check <see cref="IAuthenticationRequest.IsDirectedIdentity"/> to see if this value is valid. - /// </summary> - /// <remarks> - /// <para>This property can only be set if <see cref="IAuthenticationRequest.IsDelegatedIdentifier"/> is - /// false, to prevent breaking URL delegation.</para> - /// <para>This will not be the same as this provider's local identifier for the user - /// if the user has set up his/her own identity page that points to this - /// provider for authentication.</para> - /// <para>The provider may use this identifier for displaying to the user when - /// asking for the user's permission to authenticate to the relying party.</para> - /// </remarks> - /// <exception cref="InvalidOperationException">Thrown from the setter - /// if <see cref="IAuthenticationRequest.IsDelegatedIdentifier"/> is true.</exception> - Identifier IAuthenticationRequest.ClaimedIdentifier { - get { - throw new NotImplementedException(); - } - - set { - IAuthenticationRequest req = this; - Contract.Requires<InvalidOperationException>(!req.IsDelegatedIdentifier, OpenIdStrings.ClaimedIdentifierCannotBeSetOnDelegatedAuthentication); - Contract.Requires<InvalidOperationException>(!req.IsDirectedIdentity || !(req.LocalIdentifier != null && req.LocalIdentifier != value), OpenIdStrings.IdentifierSelectRequiresMatchingIdentifiers); - } - } - - /// <summary> - /// Gets or sets a value indicating whether the provider has determined that the - /// <see cref="IAuthenticationRequest.ClaimedIdentifier"/> belongs to the currently logged in user - /// and wishes to share this information with the consumer. - /// </summary> - bool? IAuthenticationRequest.IsAuthenticated { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - #endregion - - #region IHostProcessedRequest Properties - - /// <summary> - /// Gets the version of OpenID being used by the relying party that sent the request. - /// </summary> - ProtocolVersion IHostProcessedRequest.RelyingPartyVersion { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets the URL the consumer site claims to use as its 'base' address. - /// </summary> - Realm IHostProcessedRequest.Realm { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the consumer demands an immediate response. - /// If false, the consumer is willing to wait for the identity provider - /// to authenticate the user. - /// </summary> - bool IHostProcessedRequest.Immediate { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the provider endpoint claimed in the positive assertion. - /// </summary> - /// <value> - /// The default value is the URL that the request came in on from the relying party. - /// This value MUST match the value for the OP Endpoint in the discovery results for the - /// claimed identifier being asserted in a positive response. - /// </value> - Uri IHostProcessedRequest.ProviderEndpoint { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - #endregion - - #region IRequest Properties - - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IRequest.IsResponseReady { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value> - /// Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>. - /// </value> - ProviderSecuritySettings IRequest.SecuritySettings { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - #endregion - - #region IAuthenticationRequest Methods - - /// <summary> - /// Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - /// Useful for identifier recycling. - /// </summary> - /// <param name="fragment">Should not include the # prefix character as that will be added internally. - /// May be null or the empty string to clear a previously set fragment.</param> - /// <remarks> - /// <para>Unlike the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> property, which can only be set if - /// using directed identity, this method can be called on any URI claimed identifier.</para> - /// <para>Because XRI claimed identifiers (the canonical IDs) are never recycled, - /// this method should<i>not</i> be called for XRIs.</para> - /// </remarks> - /// <exception cref="InvalidOperationException"> - /// Thrown when this method is called on an XRI, or on a directed identity - /// request before the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> property is set. - /// </exception> - void IAuthenticationRequest.SetClaimedIdentifierFragment(string fragment) { - Contract.Requires<InvalidOperationException>(!(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null), OpenIdStrings.ClaimedIdentifierMustBeSetFirst); - Contract.Requires<InvalidOperationException>(!(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier), OpenIdStrings.FragmentNotAllowedOnXRIs); - - throw new NotImplementedException(); - } - - #endregion - - #region IHostProcessedRequest Methods - - /// <summary> - /// Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns> - /// The details of how successful the relying party discovery was. - /// </returns> - /// <remarks> - /// <para>Return URL verification is only attempted if this method is called.</para> - /// <para>See OpenID Authentication 2.0 spec section 9.2.1.</para> - /// </remarks> - RelyingPartyDiscoveryResult IHostProcessedRequest.IsReturnUrlDiscoverable(OpenIdProvider provider) { - throw new NotImplementedException(); - } - - #endregion - - #region IRequest Methods - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void IRequest.AddResponseExtension(DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension extension) { - throw new NotImplementedException(); - } - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void IRequest.ClearResponseExtensions() { - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - T IRequest.GetExtension<T>() { - throw new NotImplementedException(); - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension IRequest.GetExtension(Type extensionType) { - throw new NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IHostProcessedRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IHostProcessedRequest.cs deleted file mode 100644 index 1c38d4b..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IHostProcessedRequest.cs +++ /dev/null @@ -1,202 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IHostProcessedRequest.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Diagnostics.Contracts; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.Messages; - - /// <summary> - /// Interface exposing incoming messages to the OpenID Provider that - /// require interaction with the host site. - /// </summary> - [ContractClass(typeof(IHostProcessedRequestContract))] - public interface IHostProcessedRequest : IRequest { - /// <summary> - /// Gets the version of OpenID being used by the relying party that sent the request. - /// </summary> - ProtocolVersion RelyingPartyVersion { get; } - - /// <summary> - /// Gets the URL the consumer site claims to use as its 'base' address. - /// </summary> - Realm Realm { get; } - - /// <summary> - /// Gets a value indicating whether the consumer demands an immediate response. - /// If false, the consumer is willing to wait for the identity provider - /// to authenticate the user. - /// </summary> - bool Immediate { get; } - - /// <summary> - /// Gets or sets the provider endpoint claimed in the positive assertion. - /// </summary> - /// <value> - /// The default value is the URL that the request came in on from the relying party. - /// This value MUST match the value for the OP Endpoint in the discovery results for the - /// claimed identifier being asserted in a positive response. - /// </value> - Uri ProviderEndpoint { get; set; } - - /// <summary> - /// Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns> - /// The details of how successful the relying party discovery was. - /// </returns> - /// <remarks> - /// <para>Return URL verification is only attempted if this method is called.</para> - /// <para>See OpenID Authentication 2.0 spec section 9.2.1.</para> - /// </remarks> - RelyingPartyDiscoveryResult IsReturnUrlDiscoverable(OpenIdProvider provider); - } - - /// <summary> - /// Code contract for the <see cref="IHostProcessedRequest"/> type. - /// </summary> - [ContractClassFor(typeof(IHostProcessedRequest))] - internal abstract class IHostProcessedRequestContract : IHostProcessedRequest { - /// <summary> - /// Initializes a new instance of the <see cref="IHostProcessedRequestContract"/> class. - /// </summary> - protected IHostProcessedRequestContract() { - } - - #region IHostProcessedRequest Properties - - /// <summary> - /// Gets the version of OpenID being used by the relying party that sent the request. - /// </summary> - ProtocolVersion IHostProcessedRequest.RelyingPartyVersion { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Gets the URL the consumer site claims to use as its 'base' address. - /// </summary> - Realm IHostProcessedRequest.Realm { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the consumer demands an immediate response. - /// If false, the consumer is willing to wait for the identity provider - /// to authenticate the user. - /// </summary> - bool IHostProcessedRequest.Immediate { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the provider endpoint. - /// </summary> - /// <value> - /// The default value is the URL that the request came in on from the relying party. - /// </value> - Uri IHostProcessedRequest.ProviderEndpoint { - get { - Contract.Ensures(Contract.Result<Uri>() != null); - throw new NotImplementedException(); - } - - set { - Contract.Requires(value != null); - throw new NotImplementedException(); - } - } - - #endregion - - #region IRequest Members - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value> - /// Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>. - /// </value> - ProviderSecuritySettings IRequest.SecuritySettings { - get { throw new NotImplementedException(); } - set { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IRequest.IsResponseReady { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void IRequest.AddResponseExtension(DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension extension) { - throw new System.NotImplementedException(); - } - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void IRequest.ClearResponseExtensions() { - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - T IRequest.GetExtension<T>() { - throw new System.NotImplementedException(); - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension IRequest.GetExtension(System.Type extensionType) { - throw new System.NotImplementedException(); - } - - #endregion - - #region IHostProcessedRequest Methods - - /// <summary> - /// Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns> - /// The details of how successful the relying party discovery was. - /// </returns> - /// <remarks> - /// <para>Return URL verification is only attempted if this method is called.</para> - /// <para>See OpenID Authentication 2.0 spec section 9.2.1.</para> - /// </remarks> - RelyingPartyDiscoveryResult IHostProcessedRequest.IsReturnUrlDiscoverable(OpenIdProvider provider) { - Contract.Requires<ArgumentNullException>(provider != null); - throw new System.NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IProviderBehavior.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IProviderBehavior.cs deleted file mode 100644 index 01b4ac8..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IProviderBehavior.cs +++ /dev/null @@ -1,114 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IProviderBehavior.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Diagnostics.Contracts; - using DotNetOpenAuth.OpenId.ChannelElements; - - /// <summary> - /// Applies a custom security policy to certain OpenID security settings and behaviors. - /// </summary> - [ContractClass(typeof(IProviderBehaviorContract))] - public interface IProviderBehavior { - /// <summary> - /// Applies a well known set of security requirements to a default set of security settings. - /// </summary> - /// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param> - /// <remarks> - /// Care should be taken to never decrease security when applying a profile. - /// Profiles should only enhance security requirements to avoid being - /// incompatible with each other. - /// </remarks> - void ApplySecuritySettings(ProviderSecuritySettings securitySettings); - - /// <summary> - /// Called when a request is received by the Provider. - /// </summary> - /// <param name="request">The incoming request.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - /// <remarks> - /// Implementations may set a new value to <see cref="IRequest.SecuritySettings"/> but - /// should not change the properties on the instance of <see cref="ProviderSecuritySettings"/> - /// itself as that instance may be shared across many requests. - /// </remarks> - bool OnIncomingRequest(IRequest request); - - /// <summary> - /// Called when the Provider is preparing to send a response to an authentication request. - /// </summary> - /// <param name="request">The request that is configured to generate the outgoing response.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - bool OnOutgoingResponse(IAuthenticationRequest request); - } - - /// <summary> - /// Code contract for the <see cref="IProviderBehavior"/> type. - /// </summary> - [ContractClassFor(typeof(IProviderBehavior))] - internal abstract class IProviderBehaviorContract : IProviderBehavior { - /// <summary> - /// Initializes a new instance of the <see cref="IProviderBehaviorContract"/> class. - /// </summary> - protected IProviderBehaviorContract() { - } - - #region IProviderBehavior Members - - /// <summary> - /// Applies a well known set of security requirements to a default set of security settings. - /// </summary> - /// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param> - /// <remarks> - /// Care should be taken to never decrease security when applying a profile. - /// Profiles should only enhance security requirements to avoid being - /// incompatible with each other. - /// </remarks> - void IProviderBehavior.ApplySecuritySettings(ProviderSecuritySettings securitySettings) { - Contract.Requires<ArgumentNullException>(securitySettings != null); - throw new System.NotImplementedException(); - } - - /// <summary> - /// Called when a request is received by the Provider. - /// </summary> - /// <param name="request">The incoming request.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - /// <remarks> - /// Implementations may set a new value to <see cref="IRequest.SecuritySettings"/> but - /// should not change the properties on the instance of <see cref="ProviderSecuritySettings"/> - /// itself as that instance may be shared across many requests. - /// </remarks> - bool IProviderBehavior.OnIncomingRequest(IRequest request) { - Contract.Requires<ArgumentNullException>(request != null); - throw new System.NotImplementedException(); - } - - /// <summary> - /// Called when the Provider is preparing to send a response to an authentication request. - /// </summary> - /// <param name="request">The request that is configured to generate the outgoing response.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - bool IProviderBehavior.OnOutgoingResponse(IAuthenticationRequest request) { - Contract.Requires<ArgumentNullException>(request != null); - throw new System.NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IRequest.cs deleted file mode 100644 index c231fa3..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IRequest.cs +++ /dev/null @@ -1,151 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IRequest.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Collections.Generic; - using System.Diagnostics.CodeAnalysis; - using System.Diagnostics.Contracts; - using System.Text; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.Messages; - - /// <summary> - /// Represents an incoming OpenId authentication request. - /// </summary> - /// <remarks> - /// Requests may be infrastructural to OpenID and allow auto-responses, or they may - /// be authentication requests where the Provider site has to make decisions based - /// on its own user database and policies. - /// </remarks> - [ContractClass(typeof(IRequestContract))] - public interface IRequest { - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IsResponseReady { get; } - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value>Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>.</value> - ProviderSecuritySettings SecuritySettings { get; set; } - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void AddResponseExtension(IOpenIdMessageExtension extension); - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void ClearResponseExtensions(); - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns>An instance of the extension initialized with values passed in with the request.</returns> - [SuppressMessage("Microsoft.Design", "CA1004:GenericMethodsShouldProvideTypeParameter", Justification = "No parameter to make of type T.")] - T GetExtension<T>() where T : IOpenIdMessageExtension, new(); - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns>An instance of the extension initialized with values passed in with the request.</returns> - IOpenIdMessageExtension GetExtension(Type extensionType); - } - - /// <summary> - /// Code contract for the <see cref="IRequest"/> interface. - /// </summary> - [ContractClassFor(typeof(IRequest))] - internal abstract class IRequestContract : IRequest { - /// <summary> - /// Prevents a default instance of the <see cref="IRequestContract"/> class from being created. - /// </summary> - private IRequestContract() { - } - - #region IRequest Members - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value> - /// Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>. - /// </value> - ProviderSecuritySettings IRequest.SecuritySettings { - get { throw new NotImplementedException(); } - set { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IRequest.IsResponseReady { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void IRequest.AddResponseExtension(IOpenIdMessageExtension extension) { - Contract.Requires<ArgumentNullException>(extension != null); - throw new NotImplementedException(); - } - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void IRequest.ClearResponseExtensions() { - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - T IRequest.GetExtension<T>() { - throw new NotImplementedException(); - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - IOpenIdMessageExtension IRequest.GetExtension(Type extensionType) { - Contract.Requires<ArgumentNullException>(extensionType != null); - throw new NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs index ea19202..6f06024 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs @@ -88,7 +88,7 @@ namespace DotNetOpenAuth.OpenId.Provider { } this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); - this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings); + this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings); this.CryptoKeyStore = cryptoKeyStore; Reporting.RecordFeatureAndDependencyUse(this, nonceStore); @@ -281,12 +281,12 @@ namespace DotNetOpenAuth.OpenId.Provider { if (result == null) { var checkAuthMessage = incomingMessage as CheckAuthenticationRequest; if (checkAuthMessage != null) { - result = new AutoResponsiveRequest(incomingMessage, new CheckAuthenticationResponse(checkAuthMessage, this), this.SecuritySettings); + result = new AutoResponsiveRequest(incomingMessage, new CheckAuthenticationResponseProvider(checkAuthMessage, this), this.SecuritySettings); } } if (result == null) { - var associateMessage = incomingMessage as AssociateRequest; + var associateMessage = incomingMessage as AssociateRequestProvider; if (associateMessage != null) { result = new AutoResponsiveRequest(incomingMessage, associateMessage.CreateResponse(this.AssociationStore, this.SecuritySettings), this.SecuritySettings); } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderSecuritySettings.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderSecuritySettings.cs deleted file mode 100644 index 130e6dd..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderSecuritySettings.cs +++ /dev/null @@ -1,167 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="ProviderSecuritySettings.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Collections.Generic; - using System.Collections.ObjectModel; - using System.Collections.Specialized; - using System.Diagnostics.CodeAnalysis; - using System.Linq; - using DotNetOpenAuth.Messaging; - - /// <summary> - /// Security settings that are applicable to providers. - /// </summary> - [Serializable] - public sealed class ProviderSecuritySettings : SecuritySettings { - /// <summary> - /// The default value for the <see cref="ProtectDownlevelReplayAttacks"/> property. - /// </summary> - internal const bool ProtectDownlevelReplayAttacksDefault = true; - - /// <summary> - /// The default value for the <see cref="EncodeAssociationSecretsInHandles"/> property. - /// </summary> - internal const bool EncodeAssociationSecretsInHandlesDefault = true; - - /// <summary> - /// The default value for the <see cref="SignOutgoingExtensions"/> property. - /// </summary> - internal const bool SignOutgoingExtensionsDefault = true; - - /// <summary> - /// The default value for the <see cref="UnsolicitedAssertionVerification"/> property. - /// </summary> - internal const UnsolicitedAssertionVerificationLevel UnsolicitedAssertionVerificationDefault = UnsolicitedAssertionVerificationLevel.RequireSuccess; - - /// <summary> - /// The subset of association types and their customized lifetimes. - /// </summary> - private IDictionary<string, TimeSpan> associationLifetimes = new Dictionary<string, TimeSpan>(); - - /// <summary> - /// Initializes a new instance of the <see cref="ProviderSecuritySettings"/> class. - /// </summary> - internal ProviderSecuritySettings() - : base(true) { - this.SignOutgoingExtensions = SignOutgoingExtensionsDefault; - this.ProtectDownlevelReplayAttacks = ProtectDownlevelReplayAttacksDefault; - this.UnsolicitedAssertionVerification = UnsolicitedAssertionVerificationDefault; - } - - /// <summary> - /// The behavior a Provider takes when verifying that it is authoritative for an - /// identifier it is about to send an unsolicited assertion for. - /// </summary> - [SuppressMessage("Microsoft.Design", "CA1034:NestedTypesShouldNotBeVisible", Justification = "By design")] - public enum UnsolicitedAssertionVerificationLevel { - /// <summary> - /// Always verify that the Provider is authoritative for an identifier before - /// sending an unsolicited assertion for it and fail if it is not. - /// </summary> - RequireSuccess, - - /// <summary> - /// Always check that the Provider is authoritative for an identifier before - /// sending an unsolicited assertion for it, but only log failures, and proceed - /// to send the unsolicited assertion. - /// </summary> - LogWarningOnFailure, - - /// <summary> - /// Never verify that the Provider is authoritative for an identifier before - /// sending an unsolicited assertion for it. - /// </summary> - /// <remarks> - /// This setting is useful for web servers that refuse to allow a Provider to - /// introspectively perform an HTTP GET on itself, when sending unsolicited assertions - /// for identifiers that the OP controls. - /// </remarks> - NeverVerify, - } - - /// <summary> - /// Gets a subset of the available association types and their - /// customized maximum lifetimes. - /// </summary> - public IDictionary<string, TimeSpan> AssociationLifetimes { - get { return this.associationLifetimes; } - } - - /// <summary> - /// Gets or sets a value indicating whether Relying Party discovery will only - /// succeed if done over a secure HTTPS channel. - /// </summary> - /// <value>Default is <c>false</c>.</value> - public bool RequireSsl { get; set; } - - /// <summary> - /// Gets or sets the level of verification a Provider performs on an identifier before - /// sending an unsolicited assertion for it. - /// </summary> - /// <value>The default value is <see cref="UnsolicitedAssertionVerificationLevel.RequireSuccess"/>.</value> - public UnsolicitedAssertionVerificationLevel UnsolicitedAssertionVerification { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether the Provider should ease the burden of storing associations - /// by encoding them in signed, encrypted form into the association handles themselves, storing only - /// a few rotating, private symmetric keys in the Provider's store instead. - /// </summary> - /// <value>The default value for this property is <c>true</c>.</value> - public bool EncodeAssociationSecretsInHandles { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether OpenID 1.x relying parties that may not be - /// protecting their users from replay attacks are protected from - /// replay attacks by this provider. - /// </summary> - /// <value>The default value is <c>true</c>.</value> - /// <remarks> - /// <para>Nonces for protection against replay attacks were not mandated - /// by OpenID 1.x, which leaves users open to replay attacks.</para> - /// <para>This feature works by preventing associations from being used - /// with OpenID 1.x relying parties, thereby forcing them into - /// "dumb" mode and verifying every claim with this provider. - /// This gives the provider an opportunity to verify its own nonce - /// to protect against replay attacks.</para> - /// </remarks> - internal bool ProtectDownlevelReplayAttacks { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether outgoing extensions are always signed. - /// </summary> - /// <value> - /// <c>true</c> if outgoing extensions should be signed; otherwise, <c>false</c>. - /// The default is <c>true</c>. - /// </value> - /// <remarks> - /// This property is internal because Providers should never turn it off, but it is - /// needed for testing the RP's rejection of unsigned extensions. - /// </remarks> - internal bool SignOutgoingExtensions { get; set; } - - /// <summary> - /// Creates a deep clone of this instance. - /// </summary> - /// <returns>A new instance that is a deep clone of this instance.</returns> - internal ProviderSecuritySettings Clone() { - var securitySettings = new ProviderSecuritySettings(); - foreach (var pair in this.AssociationLifetimes) { - securitySettings.AssociationLifetimes.Add(pair); - } - - securitySettings.MaximumHashBitLength = this.MaximumHashBitLength; - securitySettings.MinimumHashBitLength = this.MinimumHashBitLength; - securitySettings.ProtectDownlevelReplayAttacks = this.ProtectDownlevelReplayAttacks; - securitySettings.RequireSsl = this.RequireSsl; - securitySettings.SignOutgoingExtensions = this.SignOutgoingExtensions; - securitySettings.UnsolicitedAssertionVerification = this.UnsolicitedAssertionVerification; - - return securitySettings; - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/RelyingPartyDiscoveryResult.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/RelyingPartyDiscoveryResult.cs deleted file mode 100644 index 4eca6d6..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/RelyingPartyDiscoveryResult.cs +++ /dev/null @@ -1,36 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="RelyingPartyDiscoveryResult.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - /// <summary> - /// The result codes that may be returned from an attempt at relying party discovery. - /// </summary> - public enum RelyingPartyDiscoveryResult { - /// <summary> - /// Relying Party discovery failed to find an XRDS document or the document was invalid. - /// </summary> - /// <remarks> - /// This can happen either when a relying party does not offer a service document at all, - /// or when a man-in-the-middle attack is in progress that prevents the Provider from being - /// able to discover that document. - /// </remarks> - NoServiceDocument, - - /// <summary> - /// Relying Party discovery yielded a valid XRDS document, but no matching return_to URI was found. - /// </summary> - /// <remarks> - /// This is perhaps the most dangerous rating for a relying party, since it suggests that - /// they are implementing OpenID 2.0 securely, but that a hijack operation may be in progress. - /// </remarks> - NoMatchingReturnTo, - - /// <summary> - /// Relying Party discovery succeeded, and a matching return_to URI was found. - /// </summary> - Success, - } -} |