diff options
Diffstat (limited to 'src/DotNetOpenAuth.OpenId.Provider')
21 files changed, 141 insertions, 1315 deletions
diff --git a/src/DotNetOpenAuth.OpenId.Provider/Configuration/OpenIdProviderElement.cs b/src/DotNetOpenAuth.OpenId.Provider/Configuration/OpenIdProviderElement.cs deleted file mode 100644 index 6f5a043..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/Configuration/OpenIdProviderElement.cs +++ /dev/null @@ -1,72 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OpenIdProviderElement.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.Configuration { - using System.Configuration; - using System.Diagnostics.Contracts; - using DotNetOpenAuth.OpenId; - using DotNetOpenAuth.OpenId.Provider; - - /// <summary> - /// The section in the .config file that allows customization of OpenID Provider behaviors. - /// </summary> - [ContractVerification(true)] - internal class OpenIdProviderElement : ConfigurationElement { - /// <summary> - /// The name of the <provider> sub-element. - /// </summary> - private const string ProviderElementName = "provider"; - - /// <summary> - /// The name of the security sub-element. - /// </summary> - private const string SecuritySettingsConfigName = "security"; - - /// <summary> - /// Gets the name of the <behaviors> sub-element. - /// </summary> - private const string BehaviorsElementName = "behaviors"; - - /// <summary> - /// The name of the custom store sub-element. - /// </summary> - private const string StoreConfigName = "store"; - - /// <summary> - /// Initializes a new instance of the <see cref="OpenIdProviderElement"/> class. - /// </summary> - public OpenIdProviderElement() { - } - - /// <summary> - /// Gets or sets the security settings. - /// </summary> - [ConfigurationProperty(SecuritySettingsConfigName)] - public OpenIdProviderSecuritySettingsElement SecuritySettings { - get { return (OpenIdProviderSecuritySettingsElement)this[SecuritySettingsConfigName] ?? new OpenIdProviderSecuritySettingsElement(); } - set { this[SecuritySettingsConfigName] = value; } - } - - /// <summary> - /// Gets or sets the special behaviors to apply. - /// </summary> - [ConfigurationProperty(BehaviorsElementName, IsDefaultCollection = false)] - [ConfigurationCollection(typeof(TypeConfigurationCollection<IProviderBehavior>))] - public TypeConfigurationCollection<IProviderBehavior> Behaviors { - get { return (TypeConfigurationCollection<IProviderBehavior>)this[BehaviorsElementName] ?? new TypeConfigurationCollection<IProviderBehavior>(); } - set { this[BehaviorsElementName] = value; } - } - - /// <summary> - /// Gets or sets the type to use for storing application state. - /// </summary> - [ConfigurationProperty(StoreConfigName)] - public TypeConfigurationElement<IOpenIdApplicationStore> ApplicationStore { - get { return (TypeConfigurationElement<IOpenIdApplicationStore>)this[StoreConfigName] ?? new TypeConfigurationElement<IOpenIdApplicationStore>(); } - set { this[StoreConfigName] = value; } - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/Configuration/OpenIdProviderSecuritySettingsElement.cs b/src/DotNetOpenAuth.OpenId.Provider/Configuration/OpenIdProviderSecuritySettingsElement.cs deleted file mode 100644 index 0d8e8b4..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/Configuration/OpenIdProviderSecuritySettingsElement.cs +++ /dev/null @@ -1,154 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OpenIdProviderSecuritySettingsElement.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.Configuration { - using System.Configuration; - using System.Diagnostics.Contracts; - using DotNetOpenAuth.OpenId; - using DotNetOpenAuth.OpenId.Provider; - - /// <summary> - /// Represents the .config file element that allows for setting the security policies of the Provider. - /// </summary> - [ContractVerification(true)] - internal class OpenIdProviderSecuritySettingsElement : ConfigurationElement { - /// <summary> - /// Gets the name of the @protectDownlevelReplayAttacks attribute. - /// </summary> - private const string ProtectDownlevelReplayAttacksConfigName = "protectDownlevelReplayAttacks"; - - /// <summary> - /// Gets the name of the @minimumHashBitLength attribute. - /// </summary> - private const string MinimumHashBitLengthConfigName = "minimumHashBitLength"; - - /// <summary> - /// Gets the name of the @maximumHashBitLength attribute. - /// </summary> - private const string MaximumHashBitLengthConfigName = "maximumHashBitLength"; - - /// <summary> - /// The name of the associations collection sub-element. - /// </summary> - private const string AssociationsConfigName = "associations"; - - /// <summary> - /// The name of the @encodeAssociationSecretsInHandles attribute. - /// </summary> - private const string EncodeAssociationSecretsInHandlesConfigName = "encodeAssociationSecretsInHandles"; - - /// <summary> - /// Gets the name of the @requireSsl attribute. - /// </summary> - private const string RequireSslConfigName = "requireSsl"; - - /// <summary> - /// Gets the name of the @unsolicitedAssertionVerification attribute. - /// </summary> - private const string UnsolicitedAssertionVerificationConfigName = "unsolicitedAssertionVerification"; - - /// <summary> - /// Initializes a new instance of the <see cref="OpenIdProviderSecuritySettingsElement"/> class. - /// </summary> - public OpenIdProviderSecuritySettingsElement() { - } - - /// <summary> - /// Gets or sets a value indicating whether all discovery and authentication should require SSL security. - /// </summary> - [ConfigurationProperty(RequireSslConfigName, DefaultValue = false)] - public bool RequireSsl { - get { return (bool)this[RequireSslConfigName]; } - set { this[RequireSslConfigName] = value; } - } - - /// <summary> - /// Gets or sets the minimum length of the hash that protects the protocol from hijackers. - /// </summary> - [ConfigurationProperty(MinimumHashBitLengthConfigName, DefaultValue = SecuritySettings.MinimumHashBitLengthDefault)] - public int MinimumHashBitLength { - get { return (int)this[MinimumHashBitLengthConfigName]; } - set { this[MinimumHashBitLengthConfigName] = value; } - } - - /// <summary> - /// Gets or sets the maximum length of the hash that protects the protocol from hijackers. - /// </summary> - [ConfigurationProperty(MaximumHashBitLengthConfigName, DefaultValue = SecuritySettings.MaximumHashBitLengthRPDefault)] - public int MaximumHashBitLength { - get { return (int)this[MaximumHashBitLengthConfigName]; } - set { this[MaximumHashBitLengthConfigName] = value; } - } - - /// <summary> - /// Gets or sets a value indicating whether the Provider should take special care - /// to protect OpenID 1.x relying parties against replay attacks. - /// </summary> - [ConfigurationProperty(ProtectDownlevelReplayAttacksConfigName, DefaultValue = ProviderSecuritySettings.ProtectDownlevelReplayAttacksDefault)] - public bool ProtectDownlevelReplayAttacks { - get { return (bool)this[ProtectDownlevelReplayAttacksConfigName]; } - set { this[ProtectDownlevelReplayAttacksConfigName] = value; } - } - - /// <summary> - /// Gets or sets the level of verification a Provider performs on an identifier before - /// sending an unsolicited assertion for it. - /// </summary> - /// <value>The default value is <see cref="ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel.RequireSuccess"/>.</value> - [ConfigurationProperty(UnsolicitedAssertionVerificationConfigName, DefaultValue = ProviderSecuritySettings.UnsolicitedAssertionVerificationDefault)] - public ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel UnsolicitedAssertionVerification { - get { return (ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel)this[UnsolicitedAssertionVerificationConfigName]; } - set { this[UnsolicitedAssertionVerificationConfigName] = value; } - } - - /// <summary> - /// Gets or sets the configured lifetimes of the various association types. - /// </summary> - [ConfigurationProperty(AssociationsConfigName, IsDefaultCollection = false)] - [ConfigurationCollection(typeof(AssociationTypeCollection))] - public AssociationTypeCollection AssociationLifetimes { - get { - Contract.Ensures(Contract.Result<AssociationTypeCollection>() != null); - return (AssociationTypeCollection)this[AssociationsConfigName] ?? new AssociationTypeCollection(); - } - - set { - this[AssociationsConfigName] = value; - } - } - - /// <summary> - /// Gets or sets a value indicating whether the Provider should ease the burden of storing associations - /// by encoding their secrets (in signed, encrypted form) into the association handles themselves, storing only - /// a few rotating, private symmetric keys in the Provider's store instead. - /// </summary> - [ConfigurationProperty(EncodeAssociationSecretsInHandlesConfigName, DefaultValue = ProviderSecuritySettings.EncodeAssociationSecretsInHandlesDefault)] - public bool EncodeAssociationSecretsInHandles { - get { return (bool)this[EncodeAssociationSecretsInHandlesConfigName]; } - set { this[EncodeAssociationSecretsInHandlesConfigName] = value; } - } - - /// <summary> - /// Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. - /// </summary> - /// <returns>The newly created security settings object.</returns> - public ProviderSecuritySettings CreateSecuritySettings() { - ProviderSecuritySettings settings = new ProviderSecuritySettings(); - settings.RequireSsl = this.RequireSsl; - settings.MinimumHashBitLength = this.MinimumHashBitLength; - settings.MaximumHashBitLength = this.MaximumHashBitLength; - settings.ProtectDownlevelReplayAttacks = this.ProtectDownlevelReplayAttacks; - settings.UnsolicitedAssertionVerification = this.UnsolicitedAssertionVerification; - settings.EncodeAssociationSecretsInHandles = this.EncodeAssociationSecretsInHandles; - foreach (AssociationTypeElement element in this.AssociationLifetimes) { - Contract.Assume(element != null); - settings.AssociationLifetimes.Add(element.AssociationType, element.MaximumLifetime); - } - - return settings; - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/DotNetOpenAuth.OpenId.Provider.csproj b/src/DotNetOpenAuth.OpenId.Provider/DotNetOpenAuth.OpenId.Provider.csproj index a888838..1bdad35 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/DotNetOpenAuth.OpenId.Provider.csproj +++ b/src/DotNetOpenAuth.OpenId.Provider/DotNetOpenAuth.OpenId.Provider.csproj @@ -20,15 +20,13 @@ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' "> </PropertyGroup> <ItemGroup> - <Compile Include="Configuration\OpenIdProviderElement.cs" /> - <Compile Include="Configuration\OpenIdProviderSecuritySettingsElement.cs" /> <Compile Include="OpenId\Behaviors\AXFetchAsSregTransform.cs" /> <Compile Include="OpenId\Behaviors\GsaIcamProviderProfile.cs" /> <Compile Include="OpenId\Behaviors\PpidGeneration.cs" /> <Compile Include="OpenId\ChannelElements\OpenIdProviderChannel.cs" /> <Compile Include="OpenId\ChannelElements\ProviderSigningBindingElement.cs" /> <Compile Include="OpenId\Extensions\ExtensionsInteropProviderHelper.cs" /> - <Compile Include="OpenId\HmacShaAsssociationProvider.cs" /> + <Compile Include="OpenId\HmacShaAssociationProvider.cs" /> <Compile Include="OpenId\Messages\AssociateDiffieHellmanProviderResponse.cs" /> <Compile Include="OpenId\Messages\AssociateRequestProvider.cs" /> <Compile Include="OpenId\Messages\AssociateSuccessfulResponseProvider.cs" /> @@ -51,34 +49,39 @@ <Compile Include="OpenId\Provider\AutoResponsiveRequest.cs" /> <Compile Include="OpenId\Provider\HostProcessedRequest.cs" /> <Compile Include="OpenId\Provider\IAnonymousRequest.cs" /> - <Compile Include="OpenId\Provider\IAuthenticationRequest.cs" /> <Compile Include="OpenId\Provider\IDirectedIdentityIdentifierProvider.cs" /> - <Compile Include="OpenId\Provider\IHostProcessedRequest.cs" /> <Compile Include="OpenId\Provider\IErrorReporting.cs" /> - <Compile Include="OpenId\Provider\IProviderBehavior.cs" /> - <Compile Include="OpenId\Provider\IRequest.cs" /> <Compile Include="OpenId\Provider\ProviderEndpoint.cs" /> - <Compile Include="OpenId\Provider\RelyingPartyDiscoveryResult.cs" /> <Compile Include="OpenId\Provider\Request.cs" /> <Compile Include="OpenId\Provider\RequestContract.cs" /> <Compile Include="OpenId\Provider\StandardProviderApplicationStore.cs" /> <Compile Include="OpenId\Provider\OpenIdProvider.cs" /> - <Compile Include="OpenId\Provider\ProviderSecuritySettings.cs" /> + <Compile Include="Properties\AssemblyInfo.cs" /> </ItemGroup> <ItemGroup> <ProjectReference Include="..\DotNetOpenAuth.Messaging\DotNetOpenAuth.Messaging.csproj"> <Project>{60426312-6AE5-4835-8667-37EDEA670222}</Project> <Name>DotNetOpenAuth.Messaging</Name> </ProjectReference> + <ProjectReference Include="..\DotNetOpenAuth.OpenId.RelyingParty\DotNetOpenAuth.OpenId.RelyingParty.csproj"> + <Project>{F458AB60-BA1C-43D9-8CEF-EC01B50BE87B}</Project> + <Name>DotNetOpenAuth.OpenId.RelyingParty</Name> + </ProjectReference> <ProjectReference Include="..\DotNetOpenAuth.OpenId\DotNetOpenAuth.OpenId.csproj"> <Project>{3896A32A-E876-4C23-B9B8-78E17D134CD3}</Project> <Name>DotNetOpenAuth.OpenId</Name> </ProjectReference> + <ProjectReference Include="..\Org.Mentalis.Security.Cryptography\Org.Mentalis.Security.Cryptography.csproj"> + <Project>{26DC877F-5987-48DD-9DDB-E62F2DE0E150}</Project> + <Name>Org.Mentalis.Security.Cryptography</Name> + </ProjectReference> </ItemGroup> <ItemGroup> <Reference Include="System" /> </ItemGroup> - <ItemGroup /> + <ItemGroup> + <Folder Include="Configuration\" /> + </ItemGroup> <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" /> <Import Project="$(ProjectRoot)tools\DotNetOpenAuth.targets" /> <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))\EnlistmentInfo.targets" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))' != '' " /> diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs index 18a992c..7975253 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs @@ -14,6 +14,8 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { using DotNetOpenAuth.OpenId.Messages; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.Messaging.Bindings; + using System.Web; + using DotNetOpenAuth.Messaging.Reflection; internal class ProviderSigningBindingElement : SigningBindingElement { /// <summary> @@ -123,7 +125,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { // If no assoc_handle was given or it was invalid, the only thing // left to do is sign a message using a 'dumb' mode association. Protocol protocol = Protocol.Default; - Association association = HmacShaAssociation.Create(protocol, protocol.Args.SignatureAlgorithm.HMAC_SHA256, AssociationRelyingPartyType.Dumb, this.opAssociations, this.opSecuritySettings); + Association association = HmacShaAssociationProvider.Create(protocol, protocol.Args.SignatureAlgorithm.HMAC_SHA256, AssociationRelyingPartyType.Dumb, this.opAssociations, this.opSecuritySettings); return association; } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/HmacShaAsssociationProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/HmacShaAssociationProvider.cs index b2c9ef3..48b3840 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/HmacShaAsssociationProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/HmacShaAssociationProvider.cs @@ -13,7 +13,7 @@ namespace DotNetOpenAuth.OpenId { using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OpenId.Provider; - internal class HmacShaAsssociationProvider : HmacShaAssociation { + internal static class HmacShaAssociationProvider { /// <summary> /// The default lifetime of a shared association when no lifetime is given /// for a specific association type. @@ -42,7 +42,7 @@ namespace DotNetOpenAuth.OpenId { Contract.Requires<ArgumentNullException>(securitySettings != null); Contract.Ensures(Contract.Result<HmacShaAssociation>() != null); - int secretLength = GetSecretLength(protocol, associationType); + int secretLength = HmacShaAssociation.GetSecretLength(protocol, associationType); // Generate the secret that will be used for signing byte[] secret = MessagingUtilities.GetCryptoRandomData(secretLength); @@ -53,7 +53,7 @@ namespace DotNetOpenAuth.OpenId { lifetime = DefaultMaximumLifetime; } } else { - lifetime = DumbSecretLifetime; + lifetime = HmacShaAssociation.DumbSecretLifetime; } string handle = associationStore.Serialize(secret, DateTime.UtcNow + lifetime, associationUse == AssociationRelyingPartyType.Dumb); @@ -61,7 +61,7 @@ namespace DotNetOpenAuth.OpenId { Contract.Assert(protocol != null); // All the way up to the method call, the condition holds, yet we get a Requires failure next Contract.Assert(secret != null); Contract.Assert(!String.IsNullOrEmpty(associationType)); - var result = Create(protocol, associationType, handle, secret, lifetime); + var result = HmacShaAssociation.Create(protocol, associationType, handle, secret, lifetime); return result; } } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs index 80743f7..cdb5166 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateDiffieHellmanProviderResponse.cs @@ -30,18 +30,6 @@ namespace DotNetOpenAuth.OpenId.Messages { } /// <summary> - /// Creates the association at relying party side after the association response has been received. - /// </summary> - /// <param name="request">The original association request that was already sent and responded to.</param> - /// <returns>The newly created association.</returns> - /// <remarks> - /// The resulting association is <i>not</i> added to the association store and must be done by the caller. - /// </remarks> - protected override Association CreateAssociationAtRelyingParty(AssociateRequest request) { - throw new NotImplementedException(); - } - - /// <summary> /// Creates the association at the provider side after the association request has been received. /// </summary> /// <param name="request">The association request.</param> @@ -54,14 +42,14 @@ namespace DotNetOpenAuth.OpenId.Messages { /// The response message is updated to include the details of the created association by this method, /// but the resulting association is <i>not</i> added to the association store and must be done by the caller. /// </remarks> - protected override Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { + protected Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { var diffieHellmanRequest = request as AssociateDiffieHellmanRequest; ErrorUtilities.VerifyInternal(diffieHellmanRequest != null, "Expected a DH request type."); this.SessionType = this.SessionType ?? request.SessionType; // Go ahead and create the association first, complete with its secret that we're about to share. - Association association = HmacShaAssociation.Create(this.Protocol, this.AssociationType, AssociationRelyingPartyType.Smart, associationStore, securitySettings); + Association association = HmacShaAssociationProvider.Create(this.Protocol, this.AssociationType, AssociationRelyingPartyType.Smart, associationStore, securitySettings); // We now need to securely communicate the secret to the relying party using Diffie-Hellman. // We do this by performing a DH algorithm on the secret and setting a couple of properties diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateRequestProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateRequestProvider.cs index a4449f8..e2ca117 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateRequestProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateRequestProvider.cs @@ -9,6 +9,15 @@ internal abstract class AssociateRequestProvider : AssociateRequest { /// <summary> + /// Initializes a new instance of the <see cref="AssociateRequestProvider"/> class. + /// </summary> + /// <param name="version">The OpenID version this message must comply with.</param> + /// <param name="providerEndpoint">The OpenID Provider endpoint.</param> + internal AssociateRequestProvider(Version version, Uri providerEndpoint) + : base(version, providerEndpoint) { + } + + /// <summary> /// Creates a Provider's response to an incoming association request. /// </summary> /// <param name="associationStore">The association store.</param> @@ -32,9 +41,9 @@ response = this.CreateResponseCore(); // Create and store the association if this is a successful response. - var successResponse = response as AssociateSuccessfulResponse; + var successResponse = response as AssociateSuccessfulResponseProvider; if (successResponse != null) { - successResponse.CreateAssociation(this, associationStore, securitySettings); + successResponse.CreateAssociationAtProvider(this, associationStore, securitySettings); } } else { response = this.CreateUnsuccessfulResponse(securitySettings); @@ -92,6 +101,5 @@ return unsuccessfulResponse; } - } } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProvider.cs index 3a71bba..36ce544 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProvider.cs @@ -1,12 +1,23 @@ namespace DotNetOpenAuth.OpenId.Messages { using System; using System.Collections.Generic; + using System.Diagnostics.Contracts; using System.Linq; using System.Text; using DotNetOpenAuth.OpenId.Provider; + [ContractClass(typeof(AssociateSuccessfulResponseProviderContract))] internal abstract class AssociateSuccessfulResponseProvider : AssociateSuccessfulResponse { /// <summary> + /// Initializes a new instance of the <see cref="AssociateSuccessfulResponseProvider"/> class. + /// </summary> + /// <param name="version">The version.</param> + /// <param name="request">The request.</param> + internal AssociateSuccessfulResponseProvider(Version version, AssociateRequest request) : + base(version, request) { + } + + /// <summary> /// Called to create the Association based on a request previously given by the Relying Party. /// </summary> /// <param name="request">The prior request for an association.</param> @@ -22,6 +33,6 @@ /// <para>The response message is updated to include the details of the created association by this method, /// but the resulting association is <i>not</i> added to the association store and must be done by the caller.</para> /// </remarks> - protected abstract Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings); + protected internal abstract Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings); } } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProviderContract.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProviderContract.cs index 9824316..9403980 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProviderContract.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateSuccessfulResponseProviderContract.cs @@ -8,7 +8,16 @@ [ContractClassFor(typeof(AssociateSuccessfulResponseProvider))] internal abstract class AssociateSuccessfulResponseProviderContract : AssociateSuccessfulResponseProvider { - protected override Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { + /// <summary> + /// Prevents a default instance of the <see cref="AssociateSuccessfulResponseProviderContract"/> class from being created. + /// </summary> + /// <param name="version">The version.</param> + /// <param name="request">The request.</param> + private AssociateSuccessfulResponseProviderContract(Version version, AssociateRequest request) + : base(version, request) { + } + + protected internal override Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { Contract.Requires<ArgumentNullException>(request != null); Contract.Requires<ArgumentNullException>(associationStore != null); Contract.Requires<ArgumentNullException>(securitySettings != null); diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateUnencryptedResponseProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateUnencryptedResponseProvider.cs index c390a5e..ad7c3ae 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateUnencryptedResponseProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/AssociateUnencryptedResponseProvider.cs @@ -13,6 +13,15 @@ namespace DotNetOpenAuth.OpenId.Messages { internal class AssociateUnencryptedResponseProvider : AssociateUnencryptedResponse { /// <summary> + /// Initializes a new instance of the <see cref="AssociateUnencryptedResponseProvider"/> class. + /// </summary> + /// <param name="version">The version.</param> + /// <param name="request">The request.</param> + internal AssociateUnencryptedResponseProvider(Version version, AssociateUnencryptedRequest request) + : base(version, request) { + } + + /// <summary> /// Called to create the Association based on a request previously given by the Relying Party. /// </summary> /// <param name="request">The prior request for an association.</param> @@ -30,11 +39,10 @@ namespace DotNetOpenAuth.OpenId.Messages { /// <para>The response message is updated to include the details of the created association by this method, /// but the resulting association is <i>not</i> added to the association store and must be done by the caller.</para> /// </remarks> - protected override Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { - Association association = HmacShaAssociation.Create(Protocol, this.AssociationType, AssociationRelyingPartyType.Smart, associationStore, securitySettings); + protected Association CreateAssociationAtProvider(AssociateRequest request, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { + Association association = HmacShaAssociationProvider.Create(Protocol, this.AssociationType, AssociationRelyingPartyType.Smart, associationStore, securitySettings); this.MacKey = association.SecretKey; return association; } - } } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/CheckAuthenticationResponseProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/CheckAuthenticationResponseProvider.cs index 3853693..8f00394 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/CheckAuthenticationResponseProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Messages/CheckAuthenticationResponseProvider.cs @@ -2,6 +2,9 @@ using System.Collections.Generic; using System.Linq; using System.Text; +using DotNetOpenAuth.OpenId.Provider; +using System.Diagnostics.Contracts; +using DotNetOpenAuth.OpenId.ChannelElements; namespace DotNetOpenAuth.OpenId.Messages { class CheckAuthenticationResponseProvider : CheckAuthenticationResponse { diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/OpenIdProviderUtilities.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/OpenIdProviderUtilities.cs index 680759b..247f734 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/OpenIdProviderUtilities.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/OpenIdProviderUtilities.cs @@ -29,20 +29,19 @@ namespace DotNetOpenAuth.OpenId { /// This method is called by both the Provider and the Relying Party, but actually performs /// quite different operations in either scenario. /// </remarks> - internal static Association CreateAssociation(AssociateRequest request, AssociateSuccessfulResponse response, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { + internal static Association CreateAssociation(AssociateRequest request, AssociateSuccessfulResponseProvider response, IProviderAssociationStore associationStore, ProviderSecuritySettings securitySettings) { Contract.Requires<ArgumentNullException>(request != null); Contract.Requires<ArgumentNullException>(response != null, "response"); Contract.Requires<ArgumentNullException>(securitySettings != null, "securitySettings"); // We need to initialize some common properties based on the created association. - var association = CreateAssociationAtProvider(request, associationStore, securitySettings); + var association = response.CreateAssociationAtProvider(request, associationStore, securitySettings); response.ExpiresIn = association.SecondsTillExpiration; response.AssociationHandle = association.Handle; return association; } - /// <summary> /// Determines whether the association with the specified handle is (still) valid. /// </summary> diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs index ec0c58a..2fdcebb 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs @@ -105,17 +105,19 @@ namespace DotNetOpenAuth.OpenId.Provider { /// Gets a value indicating whether verification of the return URL claimed by the Relying Party /// succeeded. /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns>Result of realm discovery.</returns> + /// <param name="requestHandler">The request handler.</param> + /// <returns> + /// Result of realm discovery. + /// </returns> /// <remarks> /// Return URL verification is only attempted if this property is queried. /// The result of the verification is cached per request so calling this /// property getter multiple times in one request is not a performance hit. /// See OpenID Authentication 2.0 spec section 9.2.1. /// </remarks> - public RelyingPartyDiscoveryResult IsReturnUrlDiscoverable(OpenIdProvider provider) { + public RelyingPartyDiscoveryResult IsReturnUrlDiscoverable(IDirectWebRequestHandler requestHandler) { if (!this.realmDiscoveryResult.HasValue) { - this.realmDiscoveryResult = this.IsReturnUrlDiscoverableCore(provider); + this.realmDiscoveryResult = this.IsReturnUrlDiscoverableCore(requestHandler); } return this.realmDiscoveryResult.Value; @@ -125,10 +127,12 @@ namespace DotNetOpenAuth.OpenId.Provider { /// Gets a value indicating whether verification of the return URL claimed by the Relying Party /// succeeded. /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns>Result of realm discovery.</returns> - private RelyingPartyDiscoveryResult IsReturnUrlDiscoverableCore(OpenIdProvider provider) { - Contract.Requires<ArgumentNullException>(provider != null); + /// <param name="requestHandler">The request handler.</param> + /// <returns> + /// Result of realm discovery. + /// </returns> + private RelyingPartyDiscoveryResult IsReturnUrlDiscoverableCore(IDirectWebRequestHandler requestHandler) { + Contract.Requires<ArgumentNullException>(requestHandler != null); ErrorUtilities.VerifyInternal(this.Realm != null, "Realm should have been read or derived by now."); @@ -138,7 +142,7 @@ namespace DotNetOpenAuth.OpenId.Provider { return RelyingPartyDiscoveryResult.NoServiceDocument; } - var returnToEndpoints = this.Realm.DiscoverReturnToEndpoints(provider.Channel.WebRequestHandler, false); + var returnToEndpoints = this.Realm.DiscoverReturnToEndpoints(requestHandler, false); if (returnToEndpoints == null) { return RelyingPartyDiscoveryResult.NoServiceDocument; } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IAuthenticationRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IAuthenticationRequest.cs deleted file mode 100644 index f59d436..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IAuthenticationRequest.cs +++ /dev/null @@ -1,367 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IAuthenticationRequest.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Collections.Generic; - using System.Diagnostics.Contracts; - using System.Text; - using DotNetOpenAuth.Messaging; - - /// <summary> - /// Instances of this interface represent incoming authentication requests. - /// This interface provides the details of the request and allows setting - /// the response. - /// </summary> - [ContractClass(typeof(IAuthenticationRequestContract))] - public interface IAuthenticationRequest : IHostProcessedRequest { - /// <summary> - /// Gets a value indicating whether the Provider should help the user - /// select a Claimed Identifier to send back to the relying party. - /// </summary> - bool IsDirectedIdentity { get; } - - /// <summary> - /// Gets a value indicating whether the requesting Relying Party is using a delegated URL. - /// </summary> - /// <remarks> - /// When delegated identifiers are used, the <see cref="ClaimedIdentifier"/> should not - /// be changed at the Provider during authentication. - /// Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - /// A relying party implementing only OpenID 1.x may use delegation and this property will - /// return false anyway. - /// </remarks> - bool IsDelegatedIdentifier { get; } - - /// <summary> - /// Gets or sets the Local Identifier to this OpenID Provider of the user attempting - /// to authenticate. Check <see cref="IsDirectedIdentity"/> to see if - /// this value is valid. - /// </summary> - /// <remarks> - /// This may or may not be the same as the Claimed Identifier that the user agent - /// originally supplied to the relying party. The Claimed Identifier - /// endpoint may be delegating authentication to this provider using - /// this provider's local id, which is what this property contains. - /// Use this identifier when looking up this user in the provider's user account - /// list. - /// </remarks> - Identifier LocalIdentifier { get; set; } - - /// <summary> - /// Gets or sets the identifier that the user agent is claiming at the relying party site. - /// Check <see cref="IsDirectedIdentity"/> to see if this value is valid. - /// </summary> - /// <remarks> - /// <para>This property can only be set if <see cref="IsDelegatedIdentifier"/> is - /// false, to prevent breaking URL delegation.</para> - /// <para>This will not be the same as this provider's local identifier for the user - /// if the user has set up his/her own identity page that points to this - /// provider for authentication.</para> - /// <para>The provider may use this identifier for displaying to the user when - /// asking for the user's permission to authenticate to the relying party.</para> - /// </remarks> - /// <exception cref="InvalidOperationException">Thrown from the setter - /// if <see cref="IsDelegatedIdentifier"/> is true.</exception> - Identifier ClaimedIdentifier { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether the provider has determined that the - /// <see cref="ClaimedIdentifier"/> belongs to the currently logged in user - /// and wishes to share this information with the consumer. - /// </summary> - bool? IsAuthenticated { get; set; } - - /// <summary> - /// Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - /// Useful for identifier recycling. - /// </summary> - /// <param name="fragment"> - /// Should not include the # prefix character as that will be added internally. - /// May be null or the empty string to clear a previously set fragment. - /// </param> - /// <remarks> - /// <para>Unlike the <see cref="ClaimedIdentifier"/> property, which can only be set if - /// using directed identity, this method can be called on any URI claimed identifier.</para> - /// <para>Because XRI claimed identifiers (the canonical IDs) are never recycled, - /// this method should<i>not</i> be called for XRIs.</para> - /// </remarks> - /// <exception cref="InvalidOperationException"> - /// Thrown when this method is called on an XRI, or on a directed identity - /// request before the <see cref="ClaimedIdentifier"/> property is set. - /// </exception> - void SetClaimedIdentifierFragment(string fragment); - } - - /// <summary> - /// Code contract class for the <see cref="IAuthenticationRequest"/> type. - /// </summary> - [ContractClassFor(typeof(IAuthenticationRequest))] - internal abstract class IAuthenticationRequestContract : IAuthenticationRequest { - /// <summary> - /// Initializes a new instance of the <see cref="IAuthenticationRequestContract"/> class. - /// </summary> - protected IAuthenticationRequestContract() { - } - - #region IAuthenticationRequest Properties - - /// <summary> - /// Gets a value indicating whether the Provider should help the user - /// select a Claimed Identifier to send back to the relying party. - /// </summary> - bool IAuthenticationRequest.IsDirectedIdentity { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the requesting Relying Party is using a delegated URL. - /// </summary> - /// <remarks> - /// When delegated identifiers are used, the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> should not - /// be changed at the Provider during authentication. - /// Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - /// A relying party implementing only OpenID 1.x may use delegation and this property will - /// return false anyway. - /// </remarks> - bool IAuthenticationRequest.IsDelegatedIdentifier { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the Local Identifier to this OpenID Provider of the user attempting - /// to authenticate. Check <see cref="IAuthenticationRequest.IsDirectedIdentity"/> to see if - /// this value is valid. - /// </summary> - /// <remarks> - /// This may or may not be the same as the Claimed Identifier that the user agent - /// originally supplied to the relying party. The Claimed Identifier - /// endpoint may be delegating authentication to this provider using - /// this provider's local id, which is what this property contains. - /// Use this identifier when looking up this user in the provider's user account - /// list. - /// </remarks> - Identifier IAuthenticationRequest.LocalIdentifier { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - /// <summary> - /// Gets or sets the identifier that the user agent is claiming at the relying party site. - /// Check <see cref="IAuthenticationRequest.IsDirectedIdentity"/> to see if this value is valid. - /// </summary> - /// <remarks> - /// <para>This property can only be set if <see cref="IAuthenticationRequest.IsDelegatedIdentifier"/> is - /// false, to prevent breaking URL delegation.</para> - /// <para>This will not be the same as this provider's local identifier for the user - /// if the user has set up his/her own identity page that points to this - /// provider for authentication.</para> - /// <para>The provider may use this identifier for displaying to the user when - /// asking for the user's permission to authenticate to the relying party.</para> - /// </remarks> - /// <exception cref="InvalidOperationException">Thrown from the setter - /// if <see cref="IAuthenticationRequest.IsDelegatedIdentifier"/> is true.</exception> - Identifier IAuthenticationRequest.ClaimedIdentifier { - get { - throw new NotImplementedException(); - } - - set { - IAuthenticationRequest req = this; - Contract.Requires<InvalidOperationException>(!req.IsDelegatedIdentifier, OpenIdStrings.ClaimedIdentifierCannotBeSetOnDelegatedAuthentication); - Contract.Requires<InvalidOperationException>(!req.IsDirectedIdentity || !(req.LocalIdentifier != null && req.LocalIdentifier != value), OpenIdStrings.IdentifierSelectRequiresMatchingIdentifiers); - } - } - - /// <summary> - /// Gets or sets a value indicating whether the provider has determined that the - /// <see cref="IAuthenticationRequest.ClaimedIdentifier"/> belongs to the currently logged in user - /// and wishes to share this information with the consumer. - /// </summary> - bool? IAuthenticationRequest.IsAuthenticated { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - #endregion - - #region IHostProcessedRequest Properties - - /// <summary> - /// Gets the version of OpenID being used by the relying party that sent the request. - /// </summary> - ProtocolVersion IHostProcessedRequest.RelyingPartyVersion { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets the URL the consumer site claims to use as its 'base' address. - /// </summary> - Realm IHostProcessedRequest.Realm { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the consumer demands an immediate response. - /// If false, the consumer is willing to wait for the identity provider - /// to authenticate the user. - /// </summary> - bool IHostProcessedRequest.Immediate { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the provider endpoint claimed in the positive assertion. - /// </summary> - /// <value> - /// The default value is the URL that the request came in on from the relying party. - /// This value MUST match the value for the OP Endpoint in the discovery results for the - /// claimed identifier being asserted in a positive response. - /// </value> - Uri IHostProcessedRequest.ProviderEndpoint { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - #endregion - - #region IRequest Properties - - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IRequest.IsResponseReady { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value> - /// Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>. - /// </value> - ProviderSecuritySettings IRequest.SecuritySettings { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - #endregion - - #region IAuthenticationRequest Methods - - /// <summary> - /// Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - /// Useful for identifier recycling. - /// </summary> - /// <param name="fragment">Should not include the # prefix character as that will be added internally. - /// May be null or the empty string to clear a previously set fragment.</param> - /// <remarks> - /// <para>Unlike the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> property, which can only be set if - /// using directed identity, this method can be called on any URI claimed identifier.</para> - /// <para>Because XRI claimed identifiers (the canonical IDs) are never recycled, - /// this method should<i>not</i> be called for XRIs.</para> - /// </remarks> - /// <exception cref="InvalidOperationException"> - /// Thrown when this method is called on an XRI, or on a directed identity - /// request before the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> property is set. - /// </exception> - void IAuthenticationRequest.SetClaimedIdentifierFragment(string fragment) { - Contract.Requires<InvalidOperationException>(!(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null), OpenIdStrings.ClaimedIdentifierMustBeSetFirst); - Contract.Requires<InvalidOperationException>(!(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier), OpenIdStrings.FragmentNotAllowedOnXRIs); - - throw new NotImplementedException(); - } - - #endregion - - #region IHostProcessedRequest Methods - - /// <summary> - /// Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns> - /// The details of how successful the relying party discovery was. - /// </returns> - /// <remarks> - /// <para>Return URL verification is only attempted if this method is called.</para> - /// <para>See OpenID Authentication 2.0 spec section 9.2.1.</para> - /// </remarks> - RelyingPartyDiscoveryResult IHostProcessedRequest.IsReturnUrlDiscoverable(OpenIdProvider provider) { - throw new NotImplementedException(); - } - - #endregion - - #region IRequest Methods - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void IRequest.AddResponseExtension(DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension extension) { - throw new NotImplementedException(); - } - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void IRequest.ClearResponseExtensions() { - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - T IRequest.GetExtension<T>() { - throw new NotImplementedException(); - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension IRequest.GetExtension(Type extensionType) { - throw new NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IHostProcessedRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IHostProcessedRequest.cs deleted file mode 100644 index 1c38d4b..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IHostProcessedRequest.cs +++ /dev/null @@ -1,202 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IHostProcessedRequest.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Diagnostics.Contracts; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.Messages; - - /// <summary> - /// Interface exposing incoming messages to the OpenID Provider that - /// require interaction with the host site. - /// </summary> - [ContractClass(typeof(IHostProcessedRequestContract))] - public interface IHostProcessedRequest : IRequest { - /// <summary> - /// Gets the version of OpenID being used by the relying party that sent the request. - /// </summary> - ProtocolVersion RelyingPartyVersion { get; } - - /// <summary> - /// Gets the URL the consumer site claims to use as its 'base' address. - /// </summary> - Realm Realm { get; } - - /// <summary> - /// Gets a value indicating whether the consumer demands an immediate response. - /// If false, the consumer is willing to wait for the identity provider - /// to authenticate the user. - /// </summary> - bool Immediate { get; } - - /// <summary> - /// Gets or sets the provider endpoint claimed in the positive assertion. - /// </summary> - /// <value> - /// The default value is the URL that the request came in on from the relying party. - /// This value MUST match the value for the OP Endpoint in the discovery results for the - /// claimed identifier being asserted in a positive response. - /// </value> - Uri ProviderEndpoint { get; set; } - - /// <summary> - /// Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns> - /// The details of how successful the relying party discovery was. - /// </returns> - /// <remarks> - /// <para>Return URL verification is only attempted if this method is called.</para> - /// <para>See OpenID Authentication 2.0 spec section 9.2.1.</para> - /// </remarks> - RelyingPartyDiscoveryResult IsReturnUrlDiscoverable(OpenIdProvider provider); - } - - /// <summary> - /// Code contract for the <see cref="IHostProcessedRequest"/> type. - /// </summary> - [ContractClassFor(typeof(IHostProcessedRequest))] - internal abstract class IHostProcessedRequestContract : IHostProcessedRequest { - /// <summary> - /// Initializes a new instance of the <see cref="IHostProcessedRequestContract"/> class. - /// </summary> - protected IHostProcessedRequestContract() { - } - - #region IHostProcessedRequest Properties - - /// <summary> - /// Gets the version of OpenID being used by the relying party that sent the request. - /// </summary> - ProtocolVersion IHostProcessedRequest.RelyingPartyVersion { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Gets the URL the consumer site claims to use as its 'base' address. - /// </summary> - Realm IHostProcessedRequest.Realm { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the consumer demands an immediate response. - /// If false, the consumer is willing to wait for the identity provider - /// to authenticate the user. - /// </summary> - bool IHostProcessedRequest.Immediate { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Gets or sets the provider endpoint. - /// </summary> - /// <value> - /// The default value is the URL that the request came in on from the relying party. - /// </value> - Uri IHostProcessedRequest.ProviderEndpoint { - get { - Contract.Ensures(Contract.Result<Uri>() != null); - throw new NotImplementedException(); - } - - set { - Contract.Requires(value != null); - throw new NotImplementedException(); - } - } - - #endregion - - #region IRequest Members - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value> - /// Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>. - /// </value> - ProviderSecuritySettings IRequest.SecuritySettings { - get { throw new NotImplementedException(); } - set { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IRequest.IsResponseReady { - get { throw new System.NotImplementedException(); } - } - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void IRequest.AddResponseExtension(DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension extension) { - throw new System.NotImplementedException(); - } - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void IRequest.ClearResponseExtensions() { - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - T IRequest.GetExtension<T>() { - throw new System.NotImplementedException(); - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension IRequest.GetExtension(System.Type extensionType) { - throw new System.NotImplementedException(); - } - - #endregion - - #region IHostProcessedRequest Methods - - /// <summary> - /// Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - /// </summary> - /// <param name="provider">The OpenIdProvider that is performing the RP discovery.</param> - /// <returns> - /// The details of how successful the relying party discovery was. - /// </returns> - /// <remarks> - /// <para>Return URL verification is only attempted if this method is called.</para> - /// <para>See OpenID Authentication 2.0 spec section 9.2.1.</para> - /// </remarks> - RelyingPartyDiscoveryResult IHostProcessedRequest.IsReturnUrlDiscoverable(OpenIdProvider provider) { - Contract.Requires<ArgumentNullException>(provider != null); - throw new System.NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IProviderBehavior.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IProviderBehavior.cs deleted file mode 100644 index 01b4ac8..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IProviderBehavior.cs +++ /dev/null @@ -1,114 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IProviderBehavior.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Diagnostics.Contracts; - using DotNetOpenAuth.OpenId.ChannelElements; - - /// <summary> - /// Applies a custom security policy to certain OpenID security settings and behaviors. - /// </summary> - [ContractClass(typeof(IProviderBehaviorContract))] - public interface IProviderBehavior { - /// <summary> - /// Applies a well known set of security requirements to a default set of security settings. - /// </summary> - /// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param> - /// <remarks> - /// Care should be taken to never decrease security when applying a profile. - /// Profiles should only enhance security requirements to avoid being - /// incompatible with each other. - /// </remarks> - void ApplySecuritySettings(ProviderSecuritySettings securitySettings); - - /// <summary> - /// Called when a request is received by the Provider. - /// </summary> - /// <param name="request">The incoming request.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - /// <remarks> - /// Implementations may set a new value to <see cref="IRequest.SecuritySettings"/> but - /// should not change the properties on the instance of <see cref="ProviderSecuritySettings"/> - /// itself as that instance may be shared across many requests. - /// </remarks> - bool OnIncomingRequest(IRequest request); - - /// <summary> - /// Called when the Provider is preparing to send a response to an authentication request. - /// </summary> - /// <param name="request">The request that is configured to generate the outgoing response.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - bool OnOutgoingResponse(IAuthenticationRequest request); - } - - /// <summary> - /// Code contract for the <see cref="IProviderBehavior"/> type. - /// </summary> - [ContractClassFor(typeof(IProviderBehavior))] - internal abstract class IProviderBehaviorContract : IProviderBehavior { - /// <summary> - /// Initializes a new instance of the <see cref="IProviderBehaviorContract"/> class. - /// </summary> - protected IProviderBehaviorContract() { - } - - #region IProviderBehavior Members - - /// <summary> - /// Applies a well known set of security requirements to a default set of security settings. - /// </summary> - /// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param> - /// <remarks> - /// Care should be taken to never decrease security when applying a profile. - /// Profiles should only enhance security requirements to avoid being - /// incompatible with each other. - /// </remarks> - void IProviderBehavior.ApplySecuritySettings(ProviderSecuritySettings securitySettings) { - Contract.Requires<ArgumentNullException>(securitySettings != null); - throw new System.NotImplementedException(); - } - - /// <summary> - /// Called when a request is received by the Provider. - /// </summary> - /// <param name="request">The incoming request.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - /// <remarks> - /// Implementations may set a new value to <see cref="IRequest.SecuritySettings"/> but - /// should not change the properties on the instance of <see cref="ProviderSecuritySettings"/> - /// itself as that instance may be shared across many requests. - /// </remarks> - bool IProviderBehavior.OnIncomingRequest(IRequest request) { - Contract.Requires<ArgumentNullException>(request != null); - throw new System.NotImplementedException(); - } - - /// <summary> - /// Called when the Provider is preparing to send a response to an authentication request. - /// </summary> - /// <param name="request">The request that is configured to generate the outgoing response.</param> - /// <returns> - /// <c>true</c> if this behavior owns this request and wants to stop other behaviors - /// from handling it; <c>false</c> to allow other behaviors to process this request. - /// </returns> - bool IProviderBehavior.OnOutgoingResponse(IAuthenticationRequest request) { - Contract.Requires<ArgumentNullException>(request != null); - throw new System.NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IRequest.cs deleted file mode 100644 index c231fa3..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/IRequest.cs +++ /dev/null @@ -1,151 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IRequest.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Collections.Generic; - using System.Diagnostics.CodeAnalysis; - using System.Diagnostics.Contracts; - using System.Text; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.Messages; - - /// <summary> - /// Represents an incoming OpenId authentication request. - /// </summary> - /// <remarks> - /// Requests may be infrastructural to OpenID and allow auto-responses, or they may - /// be authentication requests where the Provider site has to make decisions based - /// on its own user database and policies. - /// </remarks> - [ContractClass(typeof(IRequestContract))] - public interface IRequest { - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IsResponseReady { get; } - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value>Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>.</value> - ProviderSecuritySettings SecuritySettings { get; set; } - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void AddResponseExtension(IOpenIdMessageExtension extension); - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void ClearResponseExtensions(); - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns>An instance of the extension initialized with values passed in with the request.</returns> - [SuppressMessage("Microsoft.Design", "CA1004:GenericMethodsShouldProvideTypeParameter", Justification = "No parameter to make of type T.")] - T GetExtension<T>() where T : IOpenIdMessageExtension, new(); - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns>An instance of the extension initialized with values passed in with the request.</returns> - IOpenIdMessageExtension GetExtension(Type extensionType); - } - - /// <summary> - /// Code contract for the <see cref="IRequest"/> interface. - /// </summary> - [ContractClassFor(typeof(IRequest))] - internal abstract class IRequestContract : IRequest { - /// <summary> - /// Prevents a default instance of the <see cref="IRequestContract"/> class from being created. - /// </summary> - private IRequestContract() { - } - - #region IRequest Members - - /// <summary> - /// Gets or sets the security settings that apply to this request. - /// </summary> - /// <value> - /// Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>. - /// </value> - ProviderSecuritySettings IRequest.SecuritySettings { - get { throw new NotImplementedException(); } - set { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a value indicating whether the response is ready to be sent to the user agent. - /// </summary> - /// <remarks> - /// This property returns false if there are properties that must be set on this - /// request instance before the response can be sent. - /// </remarks> - bool IRequest.IsResponseReady { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Adds an extension to the response to send to the relying party. - /// </summary> - /// <param name="extension">The extension to add to the response message.</param> - void IRequest.AddResponseExtension(IOpenIdMessageExtension extension) { - Contract.Requires<ArgumentNullException>(extension != null); - throw new NotImplementedException(); - } - - /// <summary> - /// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>. - /// </summary> - /// <remarks> - /// This should be called before sending a negative response back to the relying party - /// if extensions were already added, since negative responses cannot carry extensions. - /// </remarks> - void IRequest.ClearResponseExtensions() { - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <typeparam name="T">The type of the extension.</typeparam> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - T IRequest.GetExtension<T>() { - throw new NotImplementedException(); - } - - /// <summary> - /// Gets an extension sent from the relying party. - /// </summary> - /// <param name="extensionType">The type of the extension.</param> - /// <returns> - /// An instance of the extension initialized with values passed in with the request. - /// </returns> - IOpenIdMessageExtension IRequest.GetExtension(Type extensionType) { - Contract.Requires<ArgumentNullException>(extensionType != null); - throw new NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs index ea19202..6f06024 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs @@ -88,7 +88,7 @@ namespace DotNetOpenAuth.OpenId.Provider { } this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); - this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings); + this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings); this.CryptoKeyStore = cryptoKeyStore; Reporting.RecordFeatureAndDependencyUse(this, nonceStore); @@ -281,12 +281,12 @@ namespace DotNetOpenAuth.OpenId.Provider { if (result == null) { var checkAuthMessage = incomingMessage as CheckAuthenticationRequest; if (checkAuthMessage != null) { - result = new AutoResponsiveRequest(incomingMessage, new CheckAuthenticationResponse(checkAuthMessage, this), this.SecuritySettings); + result = new AutoResponsiveRequest(incomingMessage, new CheckAuthenticationResponseProvider(checkAuthMessage, this), this.SecuritySettings); } } if (result == null) { - var associateMessage = incomingMessage as AssociateRequest; + var associateMessage = incomingMessage as AssociateRequestProvider; if (associateMessage != null) { result = new AutoResponsiveRequest(incomingMessage, associateMessage.CreateResponse(this.AssociationStore, this.SecuritySettings), this.SecuritySettings); } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderSecuritySettings.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderSecuritySettings.cs deleted file mode 100644 index 130e6dd..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderSecuritySettings.cs +++ /dev/null @@ -1,167 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="ProviderSecuritySettings.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - using System; - using System.Collections.Generic; - using System.Collections.ObjectModel; - using System.Collections.Specialized; - using System.Diagnostics.CodeAnalysis; - using System.Linq; - using DotNetOpenAuth.Messaging; - - /// <summary> - /// Security settings that are applicable to providers. - /// </summary> - [Serializable] - public sealed class ProviderSecuritySettings : SecuritySettings { - /// <summary> - /// The default value for the <see cref="ProtectDownlevelReplayAttacks"/> property. - /// </summary> - internal const bool ProtectDownlevelReplayAttacksDefault = true; - - /// <summary> - /// The default value for the <see cref="EncodeAssociationSecretsInHandles"/> property. - /// </summary> - internal const bool EncodeAssociationSecretsInHandlesDefault = true; - - /// <summary> - /// The default value for the <see cref="SignOutgoingExtensions"/> property. - /// </summary> - internal const bool SignOutgoingExtensionsDefault = true; - - /// <summary> - /// The default value for the <see cref="UnsolicitedAssertionVerification"/> property. - /// </summary> - internal const UnsolicitedAssertionVerificationLevel UnsolicitedAssertionVerificationDefault = UnsolicitedAssertionVerificationLevel.RequireSuccess; - - /// <summary> - /// The subset of association types and their customized lifetimes. - /// </summary> - private IDictionary<string, TimeSpan> associationLifetimes = new Dictionary<string, TimeSpan>(); - - /// <summary> - /// Initializes a new instance of the <see cref="ProviderSecuritySettings"/> class. - /// </summary> - internal ProviderSecuritySettings() - : base(true) { - this.SignOutgoingExtensions = SignOutgoingExtensionsDefault; - this.ProtectDownlevelReplayAttacks = ProtectDownlevelReplayAttacksDefault; - this.UnsolicitedAssertionVerification = UnsolicitedAssertionVerificationDefault; - } - - /// <summary> - /// The behavior a Provider takes when verifying that it is authoritative for an - /// identifier it is about to send an unsolicited assertion for. - /// </summary> - [SuppressMessage("Microsoft.Design", "CA1034:NestedTypesShouldNotBeVisible", Justification = "By design")] - public enum UnsolicitedAssertionVerificationLevel { - /// <summary> - /// Always verify that the Provider is authoritative for an identifier before - /// sending an unsolicited assertion for it and fail if it is not. - /// </summary> - RequireSuccess, - - /// <summary> - /// Always check that the Provider is authoritative for an identifier before - /// sending an unsolicited assertion for it, but only log failures, and proceed - /// to send the unsolicited assertion. - /// </summary> - LogWarningOnFailure, - - /// <summary> - /// Never verify that the Provider is authoritative for an identifier before - /// sending an unsolicited assertion for it. - /// </summary> - /// <remarks> - /// This setting is useful for web servers that refuse to allow a Provider to - /// introspectively perform an HTTP GET on itself, when sending unsolicited assertions - /// for identifiers that the OP controls. - /// </remarks> - NeverVerify, - } - - /// <summary> - /// Gets a subset of the available association types and their - /// customized maximum lifetimes. - /// </summary> - public IDictionary<string, TimeSpan> AssociationLifetimes { - get { return this.associationLifetimes; } - } - - /// <summary> - /// Gets or sets a value indicating whether Relying Party discovery will only - /// succeed if done over a secure HTTPS channel. - /// </summary> - /// <value>Default is <c>false</c>.</value> - public bool RequireSsl { get; set; } - - /// <summary> - /// Gets or sets the level of verification a Provider performs on an identifier before - /// sending an unsolicited assertion for it. - /// </summary> - /// <value>The default value is <see cref="UnsolicitedAssertionVerificationLevel.RequireSuccess"/>.</value> - public UnsolicitedAssertionVerificationLevel UnsolicitedAssertionVerification { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether the Provider should ease the burden of storing associations - /// by encoding them in signed, encrypted form into the association handles themselves, storing only - /// a few rotating, private symmetric keys in the Provider's store instead. - /// </summary> - /// <value>The default value for this property is <c>true</c>.</value> - public bool EncodeAssociationSecretsInHandles { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether OpenID 1.x relying parties that may not be - /// protecting their users from replay attacks are protected from - /// replay attacks by this provider. - /// </summary> - /// <value>The default value is <c>true</c>.</value> - /// <remarks> - /// <para>Nonces for protection against replay attacks were not mandated - /// by OpenID 1.x, which leaves users open to replay attacks.</para> - /// <para>This feature works by preventing associations from being used - /// with OpenID 1.x relying parties, thereby forcing them into - /// "dumb" mode and verifying every claim with this provider. - /// This gives the provider an opportunity to verify its own nonce - /// to protect against replay attacks.</para> - /// </remarks> - internal bool ProtectDownlevelReplayAttacks { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether outgoing extensions are always signed. - /// </summary> - /// <value> - /// <c>true</c> if outgoing extensions should be signed; otherwise, <c>false</c>. - /// The default is <c>true</c>. - /// </value> - /// <remarks> - /// This property is internal because Providers should never turn it off, but it is - /// needed for testing the RP's rejection of unsigned extensions. - /// </remarks> - internal bool SignOutgoingExtensions { get; set; } - - /// <summary> - /// Creates a deep clone of this instance. - /// </summary> - /// <returns>A new instance that is a deep clone of this instance.</returns> - internal ProviderSecuritySettings Clone() { - var securitySettings = new ProviderSecuritySettings(); - foreach (var pair in this.AssociationLifetimes) { - securitySettings.AssociationLifetimes.Add(pair); - } - - securitySettings.MaximumHashBitLength = this.MaximumHashBitLength; - securitySettings.MinimumHashBitLength = this.MinimumHashBitLength; - securitySettings.ProtectDownlevelReplayAttacks = this.ProtectDownlevelReplayAttacks; - securitySettings.RequireSsl = this.RequireSsl; - securitySettings.SignOutgoingExtensions = this.SignOutgoingExtensions; - securitySettings.UnsolicitedAssertionVerification = this.UnsolicitedAssertionVerification; - - return securitySettings; - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/RelyingPartyDiscoveryResult.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/RelyingPartyDiscoveryResult.cs deleted file mode 100644 index 4eca6d6..0000000 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/RelyingPartyDiscoveryResult.cs +++ /dev/null @@ -1,36 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="RelyingPartyDiscoveryResult.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.Provider { - /// <summary> - /// The result codes that may be returned from an attempt at relying party discovery. - /// </summary> - public enum RelyingPartyDiscoveryResult { - /// <summary> - /// Relying Party discovery failed to find an XRDS document or the document was invalid. - /// </summary> - /// <remarks> - /// This can happen either when a relying party does not offer a service document at all, - /// or when a man-in-the-middle attack is in progress that prevents the Provider from being - /// able to discover that document. - /// </remarks> - NoServiceDocument, - - /// <summary> - /// Relying Party discovery yielded a valid XRDS document, but no matching return_to URI was found. - /// </summary> - /// <remarks> - /// This is perhaps the most dangerous rating for a relying party, since it suggests that - /// they are implementing OpenID 2.0 securely, but that a hijack operation may be in progress. - /// </remarks> - NoMatchingReturnTo, - - /// <summary> - /// Relying Party discovery succeeded, and a matching return_to URI was found. - /// </summary> - Success, - } -} diff --git a/src/DotNetOpenAuth.OpenId.Provider/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OpenId.Provider/Properties/AssemblyInfo.cs new file mode 100644 index 0000000..e5cab0f --- /dev/null +++ b/src/DotNetOpenAuth.OpenId.Provider/Properties/AssemblyInfo.cs @@ -0,0 +1,54 @@ +//----------------------------------------------------------------------- +// <copyright file="AssemblyInfo.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +// We DON'T put an AssemblyVersionAttribute in here because it is generated in the build. + +using System; +using System.Diagnostics.Contracts; +using System.Net; +using System.Reflection; +using System.Resources; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; +using System.Security; +using System.Security.Permissions; +using System.Web.UI; + +[assembly: TagPrefix("DotNetOpenAuth.OpenId.Provider", "op")] + +// General Information about an assembly is controlled through the following +// set of attributes. Change these attribute values to modify the information +// associated with an assembly. +[assembly: AssemblyTitle("DotNetOpenAuth OpenID")] +[assembly: AssemblyDescription("")] +[assembly: AssemblyConfiguration("")] +[assembly: AssemblyCompany("")] +[assembly: AssemblyProduct("DotNetOpenAuth")] +[assembly: AssemblyCopyright("Copyright © 2008")] +[assembly: AssemblyTrademark("")] +[assembly: AssemblyCulture("")] +[assembly: NeutralResourcesLanguage("en-US")] +[assembly: CLSCompliant(true)] + +// Setting ComVisible to false makes the types in this assembly not visible +// to COM components. If you need to access a type in this assembly from +// COM, set the ComVisible attribute to true on that type. +[assembly: ComVisible(false)] + +// The following GUID is for the ID of the typelib if this project is exposed to COM +[assembly: Guid("7d73990c-47c0-4256-9f20-a893add9e289")] + +[assembly: ContractVerification(true)] + +#if StrongNameSigned +// See comment at top of this file. We need this so that strong-naming doesn't +// keep this assembly from being useful to shared host (medium trust) web sites. +[assembly: AllowPartiallyTrustedCallers] + +[assembly: InternalsVisibleTo("DotNetOpenAuth.Test, PublicKey=0024000004800000940000000602000000240000525341310004000001000100AD093C3765257C89A7010E853F2C7C741FF92FA8ACE06D7B8254702CAD5CF99104447F63AB05F8BB6F51CE0D81C8C93D2FCE8C20AAFF7042E721CBA16EAAE98778611DED11C0ABC8900DC5667F99B50A9DADEC24DBD8F2C91E3E8AD300EF64F1B4B9536CEB16FB440AF939F57624A9B486F867807C649AE4830EAB88C6C03998")] +#else +[assembly: InternalsVisibleTo("DotNetOpenAuth.Test")] +#endif |