summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/RelyingPartySecurityOptions.cs
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/RelyingPartySecurityOptions.cs')
-rw-r--r--src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/RelyingPartySecurityOptions.cs98
1 files changed, 98 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/RelyingPartySecurityOptions.cs b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/RelyingPartySecurityOptions.cs
new file mode 100644
index 0000000..d8fc103
--- /dev/null
+++ b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/RelyingPartySecurityOptions.cs
@@ -0,0 +1,98 @@
+//-----------------------------------------------------------------------
+// <copyright file="RelyingPartySecurityOptions.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.OpenId.ChannelElements {
+ using DotNetOpenAuth.Messaging;
+ using DotNetOpenAuth.OpenId.Messages;
+ using DotNetOpenAuth.OpenId.RelyingParty;
+
+ /// <summary>
+ /// Helps ensure compliance to some properties in the <see cref="RelyingPartySecuritySettings"/>.
+ /// </summary>
+ internal class RelyingPartySecurityOptions : IChannelBindingElement {
+ /// <summary>
+ /// The security settings that are active on the relying party.
+ /// </summary>
+ private RelyingPartySecuritySettings securitySettings;
+
+ /// <summary>
+ /// Initializes a new instance of the <see cref="RelyingPartySecurityOptions"/> class.
+ /// </summary>
+ /// <param name="securitySettings">The security settings.</param>
+ internal RelyingPartySecurityOptions(RelyingPartySecuritySettings securitySettings) {
+ this.securitySettings = securitySettings;
+ }
+
+ #region IChannelBindingElement Members
+
+ /// <summary>
+ /// Gets or sets the channel that this binding element belongs to.
+ /// </summary>
+ /// <remarks>
+ /// This property is set by the channel when it is first constructed.
+ /// </remarks>
+ public Channel Channel { get; set; }
+
+ /// <summary>
+ /// Gets the protection commonly offered (if any) by this binding element.
+ /// </summary>
+ /// <remarks>
+ /// This value is used to assist in sorting binding elements in the channel stack.
+ /// </remarks>
+ public MessageProtections Protection {
+ get { return MessageProtections.None; }
+ }
+
+ /// <summary>
+ /// Prepares a message for sending based on the rules of this channel binding element.
+ /// </summary>
+ /// <param name="message">The message to prepare for sending.</param>
+ /// <returns>
+ /// The protections (if any) that this binding element applied to the message.
+ /// Null if this binding element did not even apply to this binding element.
+ /// </returns>
+ /// <remarks>
+ /// Implementations that provide message protection must honor the
+ /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable.
+ /// </remarks>
+ public MessageProtections? ProcessOutgoingMessage(IProtocolMessage message) {
+ return null;
+ }
+
+ /// <summary>
+ /// Performs any transformation on an incoming message that may be necessary and/or
+ /// validates an incoming message based on the rules of this channel binding element.
+ /// </summary>
+ /// <param name="message">The incoming message to process.</param>
+ /// <returns>
+ /// The protections (if any) that this binding element applied to the message.
+ /// Null if this binding element did not even apply to this binding element.
+ /// </returns>
+ /// <exception cref="ProtocolException">
+ /// Thrown when the binding element rules indicate that this message is invalid and should
+ /// NOT be processed.
+ /// </exception>
+ /// <remarks>
+ /// Implementations that provide message protection must honor the
+ /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable.
+ /// </remarks>
+ public MessageProtections? ProcessIncomingMessage(IProtocolMessage message) {
+ var positiveAssertion = message as PositiveAssertionResponse;
+ if (positiveAssertion != null) {
+ ErrorUtilities.VerifyProtocol(
+ !this.securitySettings.RejectDelegatingIdentifiers ||
+ positiveAssertion.LocalIdentifier == positiveAssertion.ClaimedIdentifier,
+ OpenIdStrings.DelegatingIdentifiersNotAllowed);
+
+ return MessageProtections.None;
+ }
+
+ return null;
+ }
+
+ #endregion
+ }
+}
generated by cgit v1.1 at 2025-06-03 11:35:39 +0000