summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.OpenId/OpenId
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth.OpenId/OpenId')
-rw-r--r--src/DotNetOpenAuth.OpenId/OpenId/IOpenIdHost.cs28
-rw-r--r--src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs82
-rw-r--r--src/DotNetOpenAuth.OpenId/OpenId/Protocol.cs6
-rw-r--r--src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs15
-rw-r--r--src/DotNetOpenAuth.OpenId/OpenId/SecuritySettings.cs15
5 files changed, 131 insertions, 15 deletions
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/IOpenIdHost.cs b/src/DotNetOpenAuth.OpenId/OpenId/IOpenIdHost.cs
new file mode 100644
index 0000000..419cc84
--- /dev/null
+++ b/src/DotNetOpenAuth.OpenId/OpenId/IOpenIdHost.cs
@@ -0,0 +1,28 @@
+//-----------------------------------------------------------------------
+// <copyright file="IOpenIdHost.cs" company="Outercurve Foundation">
+// Copyright (c) Outercurve Foundation. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.OpenId {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Text;
+ using DotNetOpenAuth.Messaging;
+
+ /// <summary>
+ /// An interface implemented by both providers and relying parties.
+ /// </summary>
+ internal interface IOpenIdHost {
+ /// <summary>
+ /// Gets the security settings.
+ /// </summary>
+ SecuritySettings SecuritySettings { get; }
+
+ /// <summary>
+ /// Gets the web request handler.
+ /// </summary>
+ IDirectWebRequestHandler WebRequestHandler { get; }
+ }
+}
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs b/src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs
new file mode 100644
index 0000000..6a3cfaa
--- /dev/null
+++ b/src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs
@@ -0,0 +1,82 @@
+//-----------------------------------------------------------------------
+// <copyright file="IdentifierDiscoveryServices.cs" company="Outercurve Foundation">
+// Copyright (c) Outercurve Foundation. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.OpenId {
+ using System.Collections.Generic;
+ using System.Diagnostics.Contracts;
+ using System.Linq;
+ using DotNetOpenAuth.Configuration;
+ using DotNetOpenAuth.Messaging;
+
+ /// <summary>
+ /// A service that can perform discovery on OpenID identifiers.
+ /// </summary>
+ internal class IdentifierDiscoveryServices {
+ /// <summary>
+ /// The RP or OP that is hosting these services.
+ /// </summary>
+ private readonly IOpenIdHost host;
+
+ /// <summary>
+ /// Backing field for the <see cref="DiscoveryServices"/> property.
+ /// </summary>
+ private readonly IList<IIdentifierDiscoveryService> discoveryServices = new List<IIdentifierDiscoveryService>(2);
+
+ /// <summary>
+ /// Initializes a new instance of the <see cref="IdentifierDiscoveryServices"/> class.
+ /// </summary>
+ /// <param name="host">The RP or OP that creates this instance.</param>
+ internal IdentifierDiscoveryServices(IOpenIdHost host) {
+ Requires.NotNull(host, "host");
+
+ this.host = host;
+ this.discoveryServices.AddRange(OpenIdElement.Configuration.RelyingParty.DiscoveryServices.CreateInstances(true));
+ }
+
+ /// <summary>
+ /// Gets the list of services that can perform discovery on identifiers given.
+ /// </summary>
+ public IList<IIdentifierDiscoveryService> DiscoveryServices {
+ get { return this.discoveryServices; }
+ }
+
+ /// <summary>
+ /// Performs discovery on the specified identifier.
+ /// </summary>
+ /// <param name="identifier">The identifier to discover services for.</param>
+ /// <returns>A non-null sequence of services discovered for the identifier.</returns>
+ public IEnumerable<IdentifierDiscoveryResult> Discover(Identifier identifier) {
+ Requires.NotNull(identifier, "identifier");
+ Contract.Ensures(Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null);
+
+ IEnumerable<IdentifierDiscoveryResult> results = Enumerable.Empty<IdentifierDiscoveryResult>();
+ foreach (var discoverer in this.DiscoveryServices) {
+ bool abortDiscoveryChain;
+ var discoveryResults = discoverer.Discover(identifier, this.host.WebRequestHandler, out abortDiscoveryChain).CacheGeneratedResults();
+ results = results.Concat(discoveryResults);
+ if (abortDiscoveryChain) {
+ Logger.OpenId.InfoFormat("Further discovery on '{0}' was stopped by the {1} discovery service.", identifier, discoverer.GetType().Name);
+ break;
+ }
+ }
+
+ // If any OP Identifier service elements were found, we must not proceed
+ // to use any Claimed Identifier services, per OpenID 2.0 sections 7.3.2.2 and 11.2.
+ // For a discussion on this topic, see
+ // http://groups.google.com/group/dotnetopenid/browse_thread/thread/4b5a8c6b2210f387/5e25910e4d2252c8
+ // Sometimes the IIdentifierDiscoveryService will automatically filter this for us, but
+ // just to be sure, we'll do it here as well.
+ if (!this.host.SecuritySettings.AllowDualPurposeIdentifiers) {
+ results = results.CacheGeneratedResults(); // avoid performing discovery repeatedly
+ var opIdentifiers = results.Where(result => result.ClaimedIdentifier == result.Protocol.ClaimedIdentifierForOPIdentifier);
+ var claimedIdentifiers = results.Where(result => result.ClaimedIdentifier != result.Protocol.ClaimedIdentifierForOPIdentifier);
+ results = opIdentifiers.Any() ? opIdentifiers : claimedIdentifiers;
+ }
+
+ return results;
+ }
+ }
+}
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/Protocol.cs b/src/DotNetOpenAuth.OpenId/OpenId/Protocol.cs
index c8324bd..22f5b9c 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/Protocol.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/Protocol.cs
@@ -44,6 +44,12 @@ namespace DotNetOpenAuth.OpenId {
internal const string OpenId2Namespace = "http://specs.openid.net/auth/2.0";
/// <summary>
+ /// The parameter of the callback parameter we tack onto the return_to URL
+ /// to store the replay-detection nonce.
+ /// </summary>
+ internal const string ReturnToNonceParameter = OpenIdUtilities.CustomParameterPrefix + "request_nonce";
+
+ /// <summary>
/// Scans a list for matches with some element of the OpenID protocol,
/// searching from newest to oldest protocol for the first and best match.
/// </summary>
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs
index 7603055..77ccbca 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs
@@ -121,21 +121,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
public bool RequireAssociation { get; set; }
/// <summary>
- /// Gets or sets a value indicating whether identifiers that are both OP Identifiers and Claimed Identifiers
- /// should ever be recognized as claimed identifiers.
- /// </summary>
- /// <value>
- /// The default value is <c>false</c>, per the OpenID 2.0 spec.
- /// </value>
- /// <remarks>
- /// OpenID 2.0 sections 7.3.2.2 and 11.2 specify that OP Identifiers never be recognized as Claimed Identifiers.
- /// However, for some scenarios it may be desirable for an RP to override this behavior and allow this.
- /// The security ramifications of setting this property to <c>true</c> have not been fully explored and
- /// therefore this setting should only be changed with caution.
- /// </remarks>
- public bool AllowDualPurposeIdentifiers { get; set; }
-
- /// <summary>
/// Gets or sets a value indicating whether certain Claimed Identifiers that exploit
/// features that .NET does not have the ability to send exact HTTP requests for will
/// still be allowed by using an approximate HTTP request.
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/SecuritySettings.cs b/src/DotNetOpenAuth.OpenId/OpenId/SecuritySettings.cs
index fb08fb6..2035c9f 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/SecuritySettings.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/SecuritySettings.cs
@@ -68,6 +68,21 @@ namespace DotNetOpenAuth.OpenId {
public int MaximumHashBitLength { get; set; }
/// <summary>
+ /// Gets or sets a value indicating whether identifiers that are both OP Identifiers and Claimed Identifiers
+ /// should ever be recognized as claimed identifiers.
+ /// </summary>
+ /// <value>
+ /// The default value is <c>false</c>, per the OpenID 2.0 spec.
+ /// </value>
+ /// <remarks>
+ /// OpenID 2.0 sections 7.3.2.2 and 11.2 specify that OP Identifiers never be recognized as Claimed Identifiers.
+ /// However, for some scenarios it may be desirable for an RP to override this behavior and allow this.
+ /// The security ramifications of setting this property to <c>true</c> have not been fully explored and
+ /// therefore this setting should only be changed with caution.
+ /// </remarks>
+ public bool AllowDualPurposeIdentifiers { get; set; }
+
+ /// <summary>
/// Determines whether a named association fits the security requirements.
/// </summary>
/// <param name="protocol">The protocol carrying the association.</param>
generated by cgit v1.1 at 2025-05-29 16:31:02 +0000