diff options
Diffstat (limited to 'src')
13 files changed, 99 insertions, 107 deletions
diff --git a/src/DotNetOpenAuth/Configuration/OpenIdProviderElement.cs b/src/DotNetOpenAuth/Configuration/OpenIdProviderElement.cs index 7674536..b51ccfb 100644 --- a/src/DotNetOpenAuth/Configuration/OpenIdProviderElement.cs +++ b/src/DotNetOpenAuth/Configuration/OpenIdProviderElement.cs @@ -20,9 +20,9 @@ namespace DotNetOpenAuth.Configuration { private const string SecuritySettingsConfigName = "security"; /// <summary> - /// Gets the name of the <securityProfiles> sub-element. + /// Gets the name of the <behaviors> sub-element. /// </summary> - private const string SecurityProfilesElementName = "securityProfiles"; + private const string BehaviorsElementName = "behaviors"; /// <summary> /// The name of the custom store sub-element. @@ -45,13 +45,13 @@ namespace DotNetOpenAuth.Configuration { } /// <summary> - /// Gets or sets the predefined security profiles to apply. + /// Gets or sets the special behaviors to apply. /// </summary> - [ConfigurationProperty(SecurityProfilesElementName, IsDefaultCollection = false)] - [ConfigurationCollection(typeof(TypeConfigurationCollection<IProviderSecurityProfile>))] - public TypeConfigurationCollection<IProviderSecurityProfile> SecurityProfiles { - get { return (TypeConfigurationCollection<IProviderSecurityProfile>)this[SecurityProfilesElementName] ?? new TypeConfigurationCollection<IProviderSecurityProfile>(); } - set { this[SecurityProfilesElementName] = value; } + [ConfigurationProperty(BehaviorsElementName, IsDefaultCollection = false)] + [ConfigurationCollection(typeof(TypeConfigurationCollection<IProviderBehavior>))] + public TypeConfigurationCollection<IProviderBehavior> Behaviors { + get { return (TypeConfigurationCollection<IProviderBehavior>)this[BehaviorsElementName] ?? new TypeConfigurationCollection<IProviderBehavior>(); } + set { this[BehaviorsElementName] = value; } } /// <summary> diff --git a/src/DotNetOpenAuth/Configuration/OpenIdRelyingPartyElement.cs b/src/DotNetOpenAuth/Configuration/OpenIdRelyingPartyElement.cs index 7c1162c..cdf4fd3 100644 --- a/src/DotNetOpenAuth/Configuration/OpenIdRelyingPartyElement.cs +++ b/src/DotNetOpenAuth/Configuration/OpenIdRelyingPartyElement.cs @@ -25,9 +25,9 @@ namespace DotNetOpenAuth.Configuration { private const string SecuritySettingsConfigName = "security"; /// <summary> - /// Gets the name of the <securityProfiles> sub-element. + /// Gets the name of the <behaviors> sub-element. /// </summary> - private const string SecurityProfilesElementName = "securityProfiles"; + private const string BehaviorsElementName = "behaviors"; /// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingPartyElement"/> class. @@ -45,13 +45,13 @@ namespace DotNetOpenAuth.Configuration { } /// <summary> - /// Gets or sets the predefined security profiles to apply. + /// Gets or sets the special behaviors to apply. /// </summary> - [ConfigurationProperty(SecurityProfilesElementName, IsDefaultCollection = false)] - [ConfigurationCollection(typeof(TypeConfigurationCollection<IRelyingPartySecurityProfile>))] - public TypeConfigurationCollection<IRelyingPartySecurityProfile> SecurityProfiles { - get { return (TypeConfigurationCollection<IRelyingPartySecurityProfile>)this[SecurityProfilesElementName] ?? new TypeConfigurationCollection<IRelyingPartySecurityProfile>(); } - set { this[SecurityProfilesElementName] = value; } + [ConfigurationProperty(BehaviorsElementName, IsDefaultCollection = false)] + [ConfigurationCollection(typeof(TypeConfigurationCollection<IRelyingPartyBehavior>))] + public TypeConfigurationCollection<IRelyingPartyBehavior> Behaviors { + get { return (TypeConfigurationCollection<IRelyingPartyBehavior>)this[BehaviorsElementName] ?? new TypeConfigurationCollection<IRelyingPartyBehavior>(); } + set { this[BehaviorsElementName] = value; } } /// <summary> diff --git a/src/DotNetOpenAuth/DotNetOpenAuth.csproj b/src/DotNetOpenAuth/DotNetOpenAuth.csproj index 7af9539..a6f0467 100644 --- a/src/DotNetOpenAuth/DotNetOpenAuth.csproj +++ b/src/DotNetOpenAuth/DotNetOpenAuth.csproj @@ -395,7 +395,7 @@ <Compile Include="OpenId\Provider\IdentityEndpointNormalizationEventArgs.cs" /> <Compile Include="OpenId\Provider\IErrorReporting.cs" /> <Compile Include="OpenId\Provider\IProviderApplicationStore.cs" /> - <Compile Include="OpenId\Provider\IProviderSecurityProfile.cs" /> + <Compile Include="OpenId\Provider\IProviderBehavior.cs" /> <Compile Include="OpenId\Provider\IRequest.cs" /> <Compile Include="OpenId\Provider\ProviderEndpoint.cs" /> <Compile Include="OpenId\Provider\RelyingPartyDiscoveryResult.cs" /> @@ -433,7 +433,7 @@ <Compile Include="OpenId\RelyingParty\AssociationPreference.cs" /> <Compile Include="OpenId\RelyingParty\AuthenticationRequest.cs" /> <Compile Include="OpenId\RelyingParty\AuthenticationRequestMode.cs" /> - <Compile Include="OpenId\RelyingParty\IRelyingPartySecurityProfile.cs" /> + <Compile Include="OpenId\RelyingParty\IRelyingPartyBehavior.cs" /> <Compile Include="OpenId\RelyingParty\NegativeAuthenticationResponse.cs" /> <Compile Include="OpenId\RelyingParty\OpenIdAjaxTextBox.cs" /> <Compile Include="OpenId\RelyingParty\OpenIdEventArgs.cs" /> @@ -466,12 +466,12 @@ <Compile Include="OpenId\RelyingParty\ServiceEndpoint.cs" /> <Compile Include="OpenId\OpenIdXrdsHelper.cs" /> <Compile Include="OpenId\RelyingParty\StandardRelyingPartyApplicationStore.cs" /> - <Compile Include="OpenId\SecurityProfiles\SecurityProfileStrings.Designer.cs"> + <Compile Include="OpenId\Behaviors\BehaviorStrings.Designer.cs"> <AutoGen>True</AutoGen> <DesignTime>True</DesignTime> - <DependentUpon>SecurityProfileStrings.resx</DependentUpon> + <DependentUpon>BehaviorStrings.resx</DependentUpon> </Compile> - <Compile Include="OpenId\SecurityProfiles\USGovernmentLevel1.cs" /> + <Compile Include="OpenId\Behaviors\USGovernmentLevel1.cs" /> <Compile Include="OpenId\SecuritySettings.cs" /> <Compile Include="Messaging\UntrustedWebRequestHandler.cs" /> <Compile Include="OpenId\UriIdentifier.cs" /> @@ -566,9 +566,9 @@ <EmbeddedResource Include="InfoCard\infocard_81x57.png" /> <EmbeddedResource Include="InfoCard\infocard_92x64.png" /> <EmbeddedResource Include="InfoCard\SupportingScript.js" /> - <EmbeddedResource Include="OpenId\SecurityProfiles\SecurityProfileStrings.resx"> + <EmbeddedResource Include="OpenId\Behaviors\BehaviorStrings.resx"> <Generator>ResXFileCodeGenerator</Generator> - <LastGenOutput>SecurityProfileStrings.Designer.cs</LastGenOutput> + <LastGenOutput>BehaviorStrings.Designer.cs</LastGenOutput> </EmbeddedResource> </ItemGroup> <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" /> diff --git a/src/DotNetOpenAuth/OpenId/SecurityProfiles/SecurityProfileStrings.Designer.cs b/src/DotNetOpenAuth/OpenId/Behaviors/BehaviorStrings.Designer.cs index 8ff10c0..937ecaf 100644 --- a/src/DotNetOpenAuth/OpenId/SecurityProfiles/SecurityProfileStrings.Designer.cs +++ b/src/DotNetOpenAuth/OpenId/Behaviors/BehaviorStrings.Designer.cs @@ -8,7 +8,7 @@ // </auto-generated> //------------------------------------------------------------------------------ -namespace DotNetOpenAuth.OpenId.SecurityProfiles { +namespace DotNetOpenAuth.OpenId.Behaviors { using System; @@ -22,14 +22,14 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")] [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] - internal class SecurityProfileStrings { + internal class BehaviorStrings { private static global::System.Resources.ResourceManager resourceMan; private static global::System.Globalization.CultureInfo resourceCulture; [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] - internal SecurityProfileStrings() { + internal BehaviorStrings() { } /// <summary> @@ -39,7 +39,7 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { internal static global::System.Resources.ResourceManager ResourceManager { get { if (object.ReferenceEquals(resourceMan, null)) { - global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("DotNetOpenAuth.OpenId.SecurityProfiles.SecurityProfileStrings", typeof(SecurityProfileStrings).Assembly); + global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("DotNetOpenAuth.OpenId.Behaviors.BehaviorStrings", typeof(BehaviorStrings).Assembly); resourceMan = temp; } return resourceMan; @@ -122,14 +122,5 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { return ResourceManager.GetString("RealmMustBeHttps", resourceCulture); } } - - /// <summary> - /// Looks up a localized string similar to The security profile {0} mandates security settings that have been changed to disallowed values.. - /// </summary> - internal static string SecuritySettingsNotCompliantWithProfile { - get { - return ResourceManager.GetString("SecuritySettingsNotCompliantWithProfile", resourceCulture); - } - } } } diff --git a/src/DotNetOpenAuth/OpenId/SecurityProfiles/SecurityProfileStrings.resx b/src/DotNetOpenAuth/OpenId/Behaviors/BehaviorStrings.resx index 04d53d4..a8bf2d6 100644 --- a/src/DotNetOpenAuth/OpenId/SecurityProfiles/SecurityProfileStrings.resx +++ b/src/DotNetOpenAuth/OpenId/Behaviors/BehaviorStrings.resx @@ -138,7 +138,4 @@ <data name="RealmMustBeHttps" xml:space="preserve"> <value>The Realm in an authentication request must be an HTTPS URL.</value> </data> - <data name="SecuritySettingsNotCompliantWithProfile" xml:space="preserve"> - <value>The security profile {0} mandates security settings that have been changed to disallowed values.</value> - </data> </root>
\ No newline at end of file diff --git a/src/DotNetOpenAuth/OpenId/SecurityProfiles/USGovernmentLevel1.cs b/src/DotNetOpenAuth/OpenId/Behaviors/USGovernmentLevel1.cs index 2e5dd18..9b160ac 100644 --- a/src/DotNetOpenAuth/OpenId/SecurityProfiles/USGovernmentLevel1.cs +++ b/src/DotNetOpenAuth/OpenId/Behaviors/USGovernmentLevel1.cs @@ -4,7 +4,7 @@ // </copyright> //----------------------------------------------------------------------- -namespace DotNetOpenAuth.OpenId.SecurityProfiles { +namespace DotNetOpenAuth.OpenId.Behaviors { using System; using System.Diagnostics.Contracts; using System.Linq; @@ -23,7 +23,8 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { /// but Providers are only affected by the special behaviors of the profile when the RP specifically /// indicates that they want to use this profile. </para> /// </remarks> - public sealed class USGovernmentLevel1 : IRelyingPartySecurityProfile, IProviderSecurityProfile { + [Serializable] + public sealed class USGovernmentLevel1 : IRelyingPartyBehavior, IProviderBehavior { /// <summary> /// The maximum time a shared association can live. /// </summary> @@ -33,6 +34,9 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { /// Initializes a new instance of the <see cref="USGovernmentLevel1"/> class. /// </summary> public USGovernmentLevel1() { + if (DisableSslRequirement) { + Logger.OpenId.Warn("GSA level 1 behavior has its RequireSsl requirement disabled."); + } } /// <summary> @@ -51,7 +55,7 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { /// </summary> public static bool DisableSslRequirement { get; set; } - #region IRelyingPartySecurityProfile Members + #region IRelyingPartyBehavior Members /// <summary> /// Applies a well known set of security requirements. @@ -62,7 +66,7 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { /// Profiles should only enhance security requirements to avoid being /// incompatible with each other. /// </remarks> - void IRelyingPartySecurityProfile.ApplySecuritySettings(RelyingPartySecuritySettings securitySettings) { + void IRelyingPartyBehavior.ApplySecuritySettings(RelyingPartySecuritySettings securitySettings) { ErrorUtilities.VerifyArgumentNotNull(securitySettings, "securitySettings"); if (securitySettings.MaximumHashBitLength < 256) { @@ -81,11 +85,11 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { /// Called when an authentication request is about to be sent. /// </summary> /// <param name="request">The request.</param> - void IRelyingPartySecurityProfile.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request) { + void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request) { ErrorUtilities.VerifyArgumentNotNull(request, "request"); RelyingParty.AuthenticationRequest requestInternal = (RelyingParty.AuthenticationRequest)request; - ErrorUtilities.VerifyProtocol(string.Equals(request.Realm.Scheme, Uri.UriSchemeHttps, StringComparison.Ordinal) || DisableSslRequirement, SecurityProfileStrings.RealmMustBeHttps); + ErrorUtilities.VerifyProtocol(string.Equals(request.Realm.Scheme, Uri.UriSchemeHttps, StringComparison.Ordinal) || DisableSslRequirement, BehaviorStrings.RealmMustBeHttps); var pape = requestInternal.AppliedExtensions.OfType<PolicyRequest>().SingleOrDefault(); if (pape == null) { @@ -108,7 +112,7 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { ErrorUtilities.VerifyProtocol( (!requestInternal.AppliedExtensions.OfType<ClaimsRequest>().Any() && !requestInternal.AppliedExtensions.OfType<FetchRequest>().Any()), - SecurityProfileStrings.PiiIncludedWithNoPiiPolicy); + BehaviorStrings.PiiIncludedWithNoPiiPolicy); } } @@ -116,7 +120,7 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { /// Called when an incoming positive assertion is received. /// </summary> /// <param name="assertion">The positive assertion.</param> - void IRelyingPartySecurityProfile.OnIncomingPositiveAssertion(IAuthenticationResponse assertion) { + void IRelyingPartyBehavior.OnIncomingPositiveAssertion(IAuthenticationResponse assertion) { ErrorUtilities.VerifyArgumentNotNull(assertion, "assertion"); PolicyResponse pape = assertion.GetExtension<PolicyResponse>(); @@ -124,36 +128,36 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { pape != null && pape.ActualPolicies.Contains(AuthenticationPolicies.USGovernmentTrustLevel1) && pape.ActualPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier), - SecurityProfileStrings.PapeResponseOrRequiredPoliciesMissing); + BehaviorStrings.PapeResponseOrRequiredPoliciesMissing); - ErrorUtilities.VerifyProtocol(AllowPersonallyIdentifiableInformation || pape.ActualPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation), SecurityProfileStrings.PapeResponseOrRequiredPoliciesMissing); + ErrorUtilities.VerifyProtocol(AllowPersonallyIdentifiableInformation || pape.ActualPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation), BehaviorStrings.PapeResponseOrRequiredPoliciesMissing); if (pape.ActualPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation)) { ErrorUtilities.VerifyProtocol( assertion.GetExtension<ClaimsResponse>() == null && assertion.GetExtension<FetchResponse>() == null, - SecurityProfileStrings.PiiIncludedWithNoPiiPolicy); + BehaviorStrings.PiiIncludedWithNoPiiPolicy); } } #endregion - #region IProviderSecurityProfile Members + #region IProviderBehavior Members /// <summary> /// Called when a request is received by the Provider. /// </summary> /// <param name="request">The incoming request.</param> /// <returns> - /// <c>true</c> if this security profile owns this request and wants to stop other security profiles - /// from handling it; <c>false</c> to allow other security profiles to process this request. + /// <c>true</c> if this behavior owns this request and wants to stop other behaviors + /// from handling it; <c>false</c> to allow other behaviors to process this request. /// </returns> /// <remarks> /// Implementations may set a new value to <see cref="IRequest.SecuritySettings"/> but /// should not change the properties on the instance of <see cref="ProviderSecuritySettings"/> /// itself as that instance may be shared across many requests. /// </remarks> - bool IProviderSecurityProfile.OnIncomingRequest(IRequest request) { + bool IProviderBehavior.OnIncomingRequest(IRequest request) { ErrorUtilities.VerifyArgumentNotNull(request, "request"); var hostProcessedRequest = request as IHostProcessedRequest; @@ -163,8 +167,8 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { if (papeRequest != null) { if (papeRequest.PreferredPolicies.Contains(AuthenticationPolicies.USGovernmentTrustLevel1)) { // Whenever we see this GSA policy requested, we MUST also see the PPID policy requested. - ErrorUtilities.VerifyProtocol(papeRequest.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier), SecurityProfileStrings.PapeRequestMissingRequiredPolicies); - ErrorUtilities.VerifyProtocol(string.Equals(hostProcessedRequest.Realm.Scheme, Uri.UriSchemeHttps, StringComparison.Ordinal) || DisableSslRequirement, SecurityProfileStrings.RealmMustBeHttps); + ErrorUtilities.VerifyProtocol(papeRequest.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier), BehaviorStrings.PapeRequestMissingRequiredPolicies); + ErrorUtilities.VerifyProtocol(string.Equals(hostProcessedRequest.Realm.Scheme, Uri.UriSchemeHttps, StringComparison.Ordinal) || DisableSslRequirement, BehaviorStrings.RealmMustBeHttps); request.SecuritySettings = GetProviderSecuritySettings(request.SecuritySettings); return true; @@ -180,10 +184,10 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { /// </summary> /// <param name="request">The request that is configured to generate the outgoing response.</param> /// <returns> - /// <c>true</c> if this security profile owns this request and wants to stop other security profiles - /// from handling it; <c>false</c> to allow other security profiles to process this request. + /// <c>true</c> if this behavior owns this request and wants to stop other behaviors + /// from handling it; <c>false</c> to allow other behaviors to process this request. /// </returns> - bool IProviderSecurityProfile.OnOutgoingResponse(Provider.IAuthenticationRequest request) { + bool IProviderBehavior.OnOutgoingResponse(Provider.IAuthenticationRequest request) { ErrorUtilities.VerifyArgumentNotNull(request, "request"); bool result = false; @@ -214,14 +218,14 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { // warn the user of a potential threat or just abort the authentication. // We can't verify that the OP displayed anything to the user at this level, but we can // at least verify that the OP performed the discovery on the realm and halt things if it didn't. - ErrorUtilities.VerifyHost(requestInternal.HasRealmDiscoveryBeenPerformed, SecurityProfileStrings.RealmDiscoveryNotPerformed); + ErrorUtilities.VerifyHost(requestInternal.HasRealmDiscoveryBeenPerformed, BehaviorStrings.RealmDiscoveryNotPerformed); } if (papeRequest.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) { ErrorUtilities.VerifyProtocol(request.ClaimedIdentifier == request.LocalIdentifier, OpenIdStrings.DelegatingIdentifiersNotAllowed); // Mask the user's identity with a PPID. - ErrorUtilities.VerifyHost(PpidIdentifierProvider != null, SecurityProfileStrings.PpidProviderNotGiven); + ErrorUtilities.VerifyHost(PpidIdentifierProvider != null, BehaviorStrings.PpidProviderNotGiven); Identifier ppidIdentifier = PpidIdentifierProvider.GetIdentifier(request.LocalIdentifier, request.Realm); requestInternal.ResetClaimedAndLocalIdentifiers(ppidIdentifier); @@ -235,7 +239,7 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { ErrorUtilities.VerifyProtocol( !responseMessage.Extensions.OfType<ClaimsResponse>().Any() && !responseMessage.Extensions.OfType<FetchResponse>().Any(), - SecurityProfileStrings.PiiIncludedWithNoPiiPolicy); + BehaviorStrings.PiiIncludedWithNoPiiPolicy); // If no PII is given in extensions, and the claimed_id is a PPID, then we can state we issue no PII. if (papeResponse.ActualPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) { @@ -252,7 +256,7 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { #endregion /// <summary> - /// Adapts the default security settings to the requirements of this security profile. + /// Adapts the default security settings to the requirements of this behavior. /// </summary> /// <param name="originalSecuritySettings">The original security settings.</param> /// <returns>A new security settings instance that should be used for all qualifying incoming requests.</returns> @@ -277,8 +281,8 @@ namespace DotNetOpenAuth.OpenId.SecurityProfiles { /// <param name="maximumLifetime">The maximum lifetime.</param> /// <param name="securitySettings">The security settings to adjust.</param> private static void SetMaximumAssociationLifetimeToNotExceed(string associationType, TimeSpan maximumLifetime, ProviderSecuritySettings securitySettings) { - Contract.RequiresAlways(!String.IsNullOrEmpty(associationType)); - Contract.RequiresAlways(maximumLifetime.TotalSeconds > 0); + Contract.Requires(!String.IsNullOrEmpty(associationType)); + Contract.Requires(maximumLifetime.TotalSeconds > 0); if (!securitySettings.AssociationLifetimes.ContainsKey(associationType) || securitySettings.AssociationLifetimes[associationType] > maximumLifetime) { securitySettings.AssociationLifetimes[associationType] = maximumLifetime; diff --git a/src/DotNetOpenAuth/OpenId/Provider/AuthenticationRequest.cs b/src/DotNetOpenAuth/OpenId/Provider/AuthenticationRequest.cs index a2db09f..56e73da 100644 --- a/src/DotNetOpenAuth/OpenId/Provider/AuthenticationRequest.cs +++ b/src/DotNetOpenAuth/OpenId/Provider/AuthenticationRequest.cs @@ -205,7 +205,7 @@ namespace DotNetOpenAuth.OpenId.Provider { /// </summary> /// <param name="identifier">The value to set to the <see cref="ClaimedIdentifier"/> and <see cref="LocalIdentifier"/> properties.</param> internal void ResetClaimedAndLocalIdentifiers(Identifier identifier) { - Contract.RequiresAlways(identifier != null); + Contract.Requires(identifier != null); ErrorUtilities.VerifyArgumentNotNull(identifier, "identifier"); this.positiveResponse.ClaimedIdentifier = identifier; diff --git a/src/DotNetOpenAuth/OpenId/Provider/HostProcessedRequest.cs b/src/DotNetOpenAuth/OpenId/Provider/HostProcessedRequest.cs index e772b77..4bb7d28 100644 --- a/src/DotNetOpenAuth/OpenId/Provider/HostProcessedRequest.cs +++ b/src/DotNetOpenAuth/OpenId/Provider/HostProcessedRequest.cs @@ -105,7 +105,7 @@ namespace DotNetOpenAuth.OpenId.Provider { /// See OpenID Authentication 2.0 spec section 9.2.1. /// </remarks> public RelyingPartyDiscoveryResult IsReturnUrlDiscoverable(OpenIdProvider provider) { - Contract.RequiresAlways(provider != null); + Contract.Requires(provider != null); ErrorUtilities.VerifyArgumentNotNull(provider, "provider"); if (!this.realmDiscoveryResult.HasValue) { diff --git a/src/DotNetOpenAuth/OpenId/Provider/IProviderSecurityProfile.cs b/src/DotNetOpenAuth/OpenId/Provider/IProviderBehavior.cs index 19217be..7159c02 100644 --- a/src/DotNetOpenAuth/OpenId/Provider/IProviderSecurityProfile.cs +++ b/src/DotNetOpenAuth/OpenId/Provider/IProviderBehavior.cs @@ -1,5 +1,5 @@ //----------------------------------------------------------------------- -// <copyright file="IProviderSecurityProfile.cs" company="Andrew Arnott"> +// <copyright file="IProviderBehavior.cs" company="Andrew Arnott"> // Copyright (c) Andrew Arnott. All rights reserved. // </copyright> //----------------------------------------------------------------------- @@ -14,14 +14,14 @@ namespace DotNetOpenAuth.OpenId.Provider { /// BEFORE MARKING THIS INTERFACE PUBLIC: it's very important that we shift the methods to be channel-level /// rather than facade class level and for the OpenIdChannel to be the one to invoke these methods. /// </remarks> - internal interface IProviderSecurityProfile { + internal interface IProviderBehavior { /// <summary> /// Called when a request is received by the Provider. /// </summary> /// <param name="request">The incoming request.</param> /// <returns> - /// <c>true</c> if this security profile owns this request and wants to stop other security profiles - /// from handling it; <c>false</c> to allow other security profiles to process this request. + /// <c>true</c> if this behavior owns this request and wants to stop other behaviors + /// from handling it; <c>false</c> to allow other behaviors to process this request. /// </returns> /// <remarks> /// Implementations may set a new value to <see cref="IRequest.SecuritySettings"/> but @@ -35,8 +35,8 @@ namespace DotNetOpenAuth.OpenId.Provider { /// </summary> /// <param name="request">The request that is configured to generate the outgoing response.</param> /// <returns> - /// <c>true</c> if this security profile owns this request and wants to stop other security profiles - /// from handling it; <c>false</c> to allow other security profiles to process this request. + /// <c>true</c> if this behavior owns this request and wants to stop other behaviors + /// from handling it; <c>false</c> to allow other behaviors to process this request. /// </returns> bool OnOutgoingResponse(IAuthenticationRequest request); } diff --git a/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs b/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs index 2e769f3..58b6887 100644 --- a/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs +++ b/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs @@ -32,9 +32,9 @@ namespace DotNetOpenAuth.OpenId.Provider { private const string ApplicationStoreKey = "DotNetOpenAuth.OpenId.Provider.OpenIdProvider.ApplicationStore"; /// <summary> - /// Backing store for the <see cref="SecurityProfiles"/> property. + /// Backing store for the <see cref="Behaviors"/> property. /// </summary> - private readonly Collection<IProviderSecurityProfile> securityProfiles = new Collection<IProviderSecurityProfile>(); + private readonly Collection<IProviderBehavior> behaviors = new Collection<IProviderBehavior>(); /// <summary> /// Backing field for the <see cref="SecuritySettings"/> property. @@ -79,8 +79,8 @@ namespace DotNetOpenAuth.OpenId.Provider { this.AssociationStore = associationStore; this.SecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.Provider.SecuritySettings.CreateSecuritySettings(); - foreach (var securityProfile in DotNetOpenAuthSection.Configuration.OpenId.Provider.SecurityProfiles.CreateInstances(false)) { - this.securityProfiles.Add(securityProfile); + foreach (var behavior in DotNetOpenAuthSection.Configuration.OpenId.Provider.Behaviors.CreateInstances(false)) { + this.behaviors.Add(behavior); } this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings); @@ -148,10 +148,10 @@ namespace DotNetOpenAuth.OpenId.Provider { public IErrorReporting ErrorReporting { get; set; } /// <summary> - /// Gets a list of custom security profiles to apply to OpenID actions. + /// Gets a list of custom behaviors to apply to OpenID actions. /// </summary> - internal ICollection<IProviderSecurityProfile> SecurityProfiles { - get { return this.securityProfiles; } + internal ICollection<IProviderBehavior> Behaviors { + get { return this.behaviors; } } /// <summary> @@ -245,9 +245,9 @@ namespace DotNetOpenAuth.OpenId.Provider { } if (result != null) { - foreach (var profile in this.SecurityProfiles) { - if (profile.OnIncomingRequest(result)) { - // This security profile matched this request. + foreach (var behavior in this.Behaviors) { + if (behavior.OnIncomingRequest(result)) { + // This behavior matched this request. break; } } @@ -284,7 +284,7 @@ namespace DotNetOpenAuth.OpenId.Provider { Contract.Requires(((Request)request).IsResponseReady); ErrorUtilities.VerifyArgumentNotNull(request, "request"); - this.ApplySecurityProfilesToResponse(request); + this.ApplyBehaviorsToResponse(request); Request requestInternal = (Request)request; this.Channel.Send(requestInternal.Response); } @@ -301,7 +301,7 @@ namespace DotNetOpenAuth.OpenId.Provider { Contract.Requires(((Request)request).IsResponseReady); ErrorUtilities.VerifyArgumentNotNull(request, "request"); - this.ApplySecurityProfilesToResponse(request); + this.ApplyBehaviorsToResponse(request); Request requestInternal = (Request)request; return this.Channel.PrepareResponse(requestInternal.Response); } @@ -429,15 +429,15 @@ namespace DotNetOpenAuth.OpenId.Provider { #endregion /// <summary> - /// Applies all security profiles to the response message. + /// Applies all behaviors to the response message. /// </summary> /// <param name="request">The request.</param> - private void ApplySecurityProfilesToResponse(IRequest request) { + private void ApplyBehaviorsToResponse(IRequest request) { var authRequest = request as IAuthenticationRequest; if (authRequest != null) { - foreach (var profile in this.SecurityProfiles) { - if (profile.OnOutgoingResponse(authRequest)) { - // This security profile matched this request. + foreach (var behavior in this.Behaviors) { + if (behavior.OnOutgoingResponse(authRequest)) { + // This behavior matched this request. break; } } diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs index 83decb8..19db0fa 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs @@ -90,8 +90,8 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// <value></value> public OutgoingWebResponse RedirectingResponse { get { - foreach (var profile in this.RelyingParty.SecurityProfiles) { - profile.OnOutgoingAuthenticationRequest(this); + foreach (var behavior in this.RelyingParty.Behaviors) { + behavior.OnOutgoingAuthenticationRequest(this); } return this.RelyingParty.Channel.PrepareResponse(this.CreateRequestMessage()); diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/IRelyingPartySecurityProfile.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/IRelyingPartyBehavior.cs index 8d3848d..e7c38db 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/IRelyingPartySecurityProfile.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/IRelyingPartyBehavior.cs @@ -1,5 +1,5 @@ //----------------------------------------------------------------------- -// <copyright file="IRelyingPartySecurityProfile.cs" company="Andrew Arnott"> +// <copyright file="IRelyingPartyBehavior.cs" company="Andrew Arnott"> // Copyright (c) Andrew Arnott. All rights reserved. // </copyright> //----------------------------------------------------------------------- @@ -12,7 +12,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// BEFORE MARKING THIS INTERFACE PUBLIC: it's very important that we shift the methods to be channel-level /// rather than facade class level and for the OpenIdChannel to be the one to invoke these methods. /// </remarks> - internal interface IRelyingPartySecurityProfile { + internal interface IRelyingPartyBehavior { /// <summary> /// Applies a well known set of security requirements to a default set of security settings. /// </summary> diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs index 932e647..6d72fea 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs @@ -44,9 +44,9 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { private const string ApplicationStoreKey = "DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.ApplicationStore"; /// <summary> - /// Backing store for the <see cref="SecurityProfiles"/> property. + /// Backing store for the <see cref="Behaviors"/> property. /// </summary> - private readonly ObservableCollection<IRelyingPartySecurityProfile> securityProfiles = new ObservableCollection<IRelyingPartySecurityProfile>(); + private readonly ObservableCollection<IRelyingPartyBehavior> behaviors = new ObservableCollection<IRelyingPartyBehavior>(); /// <summary> /// Backing field for the <see cref="SecuritySettings"/> property. @@ -91,9 +91,9 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { ErrorUtilities.VerifyArgument(associationStore == null || nonceStore != null, OpenIdStrings.AssociationStoreRequiresNonceStore); this.securitySettings = DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.SecuritySettings.CreateSecuritySettings(); - this.securityProfiles.CollectionChanged += this.OnSecurityProfilesChanged; - foreach (var securityProfile in DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.SecurityProfiles.CreateInstances(false)) { - this.securityProfiles.Add(securityProfile); + this.behaviors.CollectionChanged += this.OnBehaviorsChanged; + foreach (var behavior in DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.Behaviors.CreateInstances(false)) { + this.behaviors.Add(behavior); } // Without a nonce store, we must rely on the Provider to protect against @@ -220,10 +220,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { } /// <summary> - /// Gets a list of custom security profiles to apply to OpenID actions. + /// Gets a list of custom behaviors to apply to OpenID actions. /// </summary> - internal ICollection<IRelyingPartySecurityProfile> SecurityProfiles { - get { return this.securityProfiles; } + internal ICollection<IRelyingPartyBehavior> Behaviors { + get { return this.behaviors; } } /// <summary> @@ -492,8 +492,8 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { IndirectSignedResponse positiveExtensionOnly; if ((positiveAssertion = message as PositiveAssertionResponse) != null) { var response = new PositiveAuthenticationResponse(positiveAssertion, this); - foreach (var profile in this.SecurityProfiles) { - profile.OnIncomingPositiveAssertion(response); + foreach (var behavior in this.Behaviors) { + behavior.OnIncomingPositiveAssertion(response); } return response; @@ -579,12 +579,12 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { } /// <summary> - /// Called by derived classes when security profiles are added or removed. + /// Called by derived classes when behaviors are added or removed. /// </summary> /// <param name="sender">The collection being modified.</param> /// <param name="e">The <see cref="System.Collections.Specialized.NotifyCollectionChangedEventArgs"/> instance containing the event data.</param> - private void OnSecurityProfilesChanged(object sender, NotifyCollectionChangedEventArgs e) { - foreach (IRelyingPartySecurityProfile profile in e.NewItems) { + private void OnBehaviorsChanged(object sender, NotifyCollectionChangedEventArgs e) { + foreach (IRelyingPartyBehavior profile in e.NewItems) { profile.ApplySecuritySettings(this.SecuritySettings); } } |