diff options
Diffstat (limited to 'src')
8 files changed, 102 insertions, 18 deletions
diff --git a/src/DotNetOpenAuth/AsymmetricCryptoKeyStoreWrapper.cs b/src/DotNetOpenAuth/AsymmetricCryptoKeyStoreWrapper.cs index 203d6ab..ff859ab 100644 --- a/src/DotNetOpenAuth/AsymmetricCryptoKeyStoreWrapper.cs +++ b/src/DotNetOpenAuth/AsymmetricCryptoKeyStoreWrapper.cs @@ -99,8 +99,12 @@ namespace DotNetOpenAuth { /// <summary> /// Decrypts the specified key. /// </summary> + /// <param name="bucket">The bucket.</param> + /// <param name="handle">The handle.</param> /// <param name="encryptedCryptoKey">The encrypted key.</param> - /// <returns>The decrypted key.</returns> + /// <returns> + /// The decrypted key. + /// </returns> private CryptoKey Decrypt(string bucket, string handle, CryptoKey encryptedCryptoKey) { if (encryptedCryptoKey == null) { return null; @@ -140,7 +144,7 @@ namespace DotNetOpenAuth { } /// <summary> - /// Gets or sets the encrypted key. + /// Gets the encrypted key. /// </summary> internal byte[] EncryptedKey { get; private set; } diff --git a/src/DotNetOpenAuth/CryptoKey.cs b/src/DotNetOpenAuth/CryptoKey.cs index 7a4f788..f491551 100644 --- a/src/DotNetOpenAuth/CryptoKey.cs +++ b/src/DotNetOpenAuth/CryptoKey.cs @@ -7,9 +7,9 @@ namespace DotNetOpenAuth { using System; using System.Collections.Generic; + using System.Diagnostics.Contracts; using System.Linq; using System.Text; - using System.Diagnostics.Contracts; using DotNetOpenAuth.Messaging; /// <summary> @@ -67,7 +67,7 @@ namespace DotNetOpenAuth { /// </returns> /// <exception cref="T:System.NullReferenceException"> /// The <paramref name="obj"/> parameter is null. - /// </exception> + /// </exception> public override bool Equals(object obj) { var other = obj as CryptoKey; if (other == null) { diff --git a/src/DotNetOpenAuth/ICryptoKeyStore.cs b/src/DotNetOpenAuth/ICryptoKeyStore.cs index d2a5147..cc96b99 100644 --- a/src/DotNetOpenAuth/ICryptoKeyStore.cs +++ b/src/DotNetOpenAuth/ICryptoKeyStore.cs @@ -62,8 +62,13 @@ namespace DotNetOpenAuth { [ContractClassFor(typeof(ICryptoKeyStore))] internal abstract class ICryptoKeyStoreContract : ICryptoKeyStore { /// <summary> - /// See the <see cref="ICryptoKeyStore"/> interface. + /// Gets the key in a given bucket and handle. /// </summary> + /// <param name="bucket">The bucket name. Case sensitive.</param> + /// <param name="handle">The key handle. Case sensitive.</param> + /// <returns> + /// The cryptographic key, or <c>null</c> if no matching key was found. + /// </returns> CryptoKey ICryptoKeyStore.GetKey(string bucket, string handle) { Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(bucket)); Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(handle)); @@ -71,8 +76,12 @@ namespace DotNetOpenAuth { } /// <summary> - /// See the <see cref="ICryptoKeyStore"/> interface. + /// Gets a sequence of existing keys within a given bucket. /// </summary> + /// <param name="bucket">The bucket name. Case sensitive.</param> + /// <returns> + /// A sequence of handles and keys, ordered by descending <see cref="CryptoKey.ExpiresUtc"/>. + /// </returns> IEnumerable<KeyValuePair<string, CryptoKey>> ICryptoKeyStore.GetKeys(string bucket) { Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(bucket)); Contract.Ensures(Contract.Result<IEnumerable<KeyValuePair<string, CryptoKey>>>() != null); @@ -80,8 +89,12 @@ namespace DotNetOpenAuth { } /// <summary> - /// See the <see cref="ICryptoKeyStore"/> interface. + /// Stores a cryptographic key. /// </summary> + /// <param name="bucket">The name of the bucket to store the key in. Case sensitive.</param> + /// <param name="handle">The handle to the key, unique within the bucket. Case sensitive.</param> + /// <param name="key">The key to store.</param> + /// <exception cref="CryptoKeyCollisionException">Thrown in the event of a conflict with an existing key in the same bucket and with the same handle.</exception> void ICryptoKeyStore.StoreKey(string bucket, string handle, CryptoKey key) { Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(bucket)); Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(handle)); @@ -90,8 +103,10 @@ namespace DotNetOpenAuth { } /// <summary> - /// See the <see cref="ICryptoKeyStore"/> interface. + /// Removes the key. /// </summary> + /// <param name="bucket">The bucket name. Case sensitive.</param> + /// <param name="handle">The key handle. Case sensitive.</param> void ICryptoKeyStore.RemoveKey(string bucket, string handle) { Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(bucket)); Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(handle)); diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/OpenIdChannel.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/OpenIdChannel.cs index fc37954..6ff62a3 100644 --- a/src/DotNetOpenAuth/OpenId/ChannelElements/OpenIdChannel.cs +++ b/src/DotNetOpenAuth/OpenId/ChannelElements/OpenIdChannel.cs @@ -304,7 +304,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { /// <summary> /// Initializes the binding elements. /// </summary> - /// <param name="associationStore">The association store.</param> + /// <param name="cryptoKeyStore">The crypto key store.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="securitySettings">The security settings to apply. Must be an instance of either <see cref="RelyingPartySecuritySettings"/> or <see cref="ProviderSecuritySettings"/>.</param> /// <param name="nonVerifying">A value indicating whether the channel is set up with no functional security binding elements.</param> diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs index fea68d0..939f4f6 100644 --- a/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs +++ b/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs @@ -56,8 +56,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { /// <summary> /// Initializes a new instance of the <see cref="ReturnToSignatureBindingElement"/> class. /// </summary> - /// <param name="secretStore">The secret store from which to retrieve the secret used for signing.</param> - /// <param name="securitySettings">The security settings.</param> + /// <param name="cryptoKeyStore">The crypto key store.</param> internal ReturnToSignatureBindingElement(ICryptoKeyStore cryptoKeyStore) { Contract.Requires<ArgumentNullException>(cryptoKeyStore != null); diff --git a/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs b/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs index 24bb8b0..e8c8881 100644 --- a/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs +++ b/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs @@ -572,13 +572,26 @@ namespace DotNetOpenAuth.OpenId.Provider { /// association handle encoding modes. /// </summary> private class SwitchingAssociationStore : IProviderAssociationStore { + /// <summary> + /// The security settings of the Provider. + /// </summary> private readonly ProviderSecuritySettings securitySettings; + /// <summary> + /// The association store that records association secrets in the association handles themselves. + /// </summary> private IProviderAssociationStore associationHandleEncoder; + /// <summary> + /// The association store that records association secrets in a secret store. + /// </summary> private IProviderAssociationStore associationSecretStorage; - + /// <summary> + /// Initializes a new instance of the <see cref="SwitchingAssociationStore"/> class. + /// </summary> + /// <param name="cryptoKeyStore">The crypto key store.</param> + /// <param name="securitySettings">The security settings.</param> internal SwitchingAssociationStore(ICryptoKeyStore cryptoKeyStore, ProviderSecuritySettings securitySettings) { Contract.Requires<ArgumentNullException>(cryptoKeyStore != null, "cryptoKeyStore"); Contract.Requires<ArgumentNullException>(securitySettings != null, "securitySettings"); @@ -588,14 +601,36 @@ namespace DotNetOpenAuth.OpenId.Provider { this.associationSecretStorage = new ProviderAssociationKeyStorage(cryptoKeyStore); } + /// <summary> + /// Gets the association store that applies given the Provider's current security settings. + /// </summary> internal IProviderAssociationStore AssociationStore { get { return this.securitySettings.EncodeAssociationSecretsInHandles ? this.associationHandleEncoder : this.associationSecretStorage; } } + /// <summary> + /// Stores an association and returns a handle for it. + /// </summary> + /// <param name="secret">The association secret.</param> + /// <param name="expiresUtc">The UTC time that the association should expire.</param> + /// <param name="privateAssociation">A value indicating whether this is a private association.</param> + /// <returns> + /// The association handle that represents this association. + /// </returns> public string Serialize(byte[] secret, DateTime expiresUtc, bool privateAssociation) { return this.AssociationStore.Serialize(secret, expiresUtc, privateAssociation); } + /// <summary> + /// Retrieves an association given an association handle. + /// </summary> + /// <param name="containingMessage">The OpenID message that referenced this association handle.</param> + /// <param name="isPrivateAssociation">A value indicating whether a private association is expected.</param> + /// <param name="handle">The association handle.</param> + /// <returns> + /// An association instance, or <c>null</c> if the association has expired or the signature is incorrect (which may be because the OP's symmetric key has changed). + /// </returns> + /// <exception cref="ProtocolException">Thrown if the association is not of the expected type.</exception> public Association Deserialize(IProtocolMessage containingMessage, bool isPrivateAssociation, string handle) { return this.AssociationStore.Deserialize(containingMessage, isPrivateAssociation, handle); } diff --git a/src/DotNetOpenAuth/OpenId/Provider/ProviderAssociationKeyStorage.cs b/src/DotNetOpenAuth/OpenId/Provider/ProviderAssociationKeyStorage.cs index 4626e88..3ddf943 100644 --- a/src/DotNetOpenAuth/OpenId/Provider/ProviderAssociationKeyStorage.cs +++ b/src/DotNetOpenAuth/OpenId/Provider/ProviderAssociationKeyStorage.cs @@ -6,24 +6,47 @@ namespace DotNetOpenAuth.OpenId.Provider { using System; - using System.Collections.Generic; - using System.Linq; - using System.Text; using System.Diagnostics.Contracts; using DotNetOpenAuth.Messaging; + /// <summary> + /// An association storage mechanism that stores the association secrets in a private store, + /// and returns randomly generated association handles to refer to these secrets. + /// </summary> internal class ProviderAssociationKeyStorage : IProviderAssociationStore { + /// <summary> + /// The bucket to use when recording shared associations. + /// </summary> private const string SharedAssociationBucket = "https://localhost/dnoa/shared_associations"; + /// <summary> + /// The bucket to use when recording private associations. + /// </summary> private const string PrivateAssociationBucket = "https://localhost/dnoa/private_associations"; + /// <summary> + /// The backing crypto key store. + /// </summary> private readonly ICryptoKeyStore cryptoKeyStore; + /// <summary> + /// Initializes a new instance of the <see cref="ProviderAssociationKeyStorage"/> class. + /// </summary> + /// <param name="cryptoKeyStore">The store where association secrets will be recorded.</param> internal ProviderAssociationKeyStorage(ICryptoKeyStore cryptoKeyStore) { Contract.Requires<ArgumentNullException>(cryptoKeyStore != null, "cryptoKeyStore"); this.cryptoKeyStore = cryptoKeyStore; } + /// <summary> + /// Stores an association and returns a handle for it. + /// </summary> + /// <param name="secret">The association secret.</param> + /// <param name="expiresUtc">The UTC time that the association should expire.</param> + /// <param name="privateAssociation">A value indicating whether this is a private association.</param> + /// <returns> + /// The association handle that represents this association. + /// </returns> public string Serialize(byte[] secret, DateTime expiresUtc, bool privateAssociation) { string handle; this.cryptoKeyStore.StoreKey( @@ -33,6 +56,16 @@ namespace DotNetOpenAuth.OpenId.Provider { return handle; } + /// <summary> + /// Retrieves an association given an association handle. + /// </summary> + /// <param name="containingMessage">The OpenID message that referenced this association handle.</param> + /// <param name="isPrivateAssociation">A value indicating whether a private association is expected.</param> + /// <param name="handle">The association handle.</param> + /// <returns> + /// An association instance, or <c>null</c> if the association has expired or the signature is incorrect (which may be because the OP's symmetric key has changed). + /// </returns> + /// <exception cref="ProtocolException">Thrown if the association is not of the expected type.</exception> public Association Deserialize(IProtocolMessage containingMessage, bool isPrivateAssociation, string handle) { var key = this.cryptoKeyStore.GetKey(isPrivateAssociation ? PrivateAssociationBucket : SharedAssociationBucket, handle); if (key != null) { diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/CryptoKeyStoreAsRelyingPartyAssociationStore.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/CryptoKeyStoreAsRelyingPartyAssociationStore.cs index 8fc5f0e..3b48a4b 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/CryptoKeyStoreAsRelyingPartyAssociationStore.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/CryptoKeyStoreAsRelyingPartyAssociationStore.cs @@ -6,10 +6,8 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { using System; - using System.Collections.Generic; - using System.Linq; - using System.Text; using System.Diagnostics.Contracts; + using System.Linq; /// <summary> /// Wraps a standard <see cref="ICryptoKeyStore"/> so that it behaves as an association store. |