using System;
using System.Collections.Generic;
using System.Text;
namespace DotNetOpenId.RelyingParty {
///
/// Security settings that are applicable to relying parties.
///
public sealed class RelyingPartySecuritySettings : SecuritySettings {
internal RelyingPartySecuritySettings() : base(false) { }
private bool requireSsl;
///
/// Gets/sets whether the entire pipeline from Identifier discovery to Provider redirect
/// is guaranteed to be encrypted using HTTPS for authentication to succeed.
///
///
/// Setting this property to true is appropriate for RPs with highly sensitive
/// personal information behind the authentication (money management, health records, etc.)
/// When set to true, some behavioral changes and additional restrictions are placed:
///
/// - User-supplied identifiers lacking a scheme are prepended with
/// HTTPS:// rather than the standard HTTP:// automatically.
/// - User-supplied identifiers are not allowed to use HTTP for the scheme.
/// - All redirects during discovery on the user-supplied identifier must be HTTPS.
/// - Any XRDS file found by discovery on the User-supplied identifier must be protected using HTTPS.
/// - Only Provider endpoints found at HTTPS URLs will be considered.
/// - If the discovered identifier is an OP Identifier (directed identity), the
/// Claimed Identifier eventually asserted by the Provider must be an HTTPS identifier.
/// - In the case of an unsolicited assertion, the asserted Identifier, discovery on it and
/// the asserting provider endpoint must all be secured by HTTPS.
///
/// Although the first redirect from this relying party to the Provider is required
/// to use HTTPS, any additional redirects within the Provider cannot be protected and MAY
/// revert the user's connection to HTTP, based on individual Provider implementation.
/// There is nothing that the RP can do to detect or prevent this.
///
/// An is thrown when a secure pipeline cannot be established.
///
///
public bool RequireSsl {
get { return requireSsl; }
set {
if (requireSsl == value) return;
requireSsl = value;
OnRequireSslChanged();
}
}
internal event EventHandler RequireSslChanged;
///
/// Fires the event.
///
void OnRequireSslChanged() {
EventHandler requireSslChanged = RequireSslChanged;
if (requireSslChanged != null) {
requireSslChanged(this, new EventArgs());
}
}
///
/// Gets/sets the oldest version of OpenID the remote party is allowed to implement.
///
/// Defaults to
public ProtocolVersion MinimumRequiredOpenIdVersion { get; set; }
}
}