blob: 3579faa6443f8a12c09357774f6a2344c9fe97c2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
//-----------------------------------------------------------------------
// <copyright file="OpenIdProviderSecuritySettingsElement.cs" company="Outercurve Foundation">
// Copyright (c) Outercurve Foundation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.Configuration {
using System.Configuration;
using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.Provider;
/// <summary>
/// Represents the .config file element that allows for setting the security policies of the Provider.
/// </summary>
internal class OpenIdProviderSecuritySettingsElement : ConfigurationElement {
/// <summary>
/// Gets the name of the @protectDownlevelReplayAttacks attribute.
/// </summary>
private const string ProtectDownlevelReplayAttacksConfigName = "protectDownlevelReplayAttacks";
/// <summary>
/// Gets the name of the @minimumHashBitLength attribute.
/// </summary>
private const string MinimumHashBitLengthConfigName = "minimumHashBitLength";
/// <summary>
/// Gets the name of the @maximumHashBitLength attribute.
/// </summary>
private const string MaximumHashBitLengthConfigName = "maximumHashBitLength";
/// <summary>
/// The name of the associations collection sub-element.
/// </summary>
private const string AssociationsConfigName = "associations";
/// <summary>
/// The name of the @encodeAssociationSecretsInHandles attribute.
/// </summary>
private const string EncodeAssociationSecretsInHandlesConfigName = "encodeAssociationSecretsInHandles";
/// <summary>
/// Gets the name of the @requireSsl attribute.
/// </summary>
private const string RequireSslConfigName = "requireSsl";
/// <summary>
/// Gets the name of the @unsolicitedAssertionVerification attribute.
/// </summary>
private const string UnsolicitedAssertionVerificationConfigName = "unsolicitedAssertionVerification";
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdProviderSecuritySettingsElement"/> class.
/// </summary>
public OpenIdProviderSecuritySettingsElement() {
}
/// <summary>
/// Gets or sets a value indicating whether all discovery and authentication should require SSL security.
/// </summary>
[ConfigurationProperty(RequireSslConfigName, DefaultValue = false)]
public bool RequireSsl {
get { return (bool)this[RequireSslConfigName]; }
set { this[RequireSslConfigName] = value; }
}
/// <summary>
/// Gets or sets the minimum length of the hash that protects the protocol from hijackers.
/// </summary>
[ConfigurationProperty(MinimumHashBitLengthConfigName, DefaultValue = SecuritySettings.MinimumHashBitLengthDefault)]
public int MinimumHashBitLength {
get { return (int)this[MinimumHashBitLengthConfigName]; }
set { this[MinimumHashBitLengthConfigName] = value; }
}
/// <summary>
/// Gets or sets the maximum length of the hash that protects the protocol from hijackers.
/// </summary>
[ConfigurationProperty(MaximumHashBitLengthConfigName, DefaultValue = SecuritySettings.MaximumHashBitLengthRPDefault)]
public int MaximumHashBitLength {
get { return (int)this[MaximumHashBitLengthConfigName]; }
set { this[MaximumHashBitLengthConfigName] = value; }
}
/// <summary>
/// Gets or sets a value indicating whether the Provider should take special care
/// to protect OpenID 1.x relying parties against replay attacks.
/// </summary>
[ConfigurationProperty(ProtectDownlevelReplayAttacksConfigName, DefaultValue = ProviderSecuritySettings.ProtectDownlevelReplayAttacksDefault)]
public bool ProtectDownlevelReplayAttacks {
get { return (bool)this[ProtectDownlevelReplayAttacksConfigName]; }
set { this[ProtectDownlevelReplayAttacksConfigName] = value; }
}
/// <summary>
/// Gets or sets the level of verification a Provider performs on an identifier before
/// sending an unsolicited assertion for it.
/// </summary>
/// <value>The default value is <see cref="ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel.RequireSuccess"/>.</value>
[ConfigurationProperty(UnsolicitedAssertionVerificationConfigName, DefaultValue = ProviderSecuritySettings.UnsolicitedAssertionVerificationDefault)]
public ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel UnsolicitedAssertionVerification {
get { return (ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel)this[UnsolicitedAssertionVerificationConfigName]; }
set { this[UnsolicitedAssertionVerificationConfigName] = value; }
}
/// <summary>
/// Gets or sets the configured lifetimes of the various association types.
/// </summary>
[ConfigurationProperty(AssociationsConfigName, IsDefaultCollection = false)]
[ConfigurationCollection(typeof(AssociationTypeCollection))]
public AssociationTypeCollection AssociationLifetimes {
get {
return (AssociationTypeCollection)this[AssociationsConfigName] ?? new AssociationTypeCollection();
}
set {
this[AssociationsConfigName] = value;
}
}
/// <summary>
/// Gets or sets a value indicating whether the Provider should ease the burden of storing associations
/// by encoding their secrets (in signed, encrypted form) into the association handles themselves, storing only
/// a few rotating, private symmetric keys in the Provider's store instead.
/// </summary>
[ConfigurationProperty(EncodeAssociationSecretsInHandlesConfigName, DefaultValue = ProviderSecuritySettings.EncodeAssociationSecretsInHandlesDefault)]
public bool EncodeAssociationSecretsInHandles {
get { return (bool)this[EncodeAssociationSecretsInHandlesConfigName]; }
set { this[EncodeAssociationSecretsInHandlesConfigName] = value; }
}
/// <summary>
/// Initializes a programmatically manipulatable bag of these security settings with the settings from the config file.
/// </summary>
/// <returns>The newly created security settings object.</returns>
public ProviderSecuritySettings CreateSecuritySettings() {
ProviderSecuritySettings settings = new ProviderSecuritySettings();
settings.RequireSsl = this.RequireSsl;
settings.MinimumHashBitLength = this.MinimumHashBitLength;
settings.MaximumHashBitLength = this.MaximumHashBitLength;
settings.ProtectDownlevelReplayAttacks = this.ProtectDownlevelReplayAttacks;
settings.UnsolicitedAssertionVerification = this.UnsolicitedAssertionVerification;
settings.EncodeAssociationSecretsInHandles = this.EncodeAssociationSecretsInHandles;
foreach (AssociationTypeElement element in this.AssociationLifetimes) {
Assumes.True(element != null);
settings.AssociationLifetimes.Add(element.AssociationType, element.MaximumLifetime);
}
return settings;
}
}
}
|
