blob: 533e81836fed00f5e983de9efa03114cf989fd18 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
//-----------------------------------------------------------------------
// <copyright file="ITamperResistantOpenIdMessage.cs" company="Andrew Arnott">
// Copyright (c) Andrew Arnott. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.OpenId.ChannelElements {
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.Messaging.Bindings;
/// <summary>
/// An interface that OAuth messages implement to support signing.
/// </summary>
internal interface ITamperResistantOpenIdMessage : ITamperResistantProtocolMessage, IReplayProtectedProtocolMessage {
/// <summary>
/// Gets or sets the association handle used to sign the message.
/// </summary>
/// <value>The handle for the association that was used to sign this assertion. </value>
string AssociationHandle { get; set; }
/// <summary>
/// Gets or sets the association handle that the Provider wants the Relying Party to not use any more.
/// </summary>
/// <value>If the Relying Party sent an invalid association handle with the request, it SHOULD be included here.</value>
string InvalidateHandle { get; set; }
/// <summary>
/// Gets or sets the signed parameter order.
/// </summary>
/// <value>Comma-separated list of signed fields.</value>
/// <example>"op_endpoint,identity,claimed_id,return_to,assoc_handle,response_nonce"</example>
/// <remarks>
/// This entry consists of the fields without the "openid." prefix that the signature covers.
/// This list MUST contain at least "op_endpoint", "return_to" "response_nonce" and "assoc_handle",
/// and if present in the response, "claimed_id" and "identity".
/// Additional keys MAY be signed as part of the message. See Generating Signatures.
/// </remarks>
string SignedParameterOrder { get; set; } // TODO: make sure we have a unit test to verify that an incoming message with fewer signed fields than required will be rejected.
}
}
|
