/// <summary> /// Initializes a new instance of the <see cref="ClientBase" /> class. /// </summary> /// <param name="authorizationServer">The token issuer.</param> /// <param name="clientIdentifier">The client identifier.</param> /// <param name="clientCredentialApplicator">The tool to use to apply client credentials to authenticated requests to the Authorization Server. /// May be <c>null</c> for clients with no secret or other means of authentication.</param> /// <param name="hostFactories">The host factories.</param> protected ClientBase(AuthorizationServerDescription authorizationServer, string clientIdentifier = null, ClientCredentialApplicator clientCredentialApplicator = null, IHostFactories hostFactories = null) { Requires.NotNull(authorizationServer, "authorizationServer"); this.AuthorizationServer = authorizationServer; this.Channel = new OAuth2ClientChannel(hostFactories); this.ClientIdentifier = clientIdentifier; this.ClientCredentialApplicator = clientCredentialApplicator; }
/// <summary> /// Initializes a new instance of the <see cref="StandardMessageFactoryChannel" /> class. /// </summary> /// <param name="messageTypes">The message types that might be encountered.</param> /// <param name="versions">All the possible message versions that might be encountered.</param> /// <param name="hostFactories">The host factories.</param> /// <param name="bindingElements">The binding elements to use in sending and receiving messages. /// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.</param> protected StandardMessageFactoryChannel(ICollection<Type> messageTypes, ICollection<Version> versions, IHostFactories hostFactories, IChannelBindingElement[] bindingElements = null) : base(new StandardMessageFactory(), bindingElements ?? new IChannelBindingElement[0], hostFactories) { Requires.NotNull(messageTypes, "messageTypes"); Requires.NotNull(versions, "versions"); this.messageTypes = messageTypes; this.versions = versions; this.StandardMessageFactory.AddMessageTypes(GetMessageDescriptions(this.messageTypes, this.versions, this.MessageDescriptions)); }
/// <summary> /// Gets the URL of the RP icon for the OP to display. /// </summary> /// <param name="realm">The realm of the RP where the authentication request originated.</param> /// <param name="hostFactories">The host factories.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order. /// </returns> /// <value>The icon URL.</value> /// <remarks> /// This property is automatically set for the OP with the result of RP discovery. /// RPs should set this value by including an entry such as this in their XRDS document. /// <example> /// <Service xmlns="xri://$xrd*($v*2.0)"> /// <Type>http://specs.openid.net/extensions/ui/icon</Type> /// <URI>http://consumer.example.com/images/image.jpg</URI> /// </Service> /// </example> /// </remarks> public static async Task<IEnumerable<Uri>> GetRelyingPartyIconUrlsAsync(Realm realm, IHostFactories hostFactories, CancellationToken cancellationToken) { Requires.NotNull(realm, "realm"); Requires.NotNull(hostFactories, "hostFactories"); XrdsDocument xrds = await realm.DiscoverAsync(hostFactories, false, cancellationToken); if (xrds == null) { return Enumerable.Empty<Uri>(); } else { return xrds.FindRelyingPartyIcons(); } }
protected OAuthChannel(ITamperProtectionChannelBindingElement signingBindingElement, ITokenManager tokenManager, SecuritySettings securitySettings, IMessageFactory messageTypeProvider, IChannelBindingElement[] bindingElements, IHostFactories hostFactories = null) : base(messageTypeProvider, bindingElements, hostFactories ?? new DefaultOAuthHostFactories()) { Requires.NotNull(tokenManager, "tokenManager"); Requires.NotNull(securitySettings, "securitySettings"); Requires.NotNull(signingBindingElement, "signingBindingElement"); Requires.That(signingBindingElement.SignatureCallback == null, "signingBindingElement", OAuthStrings.SigningElementAlreadyAssociatedWithChannel); Requires.NotNull(bindingElements, "bindingElements"); this.TokenManager = tokenManager; signingBindingElement.SignatureCallback = this.SignatureCallback; }
internal OAuthServiceProviderChannel(ITamperProtectionChannelBindingElement signingBindingElement, INonceStore store, IServiceProviderTokenManager tokenManager, ServiceProviderSecuritySettings securitySettings, IMessageFactory messageTypeProvider = null, IHostFactories hostFactories = null) : base( signingBindingElement, tokenManager, securitySettings, messageTypeProvider ?? new OAuthServiceProviderMessageFactory(tokenManager), InitializeBindingElements(signingBindingElement, store, tokenManager, securitySettings), hostFactories) { Requires.NotNull(tokenManager, "tokenManager"); Requires.NotNull(securitySettings, "securitySettings"); Requires.NotNull(signingBindingElement, "signingBindingElement"); }
/// <summary> /// Initializes a new instance of the <see cref="Consumer" /> class. /// </summary> /// <param name="consumerKey">The consumer key.</param> /// <param name="consumerSecret">The consumer secret.</param> /// <param name="serviceProvider">The service provider.</param> /// <param name="temporaryCredentialStorage">The temporary credential storage.</param> /// <param name="hostFactories">The host factories.</param> public Consumer( string consumerKey, string consumerSecret, ServiceProviderDescription serviceProvider, ITemporaryCredentialStorage temporaryCredentialStorage, IHostFactories hostFactories = null) { this.ConsumerKey = consumerKey; this.ConsumerSecret = consumerSecret; this.ServiceProvider = serviceProvider; this.TemporaryCredentialStorage = temporaryCredentialStorage; this.HostFactories = hostFactories ?? new DefaultOAuthHostFactories(); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProvider" /> class. /// </summary> /// <param name="nonceStore">The nonce store to use. Cannot be null.</param> /// <param name="cryptoKeyStore">The crypto key store. Cannot be null.</param> /// <param name="hostFactories">The host factories.</param> private OpenIdProvider(INonceStore nonceStore, ICryptoKeyStore cryptoKeyStore, IHostFactories hostFactories) { Requires.NotNull(nonceStore, "nonceStore"); Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); this.SecuritySettings = OpenIdElement.Configuration.Provider.SecuritySettings.CreateSecuritySettings(); this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in OpenIdElement.Configuration.Provider.Behaviors.CreateInstances(false, null)) { this.behaviors.Add(behavior); } this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings, hostFactories); this.CryptoKeyStore = cryptoKeyStore; this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, nonceStore); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdChannel" /> class. /// </summary> /// <param name="messageTypeProvider">A class prepared to analyze incoming messages and indicate what concrete /// message types can deserialize from it.</param> /// <param name="bindingElements">The binding elements to use in sending and receiving messages.</param> /// <param name="hostFactories">The host factories.</param> protected OpenIdChannel(IMessageFactory messageTypeProvider, IChannelBindingElement[] bindingElements, IHostFactories hostFactories) : base(messageTypeProvider, bindingElements, hostFactories ?? new DefaultOpenIdHostFactories()) { Requires.NotNull(messageTypeProvider, "messageTypeProvider"); // Customize the binding element order, since we play some tricks for higher // security and backward compatibility with older OpenID versions. var outgoingBindingElements = new List<IChannelBindingElement>(bindingElements); var incomingBindingElements = new List<IChannelBindingElement>(bindingElements); incomingBindingElements.Reverse(); // Customize the order of the incoming elements by moving the return_to elements in front. var backwardCompatibility = incomingBindingElements.OfType<BackwardCompatibilityBindingElement>().SingleOrDefault(); var returnToSign = incomingBindingElements.OfType<ReturnToSignatureBindingElement>().SingleOrDefault(); if (backwardCompatibility != null) { incomingBindingElements.MoveTo(0, backwardCompatibility); } if (returnToSign != null) { // Yes, this is intentionally, shifting the backward compatibility // binding element to second position. incomingBindingElements.MoveTo(0, returnToSign); } this.CustomizeBindingElementOrder(outgoingBindingElements, incomingBindingElements); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingParty" /> class. /// </summary> /// <param name="applicationStore">The application store. If <c>null</c>, the relying party will always operate in "stateless/dumb mode".</param> /// <param name="hostFactories">The host factories.</param> public OpenIdRelyingParty(ICryptoKeyAndNonceStore applicationStore, IHostFactories hostFactories = null) : this(applicationStore, applicationStore, hostFactories) { }
/// <summary> /// Initializes a new instance of the <see cref="ClientBase" /> class. /// </summary> /// <param name="authorizationServer">The token issuer.</param> /// <param name="clientIdentifier">The client identifier.</param> /// <param name="clientCredentialApplicator">The tool to use to apply client credentials to authenticated requests to the Authorization Server. /// May be <c>null</c> for clients with no secret or other means of authentication.</param> /// <param name="hostFactories">The host factories.</param> protected ClientBase(AuthorizationServerDescription authorizationServer, string clientIdentifier = null, ClientCredentialApplicator clientCredentialApplicator = null, IHostFactories hostFactories = null) { Requires.NotNull(authorizationServer, "authorizationServer"); this.AuthorizationServer = authorizationServer; this.Channel = new OAuth2ClientChannel(hostFactories); this.ClientIdentifier = clientIdentifier; this.ClientCredentialApplicator = clientCredentialApplicator; }
/// <summary> /// Initializes a new instance of the <see cref="OAuth2ClientChannel" /> class. /// </summary> /// <param name="hostFactories">The host factories.</param> internal OAuth2ClientChannel(IHostFactories hostFactories) : base(MessageTypes, hostFactories: hostFactories) { }
/// <summary> /// Initializes a new instance of the <see cref="UserAgentClient"/> class. /// </summary> /// <param name="authorizationEndpoint">The authorization endpoint.</param> /// <param name="tokenEndpoint">The token endpoint.</param> /// <param name="clientIdentifier">The client identifier.</param> /// <param name="clientSecret">The client secret.</param> public UserAgentClient(Uri authorizationEndpoint, Uri tokenEndpoint, string clientIdentifier = null, string clientSecret = null, IHostFactories hostFactories = null) : this(authorizationEndpoint, tokenEndpoint, clientIdentifier, DefaultSecretApplicator(clientSecret), hostFactories) { }
/// <summary> /// Initializes a new instance of the <see cref="WebServerClient" /> class. /// </summary> /// <param name="authorizationServer">The authorization server.</param> /// <param name="clientIdentifier">The client identifier.</param> /// <param name="clientSecret">The client secret.</param> /// <param name="hostFactories">The host factories.</param> public WebServerClient(AuthorizationServerDescription authorizationServer, string clientIdentifier = null, string clientSecret = null, IHostFactories hostFactories = null) : this(authorizationServer, clientIdentifier, DefaultSecretApplicator(clientSecret), hostFactories) { }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProviderChannel" /> class. /// </summary> /// <param name="cryptoKeyStore">The association store to use.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="messageTypeProvider">An object that knows how to distinguish the various OpenID message types for deserialization purposes.</param> /// <param name="securitySettings">The security settings.</param> /// <param name="hostFactories">The host factories.</param> private OpenIdProviderChannel(IProviderAssociationStore cryptoKeyStore, INonceStore nonceStore, IMessageFactory messageTypeProvider, ProviderSecuritySettings securitySettings, IHostFactories hostFactories) : base(messageTypeProvider, InitializeBindingElements(cryptoKeyStore, nonceStore, securitySettings), hostFactories) { Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); Requires.NotNull(messageTypeProvider, "messageTypeProvider"); Requires.NotNull(securitySettings, "securitySettings"); }
internal TestChannel(MessageDescriptionCollection messageDescriptions, IHostFactories hostFactories = null) : this(hostFactories) { this.MessageDescriptions = messageDescriptions; }
public OAuth2ChannelBase(Type[] messageTypes, IChannelBindingElement[] channelBindingElements = null, IHostFactories hostFactories = null) : base(messageTypes, Versions, hostFactories ?? new DefaultOAuthHostFactories(), channelBindingElements ?? new IChannelBindingElement[0]) { }
/// <summary> /// Searches for an XRDS document at the realm URL, and if found, searches /// for a description of a relying party endpoints (OpenId login pages). /// </summary> /// <param name="hostFactories">The host factories.</param> /// <param name="allowRedirects">Whether redirects may be followed when discovering the Realm. /// This may be true when creating an unsolicited assertion, but must be /// false when performing return URL verification per 2.0 spec section 9.2.1.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The details of the endpoints if found, otherwise null. /// </returns> internal override Task<IEnumerable<RelyingPartyEndpointDescription>> DiscoverReturnToEndpointsAsync(IHostFactories hostFactories, bool allowRedirects, CancellationToken cancellationToken) { return Task.FromResult<IEnumerable<RelyingPartyEndpointDescription>>(this.relyingPartyDescriptions); }
/// <summary> /// Initializes a new instance of the <see cref="StandardMessageFactoryChannel" /> class. /// </summary> /// <param name="messageTypes">The message types that might be encountered.</param> /// <param name="versions">All the possible message versions that might be encountered.</param> /// <param name="hostFactories">The host factories.</param> /// <param name="bindingElements">The binding elements to use in sending and receiving messages. /// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.</param> protected StandardMessageFactoryChannel(ICollection <Type> messageTypes, ICollection <Version> versions, IHostFactories hostFactories, IChannelBindingElement[] bindingElements = null) : base(new StandardMessageFactory(), bindingElements ?? new IChannelBindingElement[0], hostFactories) { Requires.NotNull(messageTypes, "messageTypes"); Requires.NotNull(versions, "versions"); this.messageTypes = messageTypes; this.versions = versions; this.StandardMessageFactory.AddMessageTypes(GetMessageDescriptions(this.messageTypes, this.versions, this.MessageDescriptions)); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProvider" /> class. /// </summary> /// <param name="applicationStore">The application store to use. Cannot be null.</param> /// <param name="hostFactories">The host factories.</param> public OpenIdProvider(IOpenIdApplicationStore applicationStore, IHostFactories hostFactories = null) : this((INonceStore)applicationStore, (ICryptoKeyStore)applicationStore, hostFactories) { Requires.NotNull(applicationStore, "applicationStore"); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingPartyChannel" /> class. /// </summary> /// <param name="cryptoKeyStore">The association store to use.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="messageTypeProvider">An object that knows how to distinguish the various OpenID message types for deserialization purposes.</param> /// <param name="securitySettings">The security settings to apply.</param> /// <param name="nonVerifying">A value indicating whether the channel is set up with no functional security binding elements.</param> /// <param name="hostFactories">The host factories.</param> private OpenIdRelyingPartyChannel(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, IMessageFactory messageTypeProvider, RelyingPartySecuritySettings securitySettings, bool nonVerifying, IHostFactories hostFactories) : base(messageTypeProvider, InitializeBindingElements(cryptoKeyStore, nonceStore, securitySettings, nonVerifying), hostFactories) { Requires.NotNull(messageTypeProvider, "messageTypeProvider"); Requires.NotNull(securitySettings, "securitySettings"); Assumes.True(!nonVerifying || securitySettings is RelyingPartySecuritySettings); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingPartyChannel" /> class. /// </summary> /// <param name="cryptoKeyStore">The association store to use.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="securitySettings">The security settings to apply.</param> /// <param name="hostFactories">The host factories.</param> internal OpenIdRelyingPartyChannel(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, RelyingPartySecuritySettings securitySettings, IHostFactories hostFactories) : this(cryptoKeyStore, nonceStore, new OpenIdRelyingPartyMessageFactory(), securitySettings, false, hostFactories) { Requires.NotNull(securitySettings, "securitySettings"); }
internal TestChannel(IMessageFactory messageTypeProvider, IChannelBindingElement[] bindingElements, IHostFactories hostFactories) : base(messageTypeProvider, bindingElements, hostFactories) { }
/// <summary> /// Searches for an XRDS document at the realm URL, and if found, searches /// for a description of a relying party endpoints (OpenId login pages). /// </summary> /// <param name="hostFactories">The host factories.</param> /// <param name="allowRedirects">Whether redirects may be followed when discovering the Realm. /// This may be true when creating an unsolicited assertion, but must be /// false when performing return URL verification per 2.0 spec section 9.2.1.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The details of the endpoints if found; or <c>null</c> if no service document was discovered. /// </returns> internal virtual async Task <IEnumerable <RelyingPartyEndpointDescription> > DiscoverReturnToEndpointsAsync(IHostFactories hostFactories, bool allowRedirects, CancellationToken cancellationToken) { XrdsDocument xrds = await this.DiscoverAsync(hostFactories, allowRedirects, cancellationToken); if (xrds != null) { return(xrds.FindRelyingPartyReceivingEndpoints()); } return(null); }
/// <summary> /// Initializes a new instance of the <see cref="OAuth2ResourceServerChannel" /> class. /// </summary> /// <param name="hostFactories">The host factories.</param> protected internal OAuth2ResourceServerChannel(IHostFactories hostFactories = null) : base(MessageTypes, Versions, hostFactories ?? new OAuth.DefaultOAuthHostFactories()) { // TODO: add signing (authenticated request) binding element. }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingPartyChannel" /> class. /// </summary> /// <param name="cryptoKeyStore">The association store to use.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="messageTypeProvider">An object that knows how to distinguish the various OpenID message types for deserialization purposes.</param> /// <param name="securitySettings">The security settings to apply.</param> /// <param name="nonVerifying">A value indicating whether the channel is set up with no functional security binding elements.</param> /// <param name="hostFactories">The host factories.</param> private OpenIdRelyingPartyChannel(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, IMessageFactory messageTypeProvider, RelyingPartySecuritySettings securitySettings, bool nonVerifying, IHostFactories hostFactories) : base(messageTypeProvider, InitializeBindingElements(cryptoKeyStore, nonceStore, securitySettings, nonVerifying), hostFactories) { Requires.NotNull(messageTypeProvider, "messageTypeProvider"); Requires.NotNull(securitySettings, "securitySettings"); Assumes.True(!nonVerifying || securitySettings is RelyingPartySecuritySettings); }
/// <summary> /// Creates an instance of the type described in the .config file. /// </summary> /// <param name="defaultValue">The value to return if no type is given in the .config file.</param> /// <param name="hostFactories">The host factories.</param> /// <returns> /// The newly instantiated type. /// </returns> public T CreateInstance(T defaultValue, IHostFactories hostFactories) { return(this.CreateInstance(defaultValue, false, hostFactories)); }
public AzureADClient(AuthorizationServerDescription authorizationServer, string clientIdentifier = null, string clientSecret = null, IHostFactories hostFactories = null) : base(authorizationServer, clientIdentifier, clientSecret, hostFactories) { }
/// <summary> /// Initializes a new instance of the <see cref="TestBadChannel" /> class. /// </summary> /// <param name="messageFactory">The message factory. Could be <see cref="TestMessageFactory"/></param> /// <param name="bindingElements">The binding elements.</param> /// <param name="hostFactories">The host factories.</param> internal TestBadChannel(IMessageFactory messageFactory, IChannelBindingElement[] bindingElements, IHostFactories hostFactories) : base(messageFactory, bindingElements, hostFactories) { }
/// <summary> /// Gets a value indicating whether verification of the return URL claimed by the Relying Party /// succeeded. /// </summary> /// <param name="hostFactories">The host factories.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// Result of realm discovery. /// </returns> private async Task <RelyingPartyDiscoveryResult> IsReturnUrlDiscoverableCoreAsync(IHostFactories hostFactories, CancellationToken cancellationToken) { Requires.NotNull(hostFactories, "hostFactories"); ErrorUtilities.VerifyInternal(this.Realm != null, "Realm should have been read or derived by now."); try { if (this.SecuritySettings.RequireSsl && this.Realm.Scheme != Uri.UriSchemeHttps) { Logger.OpenId.WarnFormat("RP discovery failed because RequireSsl is true and RP discovery would begin at insecure URL {0}.", this.Realm); return(RelyingPartyDiscoveryResult.NoServiceDocument); } var returnToEndpoints = await this.Realm.DiscoverReturnToEndpointsAsync(hostFactories, false, cancellationToken); if (returnToEndpoints == null) { return(RelyingPartyDiscoveryResult.NoServiceDocument); } foreach (var returnUrl in returnToEndpoints) { Realm discoveredReturnToUrl = returnUrl.ReturnToEndpoint; // The spec requires that the return_to URLs given in an RPs XRDS doc // do not contain wildcards. if (discoveredReturnToUrl.DomainWildcard) { Logger.Yadis.WarnFormat("Realm {0} contained return_to URL {1} which contains a wildcard, which is not allowed.", Realm, discoveredReturnToUrl); continue; } // Use the same rules as return_to/realm matching to check whether this // URL fits the return_to URL we were given. if (discoveredReturnToUrl.Contains(this.RequestMessage.ReturnTo)) { // no need to keep looking after we find a match return(RelyingPartyDiscoveryResult.Success); } } } catch (ProtocolException ex) { // Don't do anything else. We quietly fail at return_to verification and return false. Logger.Yadis.InfoFormat("Relying party discovery at URL {0} failed. {1}", Realm, ex); return(RelyingPartyDiscoveryResult.NoServiceDocument); } catch (WebException ex) { // Don't do anything else. We quietly fail at return_to verification and return false. Logger.Yadis.InfoFormat("Relying party discovery at URL {0} failed. {1}", Realm, ex); return(RelyingPartyDiscoveryResult.NoServiceDocument); } return(RelyingPartyDiscoveryResult.NoMatchingReturnTo); }
/// <summary> /// Creates instances of all the types listed in the collection. /// </summary> /// <param name="allowInternals">if set to <c>true</c> then internal types may be instantiated.</param> /// <param name="hostFactories">The host factories.</param> /// <returns> /// A sequence of instances generated from types in this collection. May be empty, but never null. /// </returns> internal IEnumerable <T> CreateInstances(bool allowInternals, IHostFactories hostFactories) { return(from element in this.Cast <TypeConfigurationElement <T> >() where !element.IsEmpty select element.CreateInstance(default(T), allowInternals, hostFactories)); }
/// <summary> /// Initializes a new instance of the <see cref="UserAgentClient"/> class. /// </summary> /// <param name="authorizationEndpoint">The authorization endpoint.</param> /// <param name="tokenEndpoint">The token endpoint.</param> /// <param name="clientIdentifier">The client identifier.</param> /// <param name="clientCredentialApplicator"> /// The tool to use to apply client credentials to authenticated requests to the Authorization Server. /// May be <c>null</c> for clients with no secret or other means of authentication. /// </param> public UserAgentClient(Uri authorizationEndpoint, Uri tokenEndpoint, string clientIdentifier, ClientCredentialApplicator clientCredentialApplicator, IHostFactories hostFactories = null) : this(new AuthorizationServerDescription { AuthorizationEndpoint = authorizationEndpoint, TokenEndpoint = tokenEndpoint }, clientIdentifier, clientCredentialApplicator, hostFactories) { Requires.NotNull(authorizationEndpoint, "authorizationEndpoint"); Requires.NotNull(tokenEndpoint, "tokenEndpoint"); }
/// <summary> /// Downloads the XRDS document for this XRI. /// </summary> /// <param name="identifier">The identifier.</param> /// <param name="hostFactories">The host factories.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The XRDS document. /// </returns> private static async Task <XrdsDocument> DownloadXrdsAsync(XriIdentifier identifier, IHostFactories hostFactories, CancellationToken cancellationToken) { Requires.NotNull(identifier, "identifier"); Requires.NotNull(hostFactories, "hostFactories"); XrdsDocument doc; using (var xrdsResponse = await Yadis.RequestAsync(GetXrdsUrl(identifier), identifier.IsDiscoverySecureEndToEnd, hostFactories, cancellationToken)) { xrdsResponse.EnsureSuccessStatusCode(); var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings(); ErrorUtilities.VerifyProtocol(xrdsResponse.Content != null, "XRDS request \"{0}\" returned no response.", GetXrdsUrl(identifier)); await xrdsResponse.Content.LoadIntoBufferAsync(); using (var xrdsStream = await xrdsResponse.Content.ReadAsStreamAsync()) { doc = new XrdsDocument(XmlReader.Create(xrdsStream, readerSettings)); } } ErrorUtilities.VerifyProtocol(doc.IsXrdResolutionSuccessful, OpenIdStrings.XriResolutionFailed); return(doc); }
/// <summary> /// Initializes a new instance of the <see cref="WebServerClient" /> class. /// </summary> /// <param name="authorizationServer">The authorization server.</param> /// <param name="clientIdentifier">The client identifier.</param> /// <param name="clientCredentialApplicator">The tool to use to apply client credentials to authenticated requests to the Authorization Server. /// May be <c>null</c> for clients with no secret or other means of authentication.</param> /// <param name="hostFactories">The host factories.</param> public WebServerClient(AuthorizationServerDescription authorizationServer, string clientIdentifier, ClientCredentialApplicator clientCredentialApplicator, IHostFactories hostFactories = null) : base(authorizationServer, clientIdentifier, clientCredentialApplicator, hostFactories) { }
/// <summary> /// Initializes a new instance of the <see cref="OAuth2ClientChannel" /> class. /// </summary> /// <param name="hostFactories">The host factories.</param> internal OAuth2ClientChannel(IHostFactories hostFactories) : base(MessageTypes, hostFactories: hostFactories) { }
/// <summary> /// Constructor when using the GetAssertionAccessTokenAsync() method. /// </summary> /// <param name="authorizationServer"></param> /// <param name="assertionProvider">This will be queried for the assertion data.</param> /// <param name="hostFactories"></param> protected ClientBase(AuthorizationServerDescription authorizationServer, IAssertionProvider assertionProvider, IHostFactories hostFactories = null) { Requires.NotNull(authorizationServer, "authorizationServer"); this.AuthorizationServer = authorizationServer; this.Channel = new OAuth2ClientChannel(hostFactories); // YTML: A bit hacky, but instead of creating a new property, we can just wrap the assertionProvider as a credential applicator. this.ClientCredentialApplicator = new ClientCredentialApplicator.AssertionProviderApplicator(assertionProvider); }
protected OAuthChannel(ITamperProtectionChannelBindingElement signingBindingElement, ITokenManager tokenManager, SecuritySettings securitySettings, IMessageFactory messageTypeProvider, IChannelBindingElement[] bindingElements, IHostFactories hostFactories = null) : base(messageTypeProvider, bindingElements, hostFactories ?? new DefaultOAuthHostFactories()) { Requires.NotNull(tokenManager, "tokenManager"); Requires.NotNull(securitySettings, "securitySettings"); Requires.NotNull(signingBindingElement, "signingBindingElement"); Requires.That(signingBindingElement.SignatureCallback == null, "signingBindingElement", OAuthStrings.SigningElementAlreadyAssociatedWithChannel); Requires.NotNull(bindingElements, "bindingElements"); this.TokenManager = tokenManager; signingBindingElement.SignatureCallback = this.SignatureCallback; }
/// <summary> /// Downloads the XRDS document for this XRI. /// </summary> /// <param name="identifier">The identifier.</param> /// <param name="hostFactories">The host factories.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The XRDS document. /// </returns> private static async Task<XrdsDocument> DownloadXrdsAsync(XriIdentifier identifier, IHostFactories hostFactories, CancellationToken cancellationToken) { Requires.NotNull(identifier, "identifier"); Requires.NotNull(hostFactories, "hostFactories"); XrdsDocument doc; using (var xrdsResponse = await Yadis.RequestAsync(GetXrdsUrl(identifier), identifier.IsDiscoverySecureEndToEnd, hostFactories, cancellationToken)) { xrdsResponse.EnsureSuccessStatusCode(); var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings(); ErrorUtilities.VerifyProtocol(xrdsResponse.Content != null, "XRDS request \"{0}\" returned no response.", GetXrdsUrl(identifier)); await xrdsResponse.Content.LoadIntoBufferAsync(); using (var xrdsStream = await xrdsResponse.Content.ReadAsStreamAsync()) { doc = new XrdsDocument(XmlReader.Create(xrdsStream, readerSettings)); } } ErrorUtilities.VerifyProtocol(doc.IsXrdResolutionSuccessful, OpenIdStrings.XriResolutionFailed); return doc; }
/// <summary> /// Initializes a new instance of the <see cref="OAuth2ResourceServerChannel" /> class. /// </summary> /// <param name="hostFactories">The host factories.</param> protected internal OAuth2ResourceServerChannel(IHostFactories hostFactories = null) : base(MessageTypes, Versions, hostFactories ?? new OAuth.DefaultOAuthHostFactories()) { // TODO: add signing (authenticated request) binding element. }
private OpenIdRelyingParty(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, IHostFactories hostFactories) { // If we are a smart-mode RP (supporting associations), then we MUST also be // capable of storing nonces to prevent replay attacks. // If we're a dumb-mode RP, then 2.0 OPs are responsible for preventing replays. Requires.That(cryptoKeyStore == null || nonceStore != null, null, OpenIdStrings.AssociationStoreRequiresNonceStore); this.securitySettings = OpenIdElement.Configuration.RelyingParty.SecuritySettings.CreateSecuritySettings(); this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in OpenIdElement.Configuration.RelyingParty.Behaviors.CreateInstances(false, null)) { this.behaviors.Add(behavior); } // Without a nonce store, we must rely on the Provider to protect against // replay attacks. But only 2.0+ Providers can be expected to provide // replay protection. if (nonceStore == null && this.SecuritySettings.ProtectDownlevelReplayAttacks && this.SecuritySettings.MinimumRequiredOpenIdVersion < ProtocolVersion.V20) { Logger.OpenId.Warn("Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks."); this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20; } this.channel = new OpenIdRelyingPartyChannel(cryptoKeyStore, nonceStore, this.SecuritySettings, hostFactories); var associationStore = cryptoKeyStore != null ? new CryptoKeyStoreAsRelyingPartyAssociationStore(cryptoKeyStore) : null; this.AssociationManager = new AssociationManager(this.Channel, associationStore, this.SecuritySettings); this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, cryptoKeyStore, nonceStore); }
public ForwardingMessageHandler(Dictionary<Uri, Func<HttpRequestMessage, Task<HttpResponseMessage>>> handlers, IHostFactories hostFactories) { Requires.NotNull(handlers, "handlers"); this.handlers = handlers; this.hostFactories = hostFactories; }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingPartyChannel" /> class. /// </summary> /// <param name="cryptoKeyStore">The association store to use.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="securitySettings">The security settings to apply.</param> /// <param name="hostFactories">The host factories.</param> internal OpenIdRelyingPartyChannel(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, RelyingPartySecuritySettings securitySettings, IHostFactories hostFactories) : this(cryptoKeyStore, nonceStore, new OpenIdRelyingPartyMessageFactory(), securitySettings, false, hostFactories) { Requires.NotNull(securitySettings, "securitySettings"); }
/// <summary> /// Initializes a new instance of the <see cref="WebServerClient" /> class. /// </summary> /// <param name="authorizationServer">The authorization server.</param> /// <param name="clientIdentifier">The client identifier.</param> /// <param name="clientCredentialApplicator">The tool to use to apply client credentials to authenticated requests to the Authorization Server. /// May be <c>null</c> for clients with no secret or other means of authentication.</param> /// <param name="hostFactories">The host factories.</param> public WebServerClient(AuthorizationServerDescription authorizationServer, string clientIdentifier, ClientCredentialApplicator clientCredentialApplicator, IHostFactories hostFactories = null) : base(authorizationServer, clientIdentifier, clientCredentialApplicator, hostFactories) { }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProviderChannel" /> class. /// </summary> /// <param name="cryptoKeyStore">The OpenID Provider's association store or handle encoder.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="securitySettings">The security settings.</param> /// <param name="hostFactories">The host factories.</param> internal OpenIdProviderChannel(IProviderAssociationStore cryptoKeyStore, INonceStore nonceStore, ProviderSecuritySettings securitySettings, IHostFactories hostFactories) : this(cryptoKeyStore, nonceStore, new OpenIdProviderMessageFactory(), securitySettings, hostFactories) { Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); Requires.NotNull(securitySettings, "securitySettings"); }
internal TestChannel(IMessageFactory messageTypeProvider, IChannelBindingElement[] bindingElements, IHostFactories hostFactories) : base(messageTypeProvider, bindingElements, hostFactories) { }
internal TestChannel(IHostFactories hostFactories = null) : this(new TestMessageFactory(), new IChannelBindingElement[0], hostFactories ?? new DefaultOpenIdHostFactories()) { }
/// <summary> /// Gets the URL of the RP icon for the OP to display. /// </summary> /// <param name="realm">The realm of the RP where the authentication request originated.</param> /// <param name="hostFactories">The host factories.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order. /// </returns> /// <value>The icon URL.</value> /// <remarks> /// This property is automatically set for the OP with the result of RP discovery. /// RPs should set this value by including an entry such as this in their XRDS document. /// <example> /// <Service xmlns="xri://$xrd*($v*2.0)"> /// <Type>http://specs.openid.net/extensions/ui/icon</Type> /// <URI>http://consumer.example.com/images/image.jpg</URI> /// </Service> /// </example> /// </remarks> public static async Task <IEnumerable <Uri> > GetRelyingPartyIconUrlsAsync(Realm realm, IHostFactories hostFactories, CancellationToken cancellationToken) { Requires.NotNull(realm, "realm"); Requires.NotNull(hostFactories, "hostFactories"); XrdsDocument xrds = await realm.DiscoverAsync(hostFactories, false, cancellationToken); if (xrds == null) { return(Enumerable.Empty <Uri>()); } else { return(xrds.FindRelyingPartyIcons()); } }
/// <summary> /// Initializes a new instance of the <see cref="OAuth2ChannelBase" /> class. /// </summary> /// <param name="messageTypes">The message types that are received by this channel.</param> /// <param name="channelBindingElements">The binding elements to use in sending and receiving messages. /// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.</param> /// <param name="hostFactories">The host factories.</param> internal OAuth2ChannelBase(Type[] messageTypes, IChannelBindingElement[] channelBindingElements = null, IHostFactories hostFactories = null) : base(Requires.NotNull(messageTypes, "messageTypes"), Versions, hostFactories ?? new OAuth.DefaultOAuthHostFactories(), channelBindingElements ?? new IChannelBindingElement[0]) { }
internal TestChannel(IHostFactories hostFactories = null) : this(new TestMessageFactory(), new IChannelBindingElement[0], hostFactories ?? new DefaultOpenIdHostFactories()) { }
/// <summary> /// Initializes a new instance of the <see cref="WebServerClient" /> class. /// </summary> /// <param name="authorizationServer">The authorization server.</param> /// <param name="clientIdentifier">The client identifier.</param> /// <param name="clientSecret">The client secret.</param> /// <param name="hostFactories">The host factories.</param> public WebServerClient(AuthorizationServerDescription authorizationServer, string clientIdentifier = null, string clientSecret = null, IHostFactories hostFactories = null) : this(authorizationServer, clientIdentifier, DefaultSecretApplicator(clientSecret), hostFactories) { }
/// <summary> /// Gets a value indicating whether verification of the return URL claimed by the Relying Party /// succeeded. /// </summary> /// <param name="hostFactories">The host factories.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// Result of realm discovery. /// </returns> /// <remarks> /// Return URL verification is only attempted if this property is queried. /// The result of the verification is cached per request so calling this /// property getter multiple times in one request is not a performance hit. /// See OpenID Authentication 2.0 spec section 9.2.1. /// </remarks> public async Task<RelyingPartyDiscoveryResult> IsReturnUrlDiscoverableAsync(IHostFactories hostFactories, CancellationToken cancellationToken = default(CancellationToken)) { Requires.NotNull(hostFactories, "hostFactories"); if (!this.realmDiscoveryResult.HasValue) { this.realmDiscoveryResult = await this.IsReturnUrlDiscoverableCoreAsync(hostFactories, cancellationToken); } return this.realmDiscoveryResult.Value; }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProvider" /> class. /// </summary> /// <param name="applicationStore">The application store to use. Cannot be null.</param> /// <param name="hostFactories">The host factories.</param> public OpenIdProvider(ICryptoKeyAndNonceStore applicationStore, IHostFactories hostFactories = null) : this((INonceStore)applicationStore, (ICryptoKeyStore)applicationStore, hostFactories) { Requires.NotNull(applicationStore, "applicationStore"); }
internal TestChannel(MessageDescriptionCollection messageDescriptions, IHostFactories hostFactories = null) : this(hostFactories) { this.MessageDescriptions = messageDescriptions; }
/// <summary> /// Gets a value indicating whether verification of the return URL claimed by the Relying Party /// succeeded. /// </summary> /// <param name="hostFactories">The host factories.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// Result of realm discovery. /// </returns> private async Task<RelyingPartyDiscoveryResult> IsReturnUrlDiscoverableCoreAsync(IHostFactories hostFactories, CancellationToken cancellationToken) { Requires.NotNull(hostFactories, "hostFactories"); ErrorUtilities.VerifyInternal(this.Realm != null, "Realm should have been read or derived by now."); try { if (this.SecuritySettings.RequireSsl && this.Realm.Scheme != Uri.UriSchemeHttps) { Logger.OpenId.WarnFormat("RP discovery failed because RequireSsl is true and RP discovery would begin at insecure URL {0}.", this.Realm); return RelyingPartyDiscoveryResult.NoServiceDocument; } var returnToEndpoints = await this.Realm.DiscoverReturnToEndpointsAsync(hostFactories, false, cancellationToken); if (returnToEndpoints == null) { return RelyingPartyDiscoveryResult.NoServiceDocument; } foreach (var returnUrl in returnToEndpoints) { Realm discoveredReturnToUrl = returnUrl.ReturnToEndpoint; // The spec requires that the return_to URLs given in an RPs XRDS doc // do not contain wildcards. if (discoveredReturnToUrl.DomainWildcard) { Logger.Yadis.WarnFormat("Realm {0} contained return_to URL {1} which contains a wildcard, which is not allowed.", Realm, discoveredReturnToUrl); continue; } // Use the same rules as return_to/realm matching to check whether this // URL fits the return_to URL we were given. if (discoveredReturnToUrl.Contains(this.RequestMessage.ReturnTo)) { // no need to keep looking after we find a match return RelyingPartyDiscoveryResult.Success; } } } catch (ProtocolException ex) { // Don't do anything else. We quietly fail at return_to verification and return false. Logger.Yadis.InfoFormat("Relying party discovery at URL {0} failed. {1}", Realm, ex); return RelyingPartyDiscoveryResult.NoServiceDocument; } catch (WebException ex) { // Don't do anything else. We quietly fail at return_to verification and return false. Logger.Yadis.InfoFormat("Relying party discovery at URL {0} failed. {1}", Realm, ex); return RelyingPartyDiscoveryResult.NoServiceDocument; } return RelyingPartyDiscoveryResult.NoMatchingReturnTo; }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProvider" /> class. /// </summary> /// <param name="nonceStore">The nonce store to use. Cannot be null.</param> /// <param name="cryptoKeyStore">The crypto key store. Cannot be null.</param> /// <param name="hostFactories">The host factories.</param> private OpenIdProvider(INonceStore nonceStore, ICryptoKeyStore cryptoKeyStore, IHostFactories hostFactories) { Requires.NotNull(nonceStore, "nonceStore"); Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); this.SecuritySettings = OpenIdElement.Configuration.Provider.SecuritySettings.CreateSecuritySettings(); this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in OpenIdElement.Configuration.Provider.Behaviors.CreateInstances(false, null)) { this.behaviors.Add(behavior); } this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings, hostFactories); this.CryptoKeyStore = cryptoKeyStore; this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, nonceStore); }
/// <summary> /// Searches for an XRDS document at the realm URL, and if found, searches /// for a description of a relying party endpoints (OpenId login pages). /// </summary> /// <param name="hostFactories">The host factories.</param> /// <param name="allowRedirects">Whether redirects may be followed when discovering the Realm. /// This may be true when creating an unsolicited assertion, but must be /// false when performing return URL verification per 2.0 spec section 9.2.1.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The details of the endpoints if found, otherwise null. /// </returns> internal override Task <IEnumerable <RelyingPartyEndpointDescription> > DiscoverReturnToEndpointsAsync(IHostFactories hostFactories, bool allowRedirects, CancellationToken cancellationToken) { return(Task.FromResult <IEnumerable <RelyingPartyEndpointDescription> >(this.relyingPartyDescriptions)); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdChannel" /> class. /// </summary> /// <param name="messageTypeProvider">A class prepared to analyze incoming messages and indicate what concrete /// message types can deserialize from it.</param> /// <param name="bindingElements">The binding elements to use in sending and receiving messages.</param> /// <param name="hostFactories">The host factories.</param> protected OpenIdChannel(IMessageFactory messageTypeProvider, IChannelBindingElement[] bindingElements, IHostFactories hostFactories) : base(messageTypeProvider, bindingElements, hostFactories ?? new DefaultOpenIdHostFactories()) { Requires.NotNull(messageTypeProvider, "messageTypeProvider"); // Customize the binding element order, since we play some tricks for higher // security and backward compatibility with older OpenID versions. var outgoingBindingElements = new List <IChannelBindingElement>(bindingElements); var incomingBindingElements = new List <IChannelBindingElement>(bindingElements); incomingBindingElements.Reverse(); // Customize the order of the incoming elements by moving the return_to elements in front. var backwardCompatibility = incomingBindingElements.OfType <BackwardCompatibilityBindingElement>().SingleOrDefault(); var returnToSign = incomingBindingElements.OfType <ReturnToSignatureBindingElement>().SingleOrDefault(); if (backwardCompatibility != null) { incomingBindingElements.MoveTo(0, backwardCompatibility); } if (returnToSign != null) { // Yes, this is intentionally, shifting the backward compatibility // binding element to second position. incomingBindingElements.MoveTo(0, returnToSign); } this.CustomizeBindingElementOrder(outgoingBindingElements, incomingBindingElements); }