private async Task<HttpResponseMessage> HandleAsync() {
var provider = new OpenIdProvider(store);
IRequest request = await provider.GetRequestAsync(this.Request);
if (request == null) {
App.Logger.Error("A request came in that did not carry an OpenID message.");
return new HttpResponseMessage(HttpStatusCode.BadRequest) {
Content = new StringContent("<html><body>This is an OpenID Provider endpoint.</body></html>", Encoding.UTF8, "text/html"),
};
}
return await await this.MainWindow.Dispatcher.InvokeAsync(async delegate {
if (!request.IsResponseReady) {
var authRequest = request as IAuthenticationRequest;
if (authRequest != null) {
string userIdentityPageBase = this.Url.Link("default", new { controller = "user" }) + "/";
var userIdentityPageBaseUri = new Uri(userIdentityPageBase);
switch (this.MainWindow.checkidRequestList.SelectedIndex) {
case 0:
if (authRequest.IsDirectedIdentity) {
if (this.MainWindow.capitalizedHostName.IsChecked.Value) {
userIdentityPageBase = (userIdentityPageBaseUri.Scheme + Uri.SchemeDelimiter + userIdentityPageBaseUri.Authority).ToUpperInvariant() + userIdentityPageBaseUri.PathAndQuery;
}
string leafPath = "directedidentity";
if (this.MainWindow.directedIdentityTrailingPeriodsCheckbox.IsChecked.Value) {
leafPath += ".";
}
authRequest.ClaimedIdentifier = Identifier.Parse(userIdentityPageBase + leafPath, true);
authRequest.LocalIdentifier = authRequest.ClaimedIdentifier;
}
authRequest.IsAuthenticated = true;
break;
case 1:
authRequest.IsAuthenticated = false;
break;
case 2:
IntPtr oldForegroundWindow = NativeMethods.GetForegroundWindow();
bool stoleFocus = NativeMethods.SetForegroundWindow(this.MainWindow);
await CheckIdWindow.ProcessAuthenticationAsync(userIdentityPageBaseUri, authRequest, CancellationToken.None);
if (stoleFocus) {
NativeMethods.SetForegroundWindow(oldForegroundWindow);
}
break;
}
}
}
var responseMessage = await provider.PrepareResponseAsync(request);
return responseMessage;
});
}
/// <summary>
/// Gets a default implementation of a simple provider that responds to authentication requests
/// per the scenario that is being simulated.
/// </summary>
/// <remarks>
/// This is a very useful method to pass to the OpenIdCoordinator constructor for the Provider argument.
/// </remarks>
internal async Task<HttpResponseMessage> AutoProviderActionAsync(OpenIdProvider provider, HttpRequestMessage req, CancellationToken ct) {
IRequest request = await provider.GetRequestAsync(req, ct);
Assert.That(request, Is.Not.Null);
if (!request.IsResponseReady) {
var authRequest = (IAuthenticationRequest)request;
switch (this.AutoProviderScenario) {
case Scenarios.AutoApproval:
authRequest.IsAuthenticated = true;
break;
case Scenarios.AutoApprovalAddFragment:
authRequest.SetClaimedIdentifierFragment("frag");
authRequest.IsAuthenticated = true;
break;
case Scenarios.ApproveOnSetup:
authRequest.IsAuthenticated = !authRequest.Immediate;
break;
case Scenarios.AlwaysDeny:
authRequest.IsAuthenticated = false;
break;
default:
// All other scenarios are done programmatically only.
throw new InvalidOperationException("Unrecognized scenario");
}
}
return await provider.PrepareResponseAsync(request, ct);
}
/// <summary>
/// Runs a parameterized association flow test.
/// </summary>
/// <param name="opDescription">
/// The description of the Provider that the relying party uses to formulate the request.
/// The specific host is not used, but the scheme is significant.
/// </param>
/// <param name="expectedAssociationType">
/// The value of the openid.assoc_type parameter expected,
/// or null if a failure is anticipated.
/// </param>
private async Task ParameterizedAssociationTestAsync(
ProviderEndpointDescription opDescription,
string expectedAssociationType) {
Protocol protocol = Protocol.Lookup(Protocol.Lookup(opDescription.Version).ProtocolVersion);
bool expectSuccess = expectedAssociationType != null;
bool expectDiffieHellman = !opDescription.Uri.IsTransportSecure();
Association rpAssociation = null, opAssociation;
AssociateSuccessfulResponse associateSuccessfulResponse = null;
AssociateUnsuccessfulResponse associateUnsuccessfulResponse = null;
var relyingParty = new OpenIdRelyingParty(new MemoryCryptoKeyAndNonceStore(), this.HostFactories);
var provider = new OpenIdProvider(new MemoryCryptoKeyAndNonceStore(), this.HostFactories) {
SecuritySettings = this.ProviderSecuritySettings
};
Handle(opDescription.Uri).By(
async (request, ct) => {
IRequest req = await provider.GetRequestAsync(request, ct);
Assert.IsNotNull(req, "Expected incoming request but did not receive it.");
Assert.IsTrue(req.IsResponseReady);
return await provider.PrepareResponseAsync(req, ct);
});
relyingParty.Channel.IncomingMessageFilter = message => {
Assert.AreSame(opDescription.Version, message.Version, "The message was recognized as version {0} but was expected to be {1}.", message.Version, Protocol.Lookup(opDescription.Version).ProtocolVersion);
var associateSuccess = message as AssociateSuccessfulResponse;
var associateFailed = message as AssociateUnsuccessfulResponse;
if (associateSuccess != null) {
associateSuccessfulResponse = associateSuccess;
}
if (associateFailed != null) {
associateUnsuccessfulResponse = associateFailed;
}
};
relyingParty.Channel.OutgoingMessageFilter = message => {
Assert.AreEqual(opDescription.Version, message.Version, "The message was for version {0} but was expected to be for {1}.", message.Version, opDescription.Version);
};
relyingParty.SecuritySettings = this.RelyingPartySecuritySettings;
rpAssociation = await relyingParty.AssociationManager.GetOrCreateAssociationAsync(opDescription, CancellationToken.None);
if (expectSuccess) {
Assert.IsNotNull(rpAssociation);
Association actual = relyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, rpAssociation.Handle);
Assert.AreEqual(rpAssociation, actual);
opAssociation = provider.AssociationStore.Deserialize(new TestSignedDirectedMessage(), false, rpAssociation.Handle);
Assert.IsNotNull(opAssociation, "The Provider could not decode the association handle.");
Assert.AreEqual(opAssociation.Handle, rpAssociation.Handle);
Assert.AreEqual(expectedAssociationType, rpAssociation.GetAssociationType(protocol));
Assert.AreEqual(expectedAssociationType, opAssociation.GetAssociationType(protocol));
Assert.IsTrue(Math.Abs(opAssociation.SecondsTillExpiration - rpAssociation.SecondsTillExpiration) < 60);
Assert.IsTrue(MessagingUtilities.AreEquivalent(opAssociation.SecretKey, rpAssociation.SecretKey));
if (expectDiffieHellman) {
Assert.IsInstanceOf<AssociateDiffieHellmanResponse>(associateSuccessfulResponse);
var diffieHellmanResponse = (AssociateDiffieHellmanResponse)associateSuccessfulResponse;
Assert.IsFalse(MessagingUtilities.AreEquivalent(diffieHellmanResponse.EncodedMacKey, rpAssociation.SecretKey), "Key should have been encrypted.");
} else {
Assert.IsInstanceOf<AssociateUnencryptedResponse>(associateSuccessfulResponse);
var unencryptedResponse = (AssociateUnencryptedResponse)associateSuccessfulResponse;
}
} else {
Assert.IsNull(relyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, new RelyingPartySecuritySettings()));
}
}
