Ejemplo n.º 1
0
		void replayAttackPrevention(ProtocolVersion version) {
			ServiceEndpoint ep = getServiceEndpoint(TestSupport.Scenarios.AutoApproval, version);
			Token token = new Token(ep);

			INonceStore store = new ApplicationMemoryStore();
			string serializedToken = token.Serialize(store);
			Token.Deserialize(serializedToken, store);
			Token.Deserialize(serializedToken, store);
		}
Ejemplo n.º 2
0
		public void EqualsTest() {
			ServiceEndpoint ep1 = getServiceEndpoint(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20);
			Token token1a = new Token(ep1);
			Token token1b = new Token(ep1);
			Assert.AreEqual(token1a, token1a, "It's the same object!");
			Assert.AreNotEqual(token1a, token1b, "Two tokens generated for the same service endpoint should have unique nonces.");

			ServiceEndpoint ep2 = getServiceEndpoint(TestSupport.Scenarios.AlwaysDeny, ProtocolVersion.V20);
			Token token2 = new Token(ep2);
			Assert.AreNotEqual(token1a, token2);
		}
Ejemplo n.º 3
0
		/// <summary>
		/// Tests token creation, serialization, and conditional nonce serialization.
		/// </summary>
		void tokenBasics(ProtocolVersion version) {
			ServiceEndpoint ep = getServiceEndpoint(TestSupport.Scenarios.AutoApproval, version);
			Token token = new Token(ep);
			Assert.AreSame(ep, token.Endpoint);
			Assert.IsNotNull(token.Nonce);

			INonceStore store = new ApplicationMemoryStore();
			string serializedToken = token.Serialize(store);

			Token token2 = Token.Deserialize(serializedToken, store);

			Assert.AreEqual(token.Endpoint, token2.Endpoint);
			if (ep.Protocol.Version.Major < 2) {
				Assert.AreEqual(token.Nonce, token2.Nonce);
				Assert.IsNotNull(token2.Nonce);
			} else {
				Assert.IsNull(token2.Nonce);
			}
		}
Ejemplo n.º 4
0
        internal static AuthenticationRequest Create(Identifier userSuppliedIdentifier,
            OpenIdRelyingParty relyingParty, Realm realm, Uri returnToUrl)
        {
            if (userSuppliedIdentifier == null) throw new ArgumentNullException("userSuppliedIdentifier");
            if (relyingParty == null) throw new ArgumentNullException("relyingParty");
            if (realm == null) throw new ArgumentNullException("realm");

            userSuppliedIdentifier = userSuppliedIdentifier.TrimFragment();
            if (relyingParty.Settings.RequireSsl) {
                // Rather than check for successful SSL conversion at this stage,
                // We'll wait for secure discovery to fail on the new identifier.
                userSuppliedIdentifier.TryRequireSsl(out userSuppliedIdentifier);
            }
            Logger.InfoFormat("Creating authentication request for user supplied Identifier: {0}",
                userSuppliedIdentifier);
            Logger.DebugFormat("Realm: {0}", realm);
            Logger.DebugFormat("Return To: {0}", returnToUrl);

            if (Logger.IsWarnEnabled && returnToUrl.Query != null) {
                NameValueCollection returnToArgs = HttpUtility.ParseQueryString(returnToUrl.Query);
                foreach (string key in returnToArgs) {
                    if (OpenIdRelyingParty.ShouldParameterBeStrippedFromReturnToUrl(key)) {
                        Logger.WarnFormat("OpenId argument \"{0}\" found in return_to URL.  This can corrupt an OpenID response.", key);
                        break;
                    }
                }
            }

            var endpoints = new List<ServiceEndpoint>(userSuppliedIdentifier.Discover());
            ServiceEndpoint endpoint = selectEndpoint(endpoints.AsReadOnly(), relyingParty);
            if (endpoint == null)
                throw new OpenIdException(Strings.OpenIdEndpointNotFound);
            Logger.DebugFormat("Discovered provider endpoint: {0}", endpoint);

            // Throw an exception now if the realm and the return_to URLs don't match
            // as required by the provider.  We could wait for the provider to test this and
            // fail, but this will be faster and give us a better error message.
            if (!realm.Contains(returnToUrl))
                throw new OpenIdException(string.Format(CultureInfo.CurrentCulture,
                    Strings.ReturnToNotUnderRealm, returnToUrl, realm));

            string token = new Token(endpoint).Serialize(relyingParty.Store);
            // Retrieve the association, but don't create one, as a creation was already
            // attempted by the selectEndpoint method.
            Association association = relyingParty.Store != null ? getAssociation(relyingParty, endpoint, false) : null;

            return new AuthenticationRequest(
                token, association, endpoint, realm, returnToUrl, relyingParty);
        }