private OpenIdRelyingParty(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, IHostFactories hostFactories) { // If we are a smart-mode RP (supporting associations), then we MUST also be // capable of storing nonces to prevent replay attacks. // If we're a dumb-mode RP, then 2.0 OPs are responsible for preventing replays. Requires.That(cryptoKeyStore == null || nonceStore != null, null, OpenIdStrings.AssociationStoreRequiresNonceStore); this.securitySettings = OpenIdElement.Configuration.RelyingParty.SecuritySettings.CreateSecuritySettings(); this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in OpenIdElement.Configuration.RelyingParty.Behaviors.CreateInstances(false, null)) { this.behaviors.Add(behavior); } // Without a nonce store, we must rely on the Provider to protect against // replay attacks. But only 2.0+ Providers can be expected to provide // replay protection. if (nonceStore == null && this.SecuritySettings.ProtectDownlevelReplayAttacks && this.SecuritySettings.MinimumRequiredOpenIdVersion < ProtocolVersion.V20) { Logger.OpenId.Warn("Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks."); this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20; } this.channel = new OpenIdRelyingPartyChannel(cryptoKeyStore, nonceStore, this.SecuritySettings, hostFactories); var associationStore = cryptoKeyStore != null ? new CryptoKeyStoreAsRelyingPartyAssociationStore(cryptoKeyStore) : null; this.AssociationManager = new AssociationManager(this.Channel, associationStore, this.SecuritySettings); this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, cryptoKeyStore, nonceStore); }
/// <summary> /// Initializes a new instance of the <see cref="AsymmetricCryptoKeyStoreWrapper"/> class. /// </summary> /// <param name="dataStore">The data store.</param> /// <param name="asymmetricCrypto">The asymmetric protection to apply to symmetric keys. Must include the private key.</param> public AsymmetricCryptoKeyStoreWrapper(ICryptoKeyStore dataStore, RSACryptoServiceProvider asymmetricCrypto) { Requires.NotNull(dataStore, "dataStore"); Requires.NotNull(asymmetricCrypto, "asymmetricCrypto"); Requires.True(!asymmetricCrypto.PublicOnly, "asymmetricCrypto"); this.dataStore = dataStore; this.asymmetricCrypto = asymmetricCrypto; }
/// <summary> /// Creates a formatter capable of serializing/deserializing a refresh token. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> /// <returns> /// A DataBag formatter. Never null. /// </returns> internal static IDataBagFormatter <RefreshToken> CreateFormatter(ICryptoKeyStore cryptoKeyStore) { Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); Contract.Ensures(Contract.Result <IDataBagFormatter <RefreshToken> >() != null); return(new UriStyleMessageFormatter <RefreshToken>(cryptoKeyStore, RefreshTokenKeyBucket, signed: true, encrypted: true)); }
public CryptoKeyProviderFactory(IConfigurationProvider config, IKmsClientFactory kmsClientFactory, ICryptoKeyStore cryptoKeyStore, ILockProvider lockProvider) { _config = config; _cryptoKeyStore = cryptoKeyStore; _lockProvider = lockProvider; _kmsClientFactory = kmsClientFactory; }
/// <summary> /// Initializes a new instance of the <see cref="AsymmetricCryptoKeyStoreWrapper"/> class. /// </summary> /// <param name="dataStore">The data store.</param> /// <param name="asymmetricCrypto">The asymmetric protection to apply to symmetric keys. Must include the private key.</param> public AsymmetricCryptoKeyStoreWrapper(ICryptoKeyStore dataStore, RSACryptoServiceProvider asymmetricCrypto) { Contract.Requires<ArgumentNullException>(dataStore != null); Contract.Requires<ArgumentNullException>(asymmetricCrypto != null); Contract.Requires<ArgumentException>(!asymmetricCrypto.PublicOnly); this.dataStore = dataStore; this.asymmetricCrypto = asymmetricCrypto; }
/// <summary> /// Creates the formatter used for serialization of this type. /// </summary> /// <param name="cryptoKeyStore">The crypto key store used when signing or encrypting.</param> /// <param name="bucket">The bucket in which symmetric keys are stored for signing/encrypting data.</param> /// <param name="minimumAge">The minimum age.</param> /// <returns> /// A formatter for serialization. /// </returns> internal static IDataBagFormatter <AssociationDataBag> CreateFormatter(ICryptoKeyStore cryptoKeyStore, string bucket, TimeSpan?minimumAge = null) { Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); Requires.NotNullOrEmpty(bucket, "bucket"); Contract.Ensures(Contract.Result <IDataBagFormatter <AssociationDataBag> >() != null); return(new BinaryDataBagFormatter <AssociationDataBag>(cryptoKeyStore, bucket, signed: true, encrypted: true, minimumAge: minimumAge)); }
public AuthorizationServerHost(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, IClientRepository clientRepository, IUserRepository userRepository) { _cryptoKeyStore = cryptoKeyStore; _nonceStore = nonceStore; _clientRepository = clientRepository; _userRepository = userRepository; }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingPartyChannel"/> class. /// </summary> /// <param name="cryptoKeyStore">The association store to use.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="messageTypeProvider">An object that knows how to distinguish the various OpenID message types for deserialization purposes.</param> /// <param name="securitySettings">The security settings to apply.</param> /// <param name="nonVerifying">A value indicating whether the channel is set up with no functional security binding elements.</param> private OpenIdRelyingPartyChannel(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, IMessageFactory messageTypeProvider, RelyingPartySecuritySettings securitySettings, bool nonVerifying) : base(messageTypeProvider, InitializeBindingElements(cryptoKeyStore, nonceStore, securitySettings, nonVerifying)) { Requires.NotNull(messageTypeProvider, "messageTypeProvider"); Requires.NotNull(securitySettings, "securitySettings"); Requires.True(!nonVerifying || securitySettings is RelyingPartySecuritySettings); }
public KmsCryptoKeyProvider(IConfigurationProvider config, IKmsClientFactory kmsClientFactory, ICryptoKeyStore cryptoKeyStore, ILockProvider lockProvider) { _config = config; _cryptoKeyStore = cryptoKeyStore; _lockProvider = lockProvider; _kmsClientFactory = kmsClientFactory; _globalLock = new GlobalLock(lockProvider); }
public ExampleAuthorizationServer(ICryptoKeyStore cryptoKeyStore, ICryptoKeyPair authServerKeys, ICryptoKeyPair dataServerKeys, IOAuth2ClientStore clientStore, IUserStore userStore) { this.cryptoKeyStore = cryptoKeyStore; this.authServerKeys = authServerKeys; this.dataServerKeys = dataServerKeys; this.clientStore = clientStore; this.userStore = userStore; }
/// <summary> /// Initializes a new instance of the <see cref="SwitchingAssociationStore"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> /// <param name="securitySettings">The security settings.</param> internal SwitchingAssociationStore(ICryptoKeyStore cryptoKeyStore, ProviderSecuritySettings securitySettings) { Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); Requires.NotNull(securitySettings, "securitySettings"); this.securitySettings = securitySettings; this.associationHandleEncoder = new ProviderAssociationHandleEncoder(cryptoKeyStore); this.associationSecretStorage = new ProviderAssociationKeyStorage(cryptoKeyStore); }
/// <summary> /// Initializes a new instance of the <see cref="DataBagFormatterBase<T>"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store used when signing or encrypting.</param> /// <param name="bucket">The bucket in which symmetric keys are stored for signing/encrypting data.</param> /// <param name="signed">A value indicating whether the data in this instance will be protected against tampering.</param> /// <param name="encrypted">A value indicating whether the data in this instance will be protected against eavesdropping.</param> /// <param name="compressed">A value indicating whether the data in this instance will be GZip'd.</param> /// <param name="minimumAge">The required minimum lifespan within which this token must be decodable and verifiable; useful only when <paramref name="signed"/> and/or <paramref name="encrypted"/> is true.</param> /// <param name="maximumAge">The maximum age of a token that can be decoded; useful only when <paramref name="decodeOnceOnly"/> is <c>true</c>.</param> /// <param name="decodeOnceOnly">The nonce store to use to ensure that this instance is only decoded once.</param> protected DataBagFormatterBase(ICryptoKeyStore cryptoKeyStore = null, string bucket = null, bool signed = false, bool encrypted = false, bool compressed = false, TimeSpan?minimumAge = null, TimeSpan?maximumAge = null, INonceStore decodeOnceOnly = null) : this(signed, encrypted, compressed, maximumAge, decodeOnceOnly) { this.cryptoKeyStore = cryptoKeyStore; this.cryptoKeyBucket = bucket; if (minimumAge.HasValue) { this.minimumAge = minimumAge.Value; } }
private const int TokenLifetimeInSeconds = 24 * 60 * 60; // 24 hours public GameApiOAuthServer(ICryptoKeyStore cryptoKeyStore, ICryptoKeyPair authServerKeys, ICryptoKeyPair dataServerKeys, IOAuth2ClientStore clientStore, Guid gameProviderId, int tokenLifetimeInSeconds = -1) { _cryptoKeyStore = cryptoKeyStore; _authServerKeys = authServerKeys; _dataServerKeys = dataServerKeys; _clientStore = clientStore; _gameProviderId = gameProviderId; _tokenLifetime = (tokenLifetimeInSeconds >= 0) ? tokenLifetimeInSeconds : TokenLifetimeInSeconds; }
/// <summary> /// Initializes the binding elements. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="securitySettings">The security settings to apply. Must be an instance of either <see cref="RelyingPartySecuritySettings"/> or ProviderSecuritySettings.</param> /// <param name="nonVerifying">A value indicating whether the channel is set up with no functional security binding elements.</param> /// <returns> /// An array of binding elements which may be used to construct the channel. /// </returns> private static IChannelBindingElement[] InitializeBindingElements(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, RelyingPartySecuritySettings securitySettings, bool nonVerifying) { Requires.NotNull(securitySettings, "securitySettings"); SigningBindingElement signingElement; signingElement = nonVerifying ? null : new RelyingPartySigningBindingElement(new CryptoKeyStoreAsRelyingPartyAssociationStore(cryptoKeyStore ?? new MemoryCryptoKeyStore())); var extensionFactory = OpenIdExtensionFactoryAggregator.LoadFromConfiguration(); List <IChannelBindingElement> elements = new List <IChannelBindingElement>(8); elements.Add(new ExtensionsBindingElementRelyingParty(extensionFactory, securitySettings)); elements.Add(new RelyingPartySecurityOptions(securitySettings)); elements.Add(new BackwardCompatibilityBindingElement()); ReturnToNonceBindingElement requestNonceElement = null; if (cryptoKeyStore != null) { if (nonceStore != null) { // There is no point in having a ReturnToNonceBindingElement without // a ReturnToSignatureBindingElement because the nonce could be // artificially changed without it. requestNonceElement = new ReturnToNonceBindingElement(nonceStore, securitySettings); elements.Add(requestNonceElement); } // It is important that the return_to signing element comes last // so that the nonce is included in the signature. elements.Add(new ReturnToSignatureBindingElement(cryptoKeyStore)); } ErrorUtilities.VerifyOperation(!securitySettings.RejectUnsolicitedAssertions || requestNonceElement != null, OpenIdStrings.UnsolicitedAssertionRejectionRequiresNonceStore); if (nonVerifying) { elements.Add(new SkipSecurityBindingElement()); } else { if (nonceStore != null) { elements.Add(new StandardReplayProtectionBindingElement(nonceStore, true)); } elements.Add(new StandardExpirationBindingElement()); elements.Add(signingElement); } return(elements.ToArray()); }
/// <summary> /// Initializes a new instance of the <see cref="DataBagFormatterBase<T>"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store used when signing or encrypting.</param> /// <param name="bucket">The bucket in which symmetric keys are stored for signing/encrypting data.</param> /// <param name="signed">A value indicating whether the data in this instance will be protected against tampering.</param> /// <param name="encrypted">A value indicating whether the data in this instance will be protected against eavesdropping.</param> /// <param name="compressed">A value indicating whether the data in this instance will be GZip'd.</param> /// <param name="minimumAge">The required minimum lifespan within which this token must be decodable and verifiable; useful only when <paramref name="signed"/> and/or <paramref name="encrypted"/> is true.</param> /// <param name="maximumAge">The maximum age of a token that can be decoded; useful only when <paramref name="decodeOnceOnly"/> is <c>true</c>.</param> /// <param name="decodeOnceOnly">The nonce store to use to ensure that this instance is only decoded once.</param> protected DataBagFormatterBase(ICryptoKeyStore cryptoKeyStore = null, string bucket = null, bool signed = false, bool encrypted = false, bool compressed = false, TimeSpan?minimumAge = null, TimeSpan?maximumAge = null, INonceStore decodeOnceOnly = null) : this(signed, encrypted, compressed, maximumAge, decodeOnceOnly) { Requires.True(!string.IsNullOrEmpty(bucket) || cryptoKeyStore == null, null); Requires.True(cryptoKeyStore != null || (!signed && !encrypted), null); this.cryptoKeyStore = cryptoKeyStore; this.cryptoKeyBucket = bucket; if (minimumAge.HasValue) { this.minimumAge = minimumAge.Value; } }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProvider"/> class. /// </summary> /// <param name="nonceStore">The nonce store to use. Cannot be null.</param> /// <param name="cryptoKeyStore">The crypto key store. Cannot be null.</param> private OpenIdProvider(INonceStore nonceStore, ICryptoKeyStore cryptoKeyStore) { Requires.NotNull(nonceStore, "nonceStore"); Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); this.SecuritySettings = OpenIdElement.Configuration.Provider.SecuritySettings.CreateSecuritySettings(); this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in OpenIdElement.Configuration.Provider.Behaviors.CreateInstances(false)) { this.behaviors.Add(behavior); } this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings); this.CryptoKeyStore = cryptoKeyStore; this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, nonceStore); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProvider"/> class. /// </summary> /// <param name="nonceStore">The nonce store to use. Cannot be null.</param> /// <param name="cryptoKeyStore">The crypto key store. Cannot be null.</param> private OpenIdProvider(INonceStore nonceStore, ICryptoKeyStore cryptoKeyStore) { Contract.Requires<ArgumentNullException>(nonceStore != null); Contract.Requires<ArgumentNullException>(cryptoKeyStore != null); Contract.Ensures(this.SecuritySettings != null); Contract.Ensures(this.Channel != null); this.SecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.Provider.SecuritySettings.CreateSecuritySettings(); this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in DotNetOpenAuthSection.Configuration.OpenId.Provider.Behaviors.CreateInstances(false)) { this.behaviors.Add(behavior); } this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings); this.CryptoKeyStore = cryptoKeyStore; Reporting.RecordFeatureAndDependencyUse(this, nonceStore); }
/// <summary> /// Initializes the binding elements. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="securitySettings">The security settings to apply. Must be an instance of either <see cref="RelyingPartySecuritySettings"/> or ProviderSecuritySettings.</param> /// <param name="nonVerifying">A value indicating whether the channel is set up with no functional security binding elements.</param> /// <returns> /// An array of binding elements which may be used to construct the channel. /// </returns> private static IChannelBindingElement[] InitializeBindingElements(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, RelyingPartySecuritySettings securitySettings, bool nonVerifying) { Requires.NotNull(securitySettings, "securitySettings"); SigningBindingElement signingElement; signingElement = nonVerifying ? null : new RelyingPartySigningBindingElement(new CryptoKeyStoreAsRelyingPartyAssociationStore(cryptoKeyStore ?? new MemoryCryptoKeyStore())); var extensionFactory = OpenIdExtensionFactoryAggregator.LoadFromConfiguration(); List<IChannelBindingElement> elements = new List<IChannelBindingElement>(8); elements.Add(new ExtensionsBindingElementRelyingParty(extensionFactory, securitySettings)); elements.Add(new RelyingPartySecurityOptions(securitySettings)); elements.Add(new BackwardCompatibilityBindingElement()); ReturnToNonceBindingElement requestNonceElement = null; if (cryptoKeyStore != null) { if (nonceStore != null) { // There is no point in having a ReturnToNonceBindingElement without // a ReturnToSignatureBindingElement because the nonce could be // artificially changed without it. requestNonceElement = new ReturnToNonceBindingElement(nonceStore, securitySettings); elements.Add(requestNonceElement); } // It is important that the return_to signing element comes last // so that the nonce is included in the signature. elements.Add(new ReturnToSignatureBindingElement(cryptoKeyStore)); } ErrorUtilities.VerifyOperation(!securitySettings.RejectUnsolicitedAssertions || requestNonceElement != null, OpenIdStrings.UnsolicitedAssertionRejectionRequiresNonceStore); if (nonVerifying) { elements.Add(new SkipSecurityBindingElement()); } else { if (nonceStore != null) { elements.Add(new StandardReplayProtectionBindingElement(nonceStore, true)); } elements.Add(new StandardExpirationBindingElement()); elements.Add(signingElement); } return elements.ToArray(); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProvider" /> class. /// </summary> /// <param name="nonceStore">The nonce store to use. Cannot be null.</param> /// <param name="cryptoKeyStore">The crypto key store. Cannot be null.</param> /// <param name="hostFactories">The host factories.</param> private OpenIdProvider(INonceStore nonceStore, ICryptoKeyStore cryptoKeyStore, IHostFactories hostFactories) { Requires.NotNull(nonceStore, "nonceStore"); Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); this.SecuritySettings = OpenIdElement.Configuration.Provider.SecuritySettings.CreateSecuritySettings(); this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in OpenIdElement.Configuration.Provider.Behaviors.CreateInstances(false, null)) { this.behaviors.Add(behavior); } this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings, hostFactories); this.CryptoKeyStore = cryptoKeyStore; this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, nonceStore); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingPartyChannel"/> class. /// </summary> /// <param name="cryptoKeyStore">The association store to use.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="securitySettings">The security settings to apply.</param> internal OpenIdRelyingPartyChannel(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, RelyingPartySecuritySettings securitySettings) : this(cryptoKeyStore, nonceStore, new OpenIdRelyingPartyMessageFactory(), securitySettings, false) { Requires.NotNull(securitySettings, "securitySettings"); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingPartyChannel"/> class. /// </summary> /// <param name="cryptoKeyStore">The association store to use.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="messageTypeProvider">An object that knows how to distinguish the various OpenID message types for deserialization purposes.</param> /// <param name="securitySettings">The security settings to apply.</param> /// <param name="nonVerifying">A value indicating whether the channel is set up with no functional security binding elements.</param> private OpenIdRelyingPartyChannel(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, IMessageFactory messageTypeProvider, RelyingPartySecuritySettings securitySettings, bool nonVerifying) : base(messageTypeProvider, InitializeBindingElements(cryptoKeyStore, nonceStore, securitySettings, nonVerifying)) { Requires.NotNull(messageTypeProvider, "messageTypeProvider"); Requires.NotNull(securitySettings, "securitySettings"); Assumes.True(!nonVerifying || securitySettings is RelyingPartySecuritySettings); }
/// <summary> /// Initializes a new instance of the <see cref="ProviderAssociationKeyStorage"/> class. /// </summary> /// <param name="cryptoKeyStore">The store where association secrets will be recorded.</param> internal ProviderAssociationKeyStorage(ICryptoKeyStore cryptoKeyStore) { Contract.Requires<ArgumentNullException>(cryptoKeyStore != null); this.cryptoKeyStore = cryptoKeyStore; }
/// <summary> /// Creates a formatter capable of serializing/deserializing an access token. /// </summary> /// <param name="symmetricKeyStore">The symmetric key store.</param> /// <returns> /// An access token serializer. /// </returns> internal static IDataBagFormatter <AccessToken> CreateFormatter(ICryptoKeyStore symmetricKeyStore) { Requires.NotNull(symmetricKeyStore, "symmetricKeyStore"); return(new UriStyleMessageFormatter <AccessToken>(symmetricKeyStore, bucket: "AccessTokens", signed: true, encrypted: true)); }
/// <summary> /// Creates a formatter capable of serializing/deserializing an access token. /// </summary> /// <param name="symmetricKeyStore">The symmetric key store.</param> /// <returns> /// An access token serializer. /// </returns> internal static IDataBagFormatter<AccessToken> CreateFormatter(ICryptoKeyStore symmetricKeyStore) { Requires.NotNull(symmetricKeyStore, "symmetricKeyStore"); return new UriStyleMessageFormatter<AccessToken>(symmetricKeyStore, bucket: "AccessTokens", signed: true, encrypted: true); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdChannel"/> class /// for use by a Relying Party. /// </summary> /// <param name="cryptoKeyStore">The association store to use.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="securitySettings">The security settings to apply.</param> internal OpenIdChannel(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, RelyingPartySecuritySettings securitySettings) : this(cryptoKeyStore, nonceStore, new OpenIdMessageFactory(), securitySettings, false) { Contract.Requires<ArgumentNullException>(securitySettings != null); }
/// <summary> /// Initializes a new instance of the <see cref="ProviderAssociationKeyStorage"/> class. /// </summary> /// <param name="cryptoKeyStore">The store where association secrets will be recorded.</param> internal ProviderAssociationKeyStorage(ICryptoKeyStore cryptoKeyStore) { Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); this.cryptoKeyStore = cryptoKeyStore; }
/// <summary> /// Initializes a new instance of the <see cref="SwitchingAssociationStore"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> /// <param name="securitySettings">The security settings.</param> internal SwitchingAssociationStore(ICryptoKeyStore cryptoKeyStore, ProviderSecuritySettings securitySettings) { Contract.Requires<ArgumentNullException>(cryptoKeyStore != null); Contract.Requires<ArgumentNullException>(securitySettings != null); this.securitySettings = securitySettings; this.associationHandleEncoder = new ProviderAssociationHandleEncoder(cryptoKeyStore); this.associationSecretStorage = new ProviderAssociationKeyStorage(cryptoKeyStore); }
/// <summary> /// Initializes a new instance of the <see cref="StandardRelyingPartyApplicationStore"/> class. /// </summary> public StandardRelyingPartyApplicationStore() { this.nonceStore = new NonceMemoryStore(OpenIdElement.Configuration.MaxAuthenticationTime); this.keyStore = new MemoryCryptoKeyStore(); }
public static IDataBagFormatter <AccessToken> CreateFormatter(ICryptoKeyStore symmetricKeyStore) { return(new UriStyleMessageFormatter <AccessToken>(symmetricKeyStore, bucket: "AccessTokens", signed: true, encrypted: true)); }
/// <summary> /// Initializes a new instance of the <see cref="CryptoKeyStoreAsRelyingPartyAssociationStore"/> class. /// </summary> /// <param name="keyStore">The key store.</param> internal CryptoKeyStoreAsRelyingPartyAssociationStore(ICryptoKeyStore keyStore) { Requires.NotNull(keyStore, "keyStore"); Contract.Ensures(this.keyStore == keyStore); this.keyStore = keyStore; }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdChannel"/> class /// for use by a Relying Party. /// </summary> /// <param name="cryptoKeyStore">The association store to use.</param> /// <param name="nonceStore">The nonce store to use.</param> /// <param name="messageTypeProvider">An object that knows how to distinguish the various OpenID message types for deserialization purposes.</param> /// <param name="securitySettings">The security settings to apply.</param> /// <param name="nonVerifying">A value indicating whether the channel is set up with no functional security binding elements.</param> private OpenIdChannel(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, IMessageFactory messageTypeProvider, RelyingPartySecuritySettings securitySettings, bool nonVerifying) : this(messageTypeProvider, InitializeBindingElements(cryptoKeyStore, nonceStore, securitySettings, nonVerifying)) { Contract.Requires<ArgumentNullException>(messageTypeProvider != null); Contract.Requires<ArgumentNullException>(securitySettings != null); Contract.Requires<ArgumentException>(!nonVerifying || securitySettings is RelyingPartySecuritySettings); }
/// <summary> /// Initializes a new instance of the <see cref="StandardProviderApplicationStore"/> class. /// </summary> public StandardProviderApplicationStore() { this.nonceStore = new NonceMemoryStore(OpenIdElement.Configuration.MaxAuthenticationTime); this.cryptoKeyStore = new MemoryCryptoKeyStore(); }
/// <summary> /// Initializes a new instance of the <see cref="ProviderAssociationHandleEncoder"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> public ProviderAssociationHandleEncoder(ICryptoKeyStore cryptoKeyStore) { Contract.Requires<ArgumentNullException>(cryptoKeyStore != null); this.cryptoKeyStore = cryptoKeyStore; }
/// <summary> /// Initializes a new instance of the <see cref="StandardAccessTokenAnalyzer" /> class. /// </summary> /// <param name="symmetricKeyStore">The symmetric key store.</param> public StandardAccessTokenAnalyzer(ICryptoKeyStore symmetricKeyStore) { Requires.NotNull(symmetricKeyStore, "symmetricKeyStore"); this.SymmetricKeyStore = symmetricKeyStore; }
/// <summary> /// Initializes a new instance of the <see cref="ReturnToSignatureBindingElement"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> internal ReturnToSignatureBindingElement(ICryptoKeyStore cryptoKeyStore) { Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); this.cryptoKeyStore = cryptoKeyStore; }
/// <summary> /// Initializes a new instance of the <see cref="UriStyleMessageFormatter<T>"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store used when signing or encrypting.</param> /// <param name="bucket">The bucket in which symmetric keys are stored for signing/encrypting data.</param> /// <param name="signed">A value indicating whether the data in this instance will be protected against tampering.</param> /// <param name="encrypted">A value indicating whether the data in this instance will be protected against eavesdropping.</param> /// <param name="compressed">A value indicating whether the data in this instance will be GZip'd.</param> /// <param name="minimumAge">The minimum age.</param> /// <param name="maximumAge">The maximum age of a token that can be decoded; useful only when <paramref name="decodeOnceOnly"/> is <c>true</c>.</param> /// <param name="decodeOnceOnly">The nonce store to use to ensure that this instance is only decoded once.</param> protected internal UriStyleMessageFormatter(ICryptoKeyStore cryptoKeyStore = null, string bucket = null, bool signed = false, bool encrypted = false, bool compressed = false, TimeSpan?minimumAge = null, TimeSpan?maximumAge = null, INonceStore decodeOnceOnly = null) : base(cryptoKeyStore, bucket, signed, encrypted, compressed, minimumAge, maximumAge, decodeOnceOnly) { }
/// <summary> /// Creates the formatter used for serialization of this type. /// </summary> /// <param name="cryptoKeyStore">The crypto key store used when signing or encrypting.</param> /// <param name="bucket">The bucket in which symmetric keys are stored for signing/encrypting data.</param> /// <param name="minimumAge">The minimum age.</param> /// <returns> /// A formatter for serialization. /// </returns> internal static IDataBagFormatter<AssociationDataBag> CreateFormatter(ICryptoKeyStore cryptoKeyStore, string bucket, TimeSpan? minimumAge = null) { Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); Requires.NotNullOrEmpty(bucket, "bucket"); Contract.Ensures(Contract.Result<IDataBagFormatter<AssociationDataBag>>() != null); return new BinaryDataBagFormatter<AssociationDataBag>(cryptoKeyStore, bucket, signed: true, encrypted: true, minimumAge: minimumAge); }
/// <summary> /// Initializes a new instance of the <see cref="BinaryDataBagFormatter<T>"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store used when signing or encrypting.</param> /// <param name="bucket">The bucket in which symmetric keys are stored for signing/encrypting data.</param> /// <param name="signed">A value indicating whether the data in this instance will be protected against tampering.</param> /// <param name="encrypted">A value indicating whether the data in this instance will be protected against eavesdropping.</param> /// <param name="compressed">A value indicating whether the data in this instance will be GZip'd.</param> /// <param name="minimumAge">The minimum age.</param> /// <param name="maximumAge">The maximum age of a token that can be decoded; useful only when <paramref name="decodeOnceOnly"/> is <c>true</c>.</param> /// <param name="decodeOnceOnly">The nonce store to use to ensure that this instance is only decoded once.</param> protected internal BinaryDataBagFormatter(ICryptoKeyStore cryptoKeyStore = null, string bucket = null, bool signed = false, bool encrypted = false, bool compressed = false, TimeSpan?minimumAge = null, TimeSpan?maximumAge = null, INonceStore decodeOnceOnly = null) : base(cryptoKeyStore, bucket, signed, encrypted, compressed, minimumAge, maximumAge, decodeOnceOnly) { Requires.True((cryptoKeyStore != null && bucket != null) || (!signed && !encrypted), null); }
/// <summary> /// Initializes a new instance of the <see cref="MemoryCryptoKeyAndNonceStore"/> class. /// </summary> /// <param name="maximumMessageAge">The maximum time to live of a message that might carry a nonce.</param> public MemoryCryptoKeyAndNonceStore(TimeSpan maximumMessageAge) { this.nonceStore = new MemoryNonceStore(maximumMessageAge); this.cryptoKeyStore = new MemoryCryptoKeyStore(); }
/// <summary> /// Creates the formatter used for serialization of this type. /// </summary> /// <param name="cryptoKeyStore">The crypto key store used when signing or encrypting.</param> /// <param name="bucket">The bucket in which symmetric keys are stored for signing/encrypting data.</param> /// <param name="minimumAge">The minimum age.</param> /// <returns> /// A formatter for serialization. /// </returns> internal static IDataBagFormatter<AssociationDataBag> CreateFormatter(ICryptoKeyStore cryptoKeyStore, string bucket, TimeSpan? minimumAge = null) { Contract.Requires<ArgumentNullException>(cryptoKeyStore != null); Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(bucket)); Contract.Ensures(Contract.Result<IDataBagFormatter<AssociationDataBag>>() != null); return new BinaryDataBagFormatter<AssociationDataBag>(cryptoKeyStore, bucket, signed: true, encrypted: true, minimumAge: minimumAge); }
/// <summary> /// Initializes a new instance of the <see cref="UriStyleMessageFormatter<T>"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store used when signing or encrypting.</param> /// <param name="bucket">The bucket in which symmetric keys are stored for signing/encrypting data.</param> /// <param name="signed">A value indicating whether the data in this instance will be protected against tampering.</param> /// <param name="encrypted">A value indicating whether the data in this instance will be protected against eavesdropping.</param> /// <param name="compressed">A value indicating whether the data in this instance will be GZip'd.</param> /// <param name="minimumAge">The minimum age.</param> /// <param name="maximumAge">The maximum age of a token that can be decoded; useful only when <paramref name="decodeOnceOnly"/> is <c>true</c>.</param> /// <param name="decodeOnceOnly">The nonce store to use to ensure that this instance is only decoded once.</param> protected internal UriStyleMessageFormatter(ICryptoKeyStore cryptoKeyStore = null, string bucket = null, bool signed = false, bool encrypted = false, bool compressed = false, TimeSpan?minimumAge = null, TimeSpan?maximumAge = null, INonceStore decodeOnceOnly = null) : base(cryptoKeyStore, bucket, signed, encrypted, compressed, minimumAge, maximumAge, decodeOnceOnly) { Requires.That((cryptoKeyStore != null && !string.IsNullOrEmpty(bucket)) || (!signed && !encrypted), null, "Signing or encryption requires a cryptoKeyStore and bucket."); }
/// <summary> /// Creates a formatter capable of serializing/deserializing a refresh token. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> /// <returns> /// A DataBag formatter. Never null. /// </returns> internal static IDataBagFormatter<RefreshToken> CreateFormatter(ICryptoKeyStore cryptoKeyStore) { Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); return new UriStyleMessageFormatter<RefreshToken>(cryptoKeyStore, RefreshTokenKeyBucket, signed: true, encrypted: true); }
/// <summary> /// Creates a formatter capable of serializing/deserializing a refresh token. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> /// <returns> /// A DataBag formatter. Never null. /// </returns> internal static IDataBagFormatter<RefreshToken> CreateFormatter(ICryptoKeyStore cryptoKeyStore) { Contract.Requires<ArgumentNullException>(cryptoKeyStore != null); Contract.Ensures(Contract.Result<IDataBagFormatter<RefreshToken>>() != null); return new UriStyleMessageFormatter<RefreshToken>(cryptoKeyStore, RefreshTokenKeyBucket, signed: true, encrypted: true); }
/// <summary> /// Initializes a new instance of the <see cref="StandardAccessTokenAnalyzer"/> class. /// </summary> public StandardAccessTokenAnalyzer(ICryptoKeyStore symmetricKeyStore) { Requires.NotNull(symmetricKeyStore, "symmetricKeyStore"); this.SymmetricKeyStore = symmetricKeyStore; }
/// <summary> /// Initializes a new instance of the <see cref="ProviderAssociationHandleEncoder"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> public ProviderAssociationHandleEncoder(ICryptoKeyStore cryptoKeyStore) { Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); this.cryptoKeyStore = cryptoKeyStore; }
/// <summary> /// Initializes a new instance of the <see cref="ReturnToSignatureBindingElement"/> class. /// </summary> /// <param name="cryptoKeyStore">The crypto key store.</param> internal ReturnToSignatureBindingElement(ICryptoKeyStore cryptoKeyStore) { Contract.Requires<ArgumentNullException>(cryptoKeyStore != null); this.cryptoKeyStore = cryptoKeyStore; }
/// <summary> /// Initializes a new instance of the <see cref="StandardProviderApplicationStore"/> class. /// </summary> public StandardProviderApplicationStore() { this.nonceStore = new NonceMemoryStore(DotNetOpenAuthSection.Configuration.OpenId.MaxAuthenticationTime); this.cryptoKeyStore = new MemoryCryptoKeyStore(); }
public NoAuthAuthorizationServer(ICryptoKeyStore cryptoStore, INonceStore nonceStore) { CryptoKeyStore = cryptoStore; NonceStore = nonceStore; }
public static IDataBagFormatter <RefreshToken> CreateFormatter(ICryptoKeyStore cryptoKeyStore) { return(new UriStyleMessageFormatter <RefreshToken>(cryptoKeyStore, RefreshTokenKeyBucket, signed: true, encrypted: true)); }