private OpenIdRelyingParty(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, IHostFactories hostFactories)
{
// If we are a smart-mode RP (supporting associations), then we MUST also be
// capable of storing nonces to prevent replay attacks.
// If we're a dumb-mode RP, then 2.0 OPs are responsible for preventing replays.
Requires.That(cryptoKeyStore == null || nonceStore != null, null, OpenIdStrings.AssociationStoreRequiresNonceStore);
this.securitySettings = OpenIdElement.Configuration.RelyingParty.SecuritySettings.CreateSecuritySettings();
this.behaviors.CollectionChanged += this.OnBehaviorsChanged;
foreach (var behavior in OpenIdElement.Configuration.RelyingParty.Behaviors.CreateInstances(false, null))
{
this.behaviors.Add(behavior);
}
// Without a nonce store, we must rely on the Provider to protect against
// replay attacks. But only 2.0+ Providers can be expected to provide
// replay protection.
if (nonceStore == null &&
this.SecuritySettings.ProtectDownlevelReplayAttacks &&
this.SecuritySettings.MinimumRequiredOpenIdVersion < ProtocolVersion.V20)
{
Logger.OpenId.Warn("Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.");
this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20;
}
this.channel = new OpenIdRelyingPartyChannel(cryptoKeyStore, nonceStore, this.SecuritySettings, hostFactories);
var associationStore = cryptoKeyStore != null ? new CryptoKeyStoreAsRelyingPartyAssociationStore(cryptoKeyStore) : null;
this.AssociationManager = new AssociationManager(this.Channel, associationStore, this.SecuritySettings);
this.discoveryServices = new IdentifierDiscoveryServices(this);
Reporting.RecordFeatureAndDependencyUse(this, cryptoKeyStore, nonceStore);
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdProvider"/> class.
/// </summary>
/// <param name="nonceStore">The nonce store to use. Cannot be null.</param>
/// <param name="cryptoKeyStore">The crypto key store. Cannot be null.</param>
private OpenIdProvider(INonceStore nonceStore, ICryptoKeyStore cryptoKeyStore) {
Requires.NotNull(nonceStore, "nonceStore");
Requires.NotNull(cryptoKeyStore, "cryptoKeyStore");
this.SecuritySettings = OpenIdElement.Configuration.Provider.SecuritySettings.CreateSecuritySettings();
this.behaviors.CollectionChanged += this.OnBehaviorsChanged;
foreach (var behavior in OpenIdElement.Configuration.Provider.Behaviors.CreateInstances(false)) {
this.behaviors.Add(behavior);
}
this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings);
this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings);
this.CryptoKeyStore = cryptoKeyStore;
this.discoveryServices = new IdentifierDiscoveryServices(this);
Reporting.RecordFeatureAndDependencyUse(this, nonceStore);
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdProvider" /> class.
/// </summary>
/// <param name="nonceStore">The nonce store to use. Cannot be null.</param>
/// <param name="cryptoKeyStore">The crypto key store. Cannot be null.</param>
/// <param name="hostFactories">The host factories.</param>
private OpenIdProvider(INonceStore nonceStore, ICryptoKeyStore cryptoKeyStore, IHostFactories hostFactories)
{
Requires.NotNull(nonceStore, "nonceStore");
Requires.NotNull(cryptoKeyStore, "cryptoKeyStore");
this.SecuritySettings = OpenIdElement.Configuration.Provider.SecuritySettings.CreateSecuritySettings();
this.behaviors.CollectionChanged += this.OnBehaviorsChanged;
foreach (var behavior in OpenIdElement.Configuration.Provider.Behaviors.CreateInstances(false, null))
{
this.behaviors.Add(behavior);
}
this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings);
this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings, hostFactories);
this.CryptoKeyStore = cryptoKeyStore;
this.discoveryServices = new IdentifierDiscoveryServices(this);
Reporting.RecordFeatureAndDependencyUse(this, nonceStore);
}
