/// <summary>
        /// Initializes a new instance of the <see cref="HostProcessedRequest"/> class.
        /// </summary>
        /// <param name="provider">The provider that received the request.</param>
        /// <param name="request">The incoming request message.</param>
        protected HostProcessedRequest(OpenIdProvider provider, SignedResponseRequest request)
            : base(request, provider.SecuritySettings)
        {
            Contract.Requires(provider != null);

            this.negativeResponse = new NegativeAssertionResponse(request, provider.Channel);
        }
		internal AnonymousRequest(OpenIdProvider provider, SignedResponseRequest request)
			: base(provider, request) {
			Contract.Requires<ArgumentNullException>(provider != null);
			Contract.Requires<ArgumentException>(!(request is CheckIdRequest), "Instantiate " + typeof(AuthenticationRequest).Name + " to handle this kind of message.");

			this.positiveResponse = new IndirectSignedResponse(request);
		}
Esempio n. 3
0
		internal AnonymousRequest(OpenIdProvider provider, SignedResponseRequest request)
			: base(provider, request) {
			Contract.Requires<ArgumentNullException>(provider != null);
			Contract.Requires<ArgumentException>(!(request is CheckIdRequest));

			this.positiveResponse = new IndirectSignedResponse(request);
		}
		/// <summary>
		/// Initializes a new instance of the <see cref="HostProcessedRequest"/> class.
		/// </summary>
		/// <param name="provider">The provider that received the request.</param>
		/// <param name="request">The incoming request message.</param>
		protected HostProcessedRequest(OpenIdProvider provider, SignedResponseRequest request)
			: base(request, provider.SecuritySettings) {
			Requires.NotNull(provider, "provider");

			this.SharedInitialization(provider);
			Reporting.RecordEventOccurrence(this, request.Realm);
		}
		/// <summary>
		/// Initializes a new instance of the <see cref="HostProcessedRequest"/> class.
		/// </summary>
		/// <param name="provider">The provider that received the request.</param>
		/// <param name="request">The incoming request message.</param>
		protected HostProcessedRequest(OpenIdProvider provider, SignedResponseRequest request)
			: base(request, provider.SecuritySettings) {
			Contract.Requires<ArgumentNullException>(provider != null);

			this.negativeResponse = new NegativeAssertionResponse(request, provider.Channel);
			Reporting.RecordEventOccurrence(this, request.Realm);
		}
		/// <summary>
		/// Initializes a new instance of the <see cref="HostProcessedRequest"/> class.
		/// </summary>
		/// <param name="provider">The provider that received the request.</param>
		/// <param name="request">The incoming request message.</param>
		protected HostProcessedRequest(OpenIdProvider provider, SignedResponseRequest request)
			: base(request, provider.SecuritySettings) {
			Requires.NotNull(provider, "provider");

			this.negativeResponse = new NegativeAssertionResponse(request, provider.Channel);
			Reporting.RecordEventOccurrence(this, request.Realm);
		}
        /// <summary>
        /// Initializes a new instance of the <see cref="IndirectResponseBase"/> class.
        /// </summary>
        /// <param name="request">The request that caused this response message to be constructed.</param>
        /// <param name="mode">The value of the openid.mode parameter.</param>
        protected IndirectResponseBase(SignedResponseRequest request, string mode)
            : base(GetVersion(request), GetReturnTo(request), mode, MessageTransport.Indirect)
        {
            ErrorUtilities.VerifyArgumentNotNull(request, "request");

            this.OriginatingRequest = request;
        }
Esempio n. 8
0
        /// <summary>
        /// Initializes a new instance of the <see cref="IndirectResponseBase"/> class.
        /// </summary>
        /// <param name="request">The request that caused this response message to be constructed.</param>
        /// <param name="mode">The value of the openid.mode parameter.</param>
        internal IndirectResponseBase(SignedResponseRequest request, string mode)
            : base(GetVersion(request), GetReturnTo(request), mode, MessageTransport.Indirect)
        {
            Requires.NotNull(request, "request");

            this.OriginatingRequest = request;
        }
Esempio n. 9
0
		internal AnonymousRequest(OpenIdProvider provider, SignedResponseRequest request)
			: base(provider, request) {
			Requires.NotNull(provider, "provider");
			Requires.True(!(request is CheckIdRequest), "request");

			this.positiveResponse = new IndirectSignedResponse(request);
		}
		public override void SetUp() {
			base.SetUp();

			this.providerEndpoint = new Uri("http://host");

			this.immediatev1 = new SignedResponseRequest(Protocol.V11.Version, this.providerEndpoint, AuthenticationRequestMode.Immediate);
			this.setupv1 = new SignedResponseRequest(Protocol.V11.Version, this.providerEndpoint, AuthenticationRequestMode.Setup);

			this.immediatev2 = new SignedResponseRequest(Protocol.V20.Version, this.providerEndpoint, AuthenticationRequestMode.Immediate);
			this.setupv2 = new SignedResponseRequest(Protocol.V20.Version, this.providerEndpoint, AuthenticationRequestMode.Setup);

			// Prepare all message versions so that they SHOULD be valid by default.
			// In particular, V1 messages require ReturnTo.
			this.immediatev1.ReturnTo = new Uri("http://returnto/");
			this.setupv1.ReturnTo = new Uri("http://returnto/");

			try {
				this.immediatev1.EnsureValidMessage();
				this.setupv1.EnsureValidMessage();
				this.immediatev2.EnsureValidMessage();
				this.setupv2.EnsureValidMessage();
			} catch (ProtocolException ex) {
				Assert.Inconclusive("All messages ought to be valid before tests run, but got: {0}", ex.Message);
			}
		}
        /// <summary>
        /// Initializes a new instance of the <see cref="IndirectResponseBase"/> class.
        /// </summary>
        /// <param name="request">The request that caused this response message to be constructed.</param>
        /// <param name="mode">The value of the openid.mode parameter.</param>
        protected IndirectResponseBase(SignedResponseRequest request, string mode)
            : base(GetVersion(request), GetReturnTo(request), mode, MessageTransport.Indirect)
        {
            ErrorUtilities.VerifyArgumentNotNull(request, "request");

            this.OriginatingRequest = request;
        }
Esempio n. 12
0
        /// <summary>
        /// Initializes a new instance of the <see cref="IndirectResponseBase"/> class.
        /// </summary>
        /// <param name="request">The request that caused this response message to be constructed.</param>
        /// <param name="mode">The value of the openid.mode parameter.</param>
        protected IndirectResponseBase(SignedResponseRequest request, string mode)
            : base(GetVersion(request), GetReturnTo(request), mode, MessageTransport.Indirect)
        {
            Contract.Requires <ArgumentNullException>(request != null);

            this.OriginatingRequest = request;
        }
Esempio n. 13
0
        /// <summary>
        /// Gets the value for the openid.mode that is appropriate for this response.
        /// </summary>
        /// <param name="request">The request that we're responding to.</param>
        /// <returns>The value of the openid.mode parameter to use.</returns>
        private static string GetMode(SignedResponseRequest request)
        {
            Requires.NotNull(request, "request");

            Protocol protocol = Protocol.Lookup(request.Version);

            return(request.Immediate ? protocol.Args.Mode.setup_needed : protocol.Args.Mode.cancel);
        }
        /// <summary>
        /// Gets the value for the openid.mode that is appropriate for this response.
        /// </summary>
        /// <param name="request">The request that we're responding to.</param>
        /// <returns>The value of the openid.mode parameter to use.</returns>
        private static string GetMode(SignedResponseRequest request)
        {
            Contract.Requires <ArgumentNullException>(request != null);

            Protocol protocol = Protocol.Lookup(request.Version);

            return(request.Immediate ? protocol.Args.Mode.setup_needed : protocol.Args.Mode.cancel);
        }
Esempio n. 15
0
		/// <summary>
		/// Initializes a new instance of the <see cref="IndirectSignedResponse"/> class.
		/// </summary>
		/// <param name="request">
		/// The authentication request that caused this assertion to be generated.
		/// </param>
		internal IndirectSignedResponse(SignedResponseRequest request)
			: base(request, Protocol.Lookup(GetVersion(request)).Args.Mode.id_res) {
			Requires.NotNull(request, "request");

			this.ReturnTo = request.ReturnTo;
			this.ProviderEndpoint = request.Recipient.StripQueryArgumentsWithPrefix(Protocol.openid.Prefix);
			((ITamperResistantOpenIdMessage)this).AssociationHandle = request.AssociationHandle;
		}
		/// <summary>
		/// Initializes a new instance of the <see cref="IndirectSignedResponse"/> class.
		/// </summary>
		/// <param name="request">
		/// The authentication request that caused this assertion to be generated.
		/// </param>
		internal IndirectSignedResponse(SignedResponseRequest request)
			: base(request, Protocol.Lookup(GetVersion(request)).Args.Mode.id_res) {
			Contract.Requires<ArgumentNullException>(request != null);

			this.ReturnTo = request.ReturnTo;
			this.ProviderEndpoint = request.Recipient.StripQueryArgumentsWithPrefix(Protocol.openid.Prefix);
			((ITamperResistantOpenIdMessage)this).AssociationHandle = request.AssociationHandle;
		}
        /// <summary>
        /// Initializes a new instance of the <see cref="IndirectSignedResponse"/> class.
        /// </summary>
        /// <param name="request">
        /// The authentication request that caused this assertion to be generated.
        /// </param>
        internal IndirectSignedResponse(SignedResponseRequest request)
            : base(request, Protocol.Lookup(GetVersion(request)).Args.Mode.id_res)
        {
            ErrorUtilities.VerifyArgumentNotNull(request, "request");

            this.ReturnTo = request.ReturnTo;
            this.ProviderEndpoint = request.Recipient.StripQueryArgumentsWithPrefix(Protocol.openid.Prefix);
            ((ITamperResistantOpenIdMessage)this).AssociationHandle = request.AssociationHandle;
        }
		/// <summary>
		/// Initializes a new instance of the <see cref="NegativeAssertionResponse"/> class.
		/// </summary>
		/// <param name="request">The request that the relying party sent.</param>
		/// <param name="channel">The channel to use to simulate construction of the user_setup_url, if applicable.  May be null, but the user_setup_url will not be constructed.</param>
		internal NegativeAssertionResponse(SignedResponseRequest request, Channel channel)
			: base(request, GetMode(request)) {
			// If appropriate, and when we're provided with a channel to do it,
			// go ahead and construct the user_setup_url
			if (this.Version.Major < 2 && request.Immediate && channel != null) {
				// All requests are CheckIdRequests in OpenID 1.x, so this cast should be safe.
				this.UserSetupUrl = ConstructUserSetupUrl((CheckIdRequest)request, channel);
			}
		}
Esempio n. 19
0
        /// <summary>
        /// Analyzes an incoming request message payload to discover what kind of
        /// message is embedded in it and returns the type, or null if no match is found.
        /// </summary>
        /// <param name="recipient">The intended or actual recipient of the request message.</param>
        /// <param name="fields">The name/value pairs that make up the message payload.</param>
        /// <returns>
        /// A newly instantiated <see cref="IProtocolMessage"/>-derived object that this message can
        /// deserialize to.  Null if the request isn't recognized as a valid protocol message.
        /// </returns>
        public IDirectedProtocolMessage GetNewRequestMessage(MessageReceivingEndpoint recipient, IDictionary<string, string> fields)
        {
            ErrorUtilities.VerifyArgumentNotNull(recipient, "recipient");
            ErrorUtilities.VerifyArgumentNotNull(fields, "fields");

            RequestBase message = null;

            // Discern the OpenID version of the message.
            Protocol protocol = Protocol.V11;
            string ns;
            if (fields.TryGetValue(Protocol.V20.openid.ns, out ns)) {
                ErrorUtilities.VerifyProtocol(string.Equals(ns, Protocol.OpenId2Namespace, StringComparison.Ordinal), MessagingStrings.UnexpectedMessagePartValue, Protocol.V20.openid.ns, ns);
                protocol = Protocol.V20;
            }

            string mode;
            if (fields.TryGetValue(protocol.openid.mode, out mode)) {
                if (string.Equals(mode, protocol.Args.Mode.associate)) {
                    if (fields.ContainsKey(protocol.openid.dh_consumer_public)) {
                        message = new AssociateDiffieHellmanRequest(protocol.Version, recipient.Location);
                    } else {
                        message = new AssociateUnencryptedRequest(protocol.Version, recipient.Location);
                    }
                } else if (string.Equals(mode, protocol.Args.Mode.checkid_setup) ||
                    string.Equals(mode, protocol.Args.Mode.checkid_immediate)) {
                    AuthenticationRequestMode authMode = string.Equals(mode, protocol.Args.Mode.checkid_immediate) ? AuthenticationRequestMode.Immediate : AuthenticationRequestMode.Setup;
                    if (fields.ContainsKey(protocol.openid.identity)) {
                        message = new CheckIdRequest(protocol.Version, recipient.Location, authMode);
                    } else {
                        ErrorUtilities.VerifyProtocol(!fields.ContainsKey(protocol.openid.claimed_id), OpenIdStrings.IdentityAndClaimedIdentifierMustBeBothPresentOrAbsent);
                        message = new SignedResponseRequest(protocol.Version, recipient.Location, authMode);
                    }
                } else if (string.Equals(mode, protocol.Args.Mode.cancel) ||
                    (string.Equals(mode, protocol.Args.Mode.setup_needed) && (protocol.Version.Major >= 2 || fields.ContainsKey(protocol.openid.user_setup_url)))) {
                    message = new NegativeAssertionResponse(protocol.Version, recipient.Location, mode);
                } else if (string.Equals(mode, protocol.Args.Mode.id_res)) {
                    if (fields.ContainsKey(protocol.openid.identity)) {
                        message = new PositiveAssertionResponse(protocol.Version, recipient.Location);
                    } else {
                        ErrorUtilities.VerifyProtocol(!fields.ContainsKey(protocol.openid.claimed_id), OpenIdStrings.IdentityAndClaimedIdentifierMustBeBothPresentOrAbsent);
                        message = new IndirectSignedResponse(protocol.Version, recipient.Location);
                    }
                } else if (string.Equals(mode, protocol.Args.Mode.check_authentication)) {
                    message = new CheckAuthenticationRequest(protocol.Version, recipient.Location);
                } else if (string.Equals(mode, protocol.Args.Mode.error)) {
                    message = new IndirectErrorResponse(protocol.Version, recipient.Location);
                } else {
                    ErrorUtilities.ThrowProtocol(MessagingStrings.UnexpectedMessagePartValue, protocol.openid.mode, mode);
                }
            }

            if (message != null) {
                message.SetAsIncoming();
            }

            return message;
        }
Esempio n. 20
0
        internal AnonymousRequest(OpenIdProvider provider, SignedResponseRequest request)
            : base(provider, request)
        {
            Contract.Requires(provider != null);
            Contract.Requires(!(request is CheckIdRequest), "Instantiate " + typeof(AuthenticationRequest).Name + " to handle this kind of message.");
            ErrorUtilities.VerifyInternal(!(request is CheckIdRequest), "Instantiate {0} to handle this kind of message.", typeof(AuthenticationRequest).Name);

            this.positiveResponse = new IndirectSignedResponse(request);
        }
 /// <summary>
 /// Initializes a new instance of the <see cref="NegativeAssertionResponse"/> class.
 /// </summary>
 /// <param name="request">The request that the relying party sent.</param>
 /// <param name="channel">The channel to use to simulate construction of the user_setup_url, if applicable.  May be null, but the user_setup_url will not be constructed.</param>
 internal NegativeAssertionResponse(SignedResponseRequest request, Channel channel)
     : base(request, GetMode(request))
 {
     // If appropriate, and when we're provided with a channel to do it,
     // go ahead and construct the user_setup_url
     if (this.Version.Major < 2 && request.Immediate && channel != null)
     {
         // All requests are CheckIdRequests in OpenID 1.x, so this cast should be safe.
         this.UserSetupUrl = ConstructUserSetupUrl((CheckIdRequest)request, channel);
     }
 }
Esempio n. 22
0
        /// <summary>
        /// Initializes a new instance of the <see cref="NegativeAssertionResponse" /> class.
        /// </summary>
        /// <param name="request">The request that the relying party sent.</param>
        /// <param name="cancellationToken">The cancellation token.</param>
        /// <param name="channel">The channel to use to simulate construction of the user_setup_url, if applicable.  May be null, but the user_setup_url will not be constructed.</param>
        /// <returns>The negative assertion message that will indicate failure for the user to authenticate or an unwillingness to log into the relying party.</returns>
        internal static async Task <NegativeAssertionResponse> CreateAsync(SignedResponseRequest request, CancellationToken cancellationToken, Channel channel = null)
        {
            var result = new NegativeAssertionResponse(request);

            // If appropriate, and when we're provided with a channel to do it,
            // go ahead and construct the user_setup_url
            if (result.Version.Major < 2 && request.Immediate && channel != null)
            {
                // All requests are CheckIdRequests in OpenID 1.x, so this cast should be safe.
                result.UserSetupUrl = await ConstructUserSetupUrlAsync((CheckIdRequest)request, channel, cancellationToken);
            }

            return(result);
        }
Esempio n. 23
0
		public void ExtensionOnlyChannelLevel() {
			Protocol protocol = Protocol.V20;
			AuthenticationRequestMode mode = AuthenticationRequestMode.Setup;

			var coordinator = new OpenIdCoordinator(
				rp => {
					var request = new SignedResponseRequest(protocol.Version, OPUri, mode);
					rp.Channel.Respond(request);
				},
				op => {
					var request = op.Channel.ReadFromRequest<SignedResponseRequest>();
					Assert.IsNotInstanceOf<CheckIdRequest>(request);
				});
			coordinator.Run();
		}
		public void Serializable() {
			var op = CreateProvider();
			Protocol protocol = Protocol.V20;
			var req = new SignedResponseRequest(protocol.Version, OPUri, AuthenticationRequestMode.Setup);
			req.ReturnTo = RPUri;
			var anonReq = new AnonymousRequest(op, req);

			MemoryStream ms = new MemoryStream();
			IFormatter formatter = new BinaryFormatter();
			formatter.Serialize(ms, anonReq);

			ms.Position = 0;
			var req2 = (AnonymousRequest)formatter.Deserialize(ms);
			Assert.That(req2, Is.Not.Null);
		}
		public async Task IsApprovedDeterminesReturnedMessage() {
			var op = CreateProvider();
			Protocol protocol = Protocol.V20;
			var req = new SignedResponseRequest(protocol.Version, OPUri, AuthenticationRequestMode.Setup);
			req.ReturnTo = RPUri;
			var anonReq = new AnonymousRequest(op, req);

			Assert.IsFalse(anonReq.IsApproved.HasValue);

			anonReq.IsApproved = false;
			Assert.IsInstanceOf<NegativeAssertionResponse>(await anonReq.GetResponseAsync(CancellationToken.None));

			anonReq.IsApproved = true;
			Assert.IsInstanceOf<IndirectSignedResponse>(await anonReq.GetResponseAsync(CancellationToken.None));
			Assert.IsNotInstanceOf<PositiveAssertionResponse>(await anonReq.GetResponseAsync(CancellationToken.None));
		}
Esempio n. 26
0
        public void IsApprovedDeterminesReturnedMessage()
        {
            var op = CreateProvider();
            Protocol protocol = Protocol.V20;
            var req = new SignedResponseRequest(protocol.Version, OPUri, AuthenticationRequestMode.Setup);
            req.ReturnTo = RPUri;
            var anonReq = new AnonymousRequest(op, req);

            Assert.IsFalse(anonReq.IsApproved.HasValue);

            anonReq.IsApproved = false;
            Assert.IsInstanceOfType(anonReq.Response, typeof(NegativeAssertionResponse));

            anonReq.IsApproved = true;
            Assert.IsInstanceOfType(anonReq.Response, typeof(IndirectSignedResponse));
            Assert.IsNotInstanceOfType(anonReq.Response, typeof(PositiveAssertionResponse));
        }
Esempio n. 27
0
		public async Task ExtensionOnlyChannelLevel() {
			Protocol protocol = Protocol.V20;
			var mode = AuthenticationRequestMode.Setup;

			HandleProvider(
				async (op, req) => {
					var request = await op.Channel.ReadFromRequestAsync<SignedResponseRequest>(req, CancellationToken.None);
					Assert.IsNotInstanceOf<CheckIdRequest>(request);
					return new HttpResponseMessage();
				});

			{
				var rp = this.CreateRelyingParty();
				var request = new SignedResponseRequest(protocol.Version, OPUri, mode);
				var authRequest = await rp.Channel.PrepareResponseAsync(request);
				using (var httpClient = rp.Channel.HostFactories.CreateHttpClient()) {
					using (var response = await httpClient.GetAsync(authRequest.Headers.Location)) {
						response.EnsureSuccessStatusCode();
					}
				}
			}
		}
 /// <summary>
 /// Initializes a new instance of the <see cref="IndirectErrorResponse"/> class.
 /// </summary>
 /// <param name="request">The request that resulted in this error on the Provider.</param>
 internal IndirectErrorResponse(SignedResponseRequest request)
     : base(request, Protocol.Lookup(GetVersion(request)).openidnp.error)
 {
 }
		/// <summary>
		/// Initializes a new instance of the <see cref="NegativeAssertionResponse" /> class.
		/// </summary>
		/// <param name="request">The request that the relying party sent.</param>
		/// <param name="cancellationToken">The cancellation token.</param>
		/// <param name="channel">The channel to use to simulate construction of the user_setup_url, if applicable.  May be null, but the user_setup_url will not be constructed.</param>
		/// <returns>The negative assertion message that will indicate failure for the user to authenticate or an unwillingness to log into the relying party.</returns>
		internal static async Task<NegativeAssertionResponse> CreateAsync(SignedResponseRequest request, CancellationToken cancellationToken, Channel channel = null) {
			var result = new NegativeAssertionResponse(request);

			// If appropriate, and when we're provided with a channel to do it,
			// go ahead and construct the user_setup_url
			if (result.Version.Major < 2 && request.Immediate && channel != null) {
				// All requests are CheckIdRequests in OpenID 1.x, so this cast should be safe.
				result.UserSetupUrl = await ConstructUserSetupUrlAsync((CheckIdRequest)request, channel, cancellationToken);
			}

			return result;
		}
Esempio n. 30
0
 /// <summary>
 /// Gets the <see cref="SignedResponseRequest.ReturnTo"/> property of a message.
 /// </summary>
 /// <param name="message">The message to fetch the ReturnTo from.</param>
 /// <returns>The value of the <see cref="SignedResponseRequest.ReturnTo"/> property.</returns>
 /// <remarks>
 /// This method can be used by a constructor to throw an <see cref="ArgumentNullException"/>
 /// instead of a <see cref="NullReferenceException"/>.
 /// </remarks>
 private static Uri GetReturnTo(SignedResponseRequest message)
 {
     Requires.NotNull(message, "message");
     ErrorUtilities.VerifyProtocol(message.ReturnTo != null, OpenIdStrings.ReturnToRequiredForResponse);
     return(message.ReturnTo);
 }
		/// <summary>
		/// Initializes a new instance of the <see cref="NegativeAssertionResponse"/> class.
		/// </summary>
		/// <param name="request">The request.</param>
		internal NegativeAssertionResponse(SignedResponseRequest request)
			: base(request, GetMode(request)) {
		}
Esempio n. 32
0
 /// <summary>
 /// Initializes a new instance of the <see cref="NegativeAssertionResponse"/> class.
 /// </summary>
 /// <param name="request">The request.</param>
 internal NegativeAssertionResponse(SignedResponseRequest request)
     : base(request, GetMode(request))
 {
 }
Esempio n. 33
0
		/// <summary>
		/// Determines whether the relying party sending an authentication request is
		/// vulnerable to replay attacks.
		/// </summary>
		/// <param name="request">The request message from the Relying Party.  Useful, but may be null for conservative estimate results.</param>
		/// <param name="response">The response message to be signed.</param>
		/// <returns>
		/// 	<c>true</c> if the relying party is vulnerable; otherwise, <c>false</c>.
		/// </returns>
		private static bool IsRelyingPartyVulnerableToReplays(SignedResponseRequest request, IndirectSignedResponse response) {
			Contract.Requires<ArgumentNullException>(response != null);

			// OpenID 2.0 includes replay protection as part of the protocol.
			if (response.Version.Major >= 2) {
				return false;
			}

			// This library's RP may be on the remote end, and may be using 1.x merely because
			// discovery on the Claimed Identifier suggested this was a 1.x OP.  
			// Since this library's RP has a built-in request_nonce parameter for replay
			// protection, we'll allow for that.
			var returnToArgs = HttpUtility.ParseQueryString(response.ReturnTo.Query);
			if (!string.IsNullOrEmpty(returnToArgs[ReturnToNonceBindingElement.NonceParameter])) {
				return false;
			}

			// If the OP endpoint _AND_ RP return_to URL uses HTTPS then no one
			// can steal and replay the positive assertion.
			// We can only ascertain this if the request message was handed to us
			// so we know what our own OP endpoint is.  If we don't have a request
			// message, then we'll default to assuming it's insecure.
			if (request != null) {
				if (request.Recipient.IsTransportSecure() && response.Recipient.IsTransportSecure()) {
					return false;
				}
			}

			// Nothing left to protect against replays.  RP is vulnerable.
			return true;
		}
Esempio n. 34
0
 /// <summary>
 /// Initializes a new instance of the <see cref="IndirectErrorResponse"/> class.
 /// </summary>
 /// <param name="request">The request that resulted in this error on the Provider.</param>
 internal IndirectErrorResponse(SignedResponseRequest request)
     : base(request, Protocol.Lookup(GetVersion(request)).openidnp.error)
 {
 }
		/// <summary>
		/// Creates the request message to send to the Provider,
		/// based on the properties in this instance.
		/// </summary>
		/// <param name="cancellationToken">The cancellation token.</param>
		/// <returns>
		/// The message to send to the Provider.
		/// </returns>
		private async Task<SignedResponseRequest> CreateRequestMessageAsync(CancellationToken cancellationToken) {
			Association association = await this.GetAssociationAsync(cancellationToken);

			SignedResponseRequest request;
			if (!this.IsExtensionOnly) {
				CheckIdRequest authRequest = new CheckIdRequest(this.DiscoveryResult.Version, this.DiscoveryResult.ProviderEndpoint, this.Mode);
				authRequest.ClaimedIdentifier = this.DiscoveryResult.ClaimedIdentifier;
				authRequest.LocalIdentifier = this.DiscoveryResult.ProviderLocalIdentifier;
				request = authRequest;
			} else {
				request = new SignedResponseRequest(this.DiscoveryResult.Version, this.DiscoveryResult.ProviderEndpoint, this.Mode);
			}
			request.Realm = this.Realm;
			request.ReturnTo = this.ReturnToUrl;
			request.AssociationHandle = association != null ? association.Handle : null;
			request.SignReturnTo = this.returnToArgsMustBeSigned;
			request.AddReturnToArguments(this.returnToArgs);
			if (this.DiscoveryResult.UserSuppliedIdentifier != null && OpenIdElement.Configuration.RelyingParty.PreserveUserSuppliedIdentifier) {
				request.AddReturnToArguments(UserSuppliedIdentifierParameterName, this.DiscoveryResult.UserSuppliedIdentifier.OriginalString);
			}
			foreach (IOpenIdMessageExtension extension in this.extensions) {
				request.Extensions.Add(extension);
			}

			return request;
		}
 /// <summary>
 /// Gets the <see cref="SignedResponseRequest.ReturnTo"/> property of a message.
 /// </summary>
 /// <param name="message">The message to fetch the ReturnTo from.</param>
 /// <returns>The value of the <see cref="SignedResponseRequest.ReturnTo"/> property.</returns>
 /// <remarks>
 /// This method can be used by a constructor to throw an <see cref="ArgumentNullException"/>
 /// instead of a <see cref="NullReferenceException"/>.
 /// </remarks>
 private static Uri GetReturnTo(SignedResponseRequest message)
 {
     ErrorUtilities.VerifyArgumentNotNull(message, "message");
     ErrorUtilities.VerifyProtocol(message.ReturnTo != null, OpenIdStrings.ReturnToRequiredForResponse);
     return message.ReturnTo;
 }
Esempio n. 37
0
		/// <summary>
		/// Gets the <see cref="SignedResponseRequest.ReturnTo"/> property of a message.
		/// </summary>
		/// <param name="message">The message to fetch the ReturnTo from.</param>
		/// <returns>The value of the <see cref="SignedResponseRequest.ReturnTo"/> property.</returns>
		/// <remarks>
		/// This method can be used by a constructor to throw an <see cref="ArgumentNullException"/>
		/// instead of a <see cref="NullReferenceException"/>.
		/// </remarks>
		private static Uri GetReturnTo(SignedResponseRequest message) {
			Contract.Requires<ArgumentNullException>(message != null);
			ErrorUtilities.VerifyProtocol(message.ReturnTo != null, OpenIdStrings.ReturnToRequiredForResponse);
			return message.ReturnTo;
		}
Esempio n. 38
0
		/// <summary>
		/// Initializes a new instance of the <see cref="IndirectResponseBase"/> class.
		/// </summary>
		/// <param name="request">The request that caused this response message to be constructed.</param>
		/// <param name="mode">The value of the openid.mode parameter.</param>
		protected IndirectResponseBase(SignedResponseRequest request, string mode)
			: base(GetVersion(request), GetReturnTo(request), mode, MessageTransport.Indirect) {
			Contract.Requires<ArgumentNullException>(request != null);

			this.OriginatingRequest = request;
		}
		/// <summary>
		/// Gets the value for the openid.mode that is appropriate for this response.
		/// </summary>
		/// <param name="request">The request that we're responding to.</param>
		/// <returns>The value of the openid.mode parameter to use.</returns>
		private static string GetMode(SignedResponseRequest request) {
			Requires.NotNull(request, "request");

			Protocol protocol = Protocol.Lookup(request.Version);
			return request.Immediate ? protocol.Args.Mode.setup_needed : protocol.Args.Mode.cancel;
		}
Esempio n. 40
0
 /// <summary>
 /// Gets the <see cref="SignedResponseRequest.ReturnTo"/> property of a message.
 /// </summary>
 /// <param name="message">The message to fetch the ReturnTo from.</param>
 /// <returns>The value of the <see cref="SignedResponseRequest.ReturnTo"/> property.</returns>
 /// <remarks>
 /// This method can be used by a constructor to throw an <see cref="ArgumentNullException"/>
 /// instead of a <see cref="NullReferenceException"/>.
 /// </remarks>
 private static Uri GetReturnTo(SignedResponseRequest message)
 {
     Contract.Requires <ArgumentNullException>(message != null);
     ErrorUtilities.VerifyProtocol(message.ReturnTo != null, OpenIdStrings.ReturnToRequiredForResponse);
     return(message.ReturnTo);
 }
		/// <summary>
		/// Gets the value for the openid.mode that is appropriate for this response.
		/// </summary>
		/// <param name="request">The request that we're responding to.</param>
		/// <returns>The value of the openid.mode parameter to use.</returns>
		private static string GetMode(SignedResponseRequest request) {
			Contract.Requires<ArgumentNullException>(request != null);

			Protocol protocol = Protocol.Lookup(request.Version);
			return request.Immediate ? protocol.Args.Mode.setup_needed : protocol.Args.Mode.cancel;
		}
		/// <summary>
		/// Creates the request message to send to the Provider,
		/// based on the properties in this instance.
		/// </summary>
		/// <returns>The message to send to the Provider.</returns>
		private SignedResponseRequest CreateRequestMessage() {
			Association association = this.GetAssociation();

			SignedResponseRequest request;
			if (!this.IsExtensionOnly) {
				CheckIdRequest authRequest = new CheckIdRequest(this.DiscoveryResult.Version, this.DiscoveryResult.ProviderEndpoint, this.Mode);
				authRequest.ClaimedIdentifier = this.DiscoveryResult.ClaimedIdentifier;
				authRequest.LocalIdentifier = this.DiscoveryResult.ProviderLocalIdentifier;
				request = authRequest;
			} else {
				request = new SignedResponseRequest(this.DiscoveryResult.Version, this.DiscoveryResult.ProviderEndpoint, this.Mode);
			}
			request.Realm = this.Realm;
			request.ReturnTo = this.ReturnToUrl;
			request.AssociationHandle = association != null ? association.Handle : null;
			request.SignReturnTo = this.returnToArgsMustBeSigned;
			request.AddReturnToArguments(this.returnToArgs);
			if (this.DiscoveryResult.UserSuppliedIdentifier != null) {
				request.AddReturnToArguments(UserSuppliedIdentifierParameterName, this.DiscoveryResult.UserSuppliedIdentifier.OriginalString);
			}
			foreach (IOpenIdMessageExtension extension in this.extensions) {
				request.Extensions.Add(extension);
			}

			return request;
		}