コード例 #1
0
        /// <summary>
        /// Creates a response that notifies the Relying Party that the requested
        /// association type is not supported by this Provider, and offers
        /// an alternative association type, if possible.
        /// </summary>
        /// <param name="requestMessage">The request message.</param>
        /// <param name="securitySettings">The security settings that apply to this Provider.</param>
        /// <returns>
        /// The response to send to the Relying Party.
        /// </returns>
        private static AssociateUnsuccessfulResponse CreateUnsuccessfulResponse(IAssociateRequestProvider requestMessage, ProviderSecuritySettings securitySettings)
        {
            Requires.NotNull(requestMessage, "requestMessage");
            Requires.NotNull(securitySettings, "securitySettings");

            var unsuccessfulResponse = new AssociateUnsuccessfulResponse(requestMessage.Version, (AssociateRequest)requestMessage);

            // The strategy here is to suggest that the RP try again with the lowest
            // permissible security settings, giving the RP the best chance of being
            // able to match with a compatible request.
            bool   unencryptedAllowed = requestMessage.Recipient.IsTransportSecure();
            bool   useDiffieHellman = !unencryptedAllowed;
            var    request = (AssociateRequest)requestMessage;
            var    protocol = requestMessage.GetProtocol();
            string associationType, sessionType;

            if (HmacShaAssociation.TryFindBestAssociation(protocol, false, securitySettings, useDiffieHellman, out associationType, out sessionType))
            {
                ErrorUtilities.VerifyInternal(request.AssociationType != associationType, "The RP asked for an association that should have been allowed, but the OP is trying to suggest the same one as an alternative!");
                unsuccessfulResponse.AssociationType = associationType;
                unsuccessfulResponse.SessionType     = sessionType;
                Logger.OpenId.InfoFormat(
                    "Association requested of type '{0}' and session '{1}', which the Provider does not support.  Sending back suggested alternative of '{0}' with session '{1}'.",
                    request.AssociationType,
                    request.SessionType,
                    unsuccessfulResponse.AssociationType,
                    unsuccessfulResponse.SessionType);
            }
            else
            {
                Logger.OpenId.InfoFormat("Association requested of type '{0}' and session '{1}', which the Provider does not support.  No alternative association type qualified for suggesting back to the Relying Party.", request.AssociationType, request.SessionType);
            }

            return(unsuccessfulResponse);
        }
コード例 #2
0
        public static AssociateRequest Create(OpenIdRelyingParty relyingParty, ServiceEndpoint provider)
        {
            if (relyingParty == null)
            {
                throw new ArgumentNullException("relyingParty");
            }
            if (provider == null)
            {
                throw new ArgumentNullException("provider");
            }

            string assoc_type, session_type;

            if (HmacShaAssociation.TryFindBestAssociation(provider.Protocol,
                                                          relyingParty.Settings.MinimumHashBitLength, relyingParty.Settings.MaximumHashBitLength,
                                                          true, out assoc_type, out session_type))
            {
                return(Create(relyingParty, provider, assoc_type, session_type, true));
            }
            else
            {
                // There are no associations that meet all requirements.
                Logger.Warn("Security requirements and protocol combination knock out all possible association types.  Dumb mode forced.");
                return(null);
            }
        }
コード例 #3
0
        public static AssociateRequest Create(OpenIdRelyingParty relyingParty, ServiceEndpoint provider)
        {
            if (relyingParty == null)
            {
                throw new ArgumentNullException("relyingParty");
            }
            if (provider == null)
            {
                throw new ArgumentNullException("provider");
            }

            string assoc_type, session_type;
            bool   requireDiffieHellman = !string.Equals(provider.ProviderEndpoint.Scheme, Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase);

            if (HmacShaAssociation.TryFindBestAssociation(provider.Protocol,
                                                          relyingParty.Settings.MinimumHashBitLength, relyingParty.Settings.MaximumHashBitLength,
                                                          requireDiffieHellman, out assoc_type, out session_type))
            {
                return(Create(relyingParty, provider, assoc_type, session_type, true));
            }
            else
            {
                // There are no associations that meet all requirements.
                //Logger.Warn("Security requirements and protocol combination knock out all possible association types.  Dumb mode forced.");
                return(null);
            }
        }
コード例 #4
0
        /// <summary>
        /// Creates an association request message that is appropriate for a given Provider.
        /// </summary>
        /// <param name="securityRequirements">The set of requirements the selected association type must comply to.</param>
        /// <param name="provider">The provider to create an association with.</param>
        /// <returns>
        /// The message to send to the Provider to request an association.
        /// Null if no association could be created that meet the security requirements
        /// and the provider OpenID version.
        /// </returns>
        internal static AssociateRequest Create(SecuritySettings securityRequirements, IProviderEndpoint provider)
        {
            Contract.Requires <ArgumentNullException>(securityRequirements != null);
            Contract.Requires <ArgumentNullException>(provider != null);

            // Apply our knowledge of the endpoint's transport, OpenID version, and
            // security requirements to decide the best association.
            bool   unencryptedAllowed = provider.Uri.IsTransportSecure();
            bool   useDiffieHellman = !unencryptedAllowed;
            string associationType, sessionType;

            if (!HmacShaAssociation.TryFindBestAssociation(Protocol.Lookup(provider.Version), true, securityRequirements, useDiffieHellman, out associationType, out sessionType))
            {
                // There are no associations that meet all requirements.
                Logger.OpenId.Warn("Security requirements and protocol combination knock out all possible association types.  Dumb mode forced.");
                return(null);
            }

            return(Create(securityRequirements, provider, associationType, sessionType));
        }
コード例 #5
0
        /// <summary>
        /// Creates an association request message that is appropriate for a given Provider.
        /// </summary>
        /// <param name="securityRequirements">The set of requirements the selected association type must comply to.</param>
        /// <param name="provider">The provider to create an association with.</param>
        /// <returns>
        /// The message to send to the Provider to request an association.
        /// Null if no association could be created that meet the security requirements
        /// and the provider OpenID version.
        /// </returns>
        internal static AssociateRequest Create(SecuritySettings securityRequirements, ProviderEndpointDescription provider)
        {
            ErrorUtilities.VerifyArgumentNotNull(securityRequirements, "securityRequirements");
            ErrorUtilities.VerifyArgumentNotNull(provider, "provider");

            // Apply our knowledge of the endpoint's transport, OpenID version, and
            // security requirements to decide the best association.
            bool   unencryptedAllowed = provider.Endpoint.IsTransportSecure();
            bool   useDiffieHellman = !unencryptedAllowed;
            string associationType, sessionType;

            if (!HmacShaAssociation.TryFindBestAssociation(Protocol.Lookup(provider.ProtocolVersion), true, securityRequirements, useDiffieHellman, out associationType, out sessionType))
            {
                // There are no associations that meet all requirements.
                Logger.Warn("Security requirements and protocol combination knock out all possible association types.  Dumb mode forced.");
                return(null);
            }

            return(Create(securityRequirements, provider, associationType, sessionType));
        }