public void DiscoveryRequiresSslIgnoresInsecureEndpointsInXrds()
{
var insecureEndpoint = GetServiceEndpoint(0, ProtocolVersion.V20, 10, false);
var secureEndpoint = GetServiceEndpoint(1, ProtocolVersion.V20, 20, true);
UriIdentifier secureClaimedId = new UriIdentifier(VanityUriSsl, true);
this.MockResponder.RegisterMockXrdsResponse(secureClaimedId, new ServiceEndpoint[] { insecureEndpoint, secureEndpoint });
Assert.AreEqual(secureEndpoint.ProviderLocalIdentifier, secureClaimedId.Discover(this.RequestHandler).Single().ProviderLocalIdentifier);
}
public void DiscoveryWithRedirects()
{
Identifier claimedId = this.GetMockIdentifier(ProtocolVersion.V20, false);
// Add a couple of chained redirect pages that lead to the claimedId.
Uri userSuppliedUri = new Uri("https://localhost/someSecurePage");
Uri insecureMidpointUri = new Uri("http://localhost/insecureStop");
this.MockResponder.RegisterMockRedirect(userSuppliedUri, insecureMidpointUri);
this.MockResponder.RegisterMockRedirect(insecureMidpointUri, new Uri(claimedId.ToString()));
// don't require secure SSL discovery for this test.
Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, false);
Assert.AreEqual(1, userSuppliedIdentifier.Discover(this.RequestHandler).Count());
}
public void DiscoveryRequireSslWithInsecureXrdsInSecureHttpHeader()
{
var insecureXrdsSource = this.GetMockIdentifier(ProtocolVersion.V20, false);
string html = "<html><head></head><body></body></html>";
WebHeaderCollection headers = new WebHeaderCollection {
{ "X-XRDS-Location", insecureXrdsSource }
};
this.MockResponder.RegisterMockResponse(VanityUriSsl, VanityUriSsl, "text/html", headers, html);
Identifier userSuppliedIdentifier = new UriIdentifier(VanityUriSsl, true);
Assert.AreEqual(0, userSuppliedIdentifier.Discover(this.RequestHandler).Count());
}
public void DiscoveryRequireSslWithInsecureXrdsInSecureHtmlHead()
{
var insecureXrdsSource = this.GetMockIdentifier(ProtocolVersion.V20, false);
Uri secureClaimedUri = new Uri("https://localhost/secureId");
string html = string.Format("<html><head><meta http-equiv='X-XRDS-Location' content='{0}'/></head><body></body></html>", insecureXrdsSource);
this.MockResponder.RegisterMockResponse(secureClaimedUri, "text/html", html);
Identifier userSuppliedIdentifier = new UriIdentifier(secureClaimedUri, true);
Assert.AreEqual(0, userSuppliedIdentifier.Discover(this.RequestHandler).Count());
}
public void DiscoveryRequireSslWithInsecureXrdsButSecureLinkTags()
{
var insecureXrdsSource = this.GetMockIdentifier(ProtocolVersion.V20, false);
string html = string.Format(
@"
<html><head>
<meta http-equiv='X-XRDS-Location' content='{0}'/> <!-- this one will be insecure and ignored -->
<link rel='openid2.provider' href='{1}' />
<link rel='openid2.local_id' href='{2}' />
</head><body></body></html>",
HttpUtility.HtmlEncode(insecureXrdsSource),
HttpUtility.HtmlEncode(OPUriSsl.AbsoluteUri),
HttpUtility.HtmlEncode(OPLocalIdentifiersSsl[1].AbsoluteUri));
this.MockResponder.RegisterMockResponse(VanityUriSsl, "text/html", html);
Identifier userSuppliedIdentifier = new UriIdentifier(VanityUriSsl, true);
// We verify that the XRDS was ignored and the LINK tags were used
// because the XRDS OP-LocalIdentifier uses different local identifiers.
Assert.AreEqual(OPLocalIdentifiersSsl[1], userSuppliedIdentifier.Discover(this.RequestHandler).Single().ProviderLocalIdentifier);
}
public void DiscoverRequireSslWithSecureRedirects()
{
Identifier claimedId = this.GetMockIdentifier(ProtocolVersion.V20, true);
// Add a couple of chained redirect pages that lead to the claimedId.
// All redirects should be secure.
Uri userSuppliedUri = new Uri("https://localhost/someSecurePage");
Uri secureMidpointUri = new Uri("https://localhost/secureStop");
this.MockResponder.RegisterMockRedirect(userSuppliedUri, secureMidpointUri);
this.MockResponder.RegisterMockRedirect(secureMidpointUri, new Uri(claimedId.ToString()));
Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, true);
Assert.AreEqual(1, userSuppliedIdentifier.Discover(this.RequestHandler).Count());
}
public void DiscoverRequireSslWithInsecureRedirect()
{
Identifier claimedId = this.GetMockIdentifier(ProtocolVersion.V20, true);
// Add a couple of chained redirect pages that lead to the claimedId.
// Include an insecure HTTP jump in those redirects to verify that
// the ultimate endpoint is never found as a result of high security profile.
Uri userSuppliedUri = new Uri("https://localhost/someSecurePage");
Uri insecureMidpointUri = new Uri("http://localhost/insecureStop");
this.MockResponder.RegisterMockRedirect(userSuppliedUri, insecureMidpointUri);
this.MockResponder.RegisterMockRedirect(insecureMidpointUri, new Uri(claimedId.ToString()));
Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, true);
userSuppliedIdentifier.Discover(this.RequestHandler);
}