void replayAttackPrevention(ProtocolVersion version) {
ServiceEndpoint ep = getServiceEndpoint(TestSupport.Scenarios.AutoApproval, version);
Token token = new Token(ep);
INonceStore store = new ApplicationMemoryStore();
string serializedToken = token.Serialize(store);
Token.Deserialize(serializedToken, store);
Token.Deserialize(serializedToken, store);
}
public void EqualsTest() {
ServiceEndpoint ep1 = getServiceEndpoint(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20);
Token token1a = new Token(ep1);
Token token1b = new Token(ep1);
Assert.AreEqual(token1a, token1a, "It's the same object!");
Assert.AreNotEqual(token1a, token1b, "Two tokens generated for the same service endpoint should have unique nonces.");
ServiceEndpoint ep2 = getServiceEndpoint(TestSupport.Scenarios.AlwaysDeny, ProtocolVersion.V20);
Token token2 = new Token(ep2);
Assert.AreNotEqual(token1a, token2);
}
/// <summary>
/// Tests token creation, serialization, and conditional nonce serialization.
/// </summary>
void tokenBasics(ProtocolVersion version) {
ServiceEndpoint ep = getServiceEndpoint(TestSupport.Scenarios.AutoApproval, version);
Token token = new Token(ep);
Assert.AreSame(ep, token.Endpoint);
Assert.IsNotNull(token.Nonce);
INonceStore store = new ApplicationMemoryStore();
string serializedToken = token.Serialize(store);
Token token2 = Token.Deserialize(serializedToken, store);
Assert.AreEqual(token.Endpoint, token2.Endpoint);
if (ep.Protocol.Version.Major < 2) {
Assert.AreEqual(token.Nonce, token2.Nonce);
Assert.IsNotNull(token2.Nonce);
} else {
Assert.IsNull(token2.Nonce);
}
}
internal static AuthenticationRequest Create(Identifier userSuppliedIdentifier,
OpenIdRelyingParty relyingParty, Realm realm, Uri returnToUrl)
{
if (userSuppliedIdentifier == null) throw new ArgumentNullException("userSuppliedIdentifier");
if (relyingParty == null) throw new ArgumentNullException("relyingParty");
if (realm == null) throw new ArgumentNullException("realm");
userSuppliedIdentifier = userSuppliedIdentifier.TrimFragment();
if (relyingParty.Settings.RequireSsl) {
// Rather than check for successful SSL conversion at this stage,
// We'll wait for secure discovery to fail on the new identifier.
userSuppliedIdentifier.TryRequireSsl(out userSuppliedIdentifier);
}
Logger.InfoFormat("Creating authentication request for user supplied Identifier: {0}",
userSuppliedIdentifier);
Logger.DebugFormat("Realm: {0}", realm);
Logger.DebugFormat("Return To: {0}", returnToUrl);
if (Logger.IsWarnEnabled && returnToUrl.Query != null) {
NameValueCollection returnToArgs = HttpUtility.ParseQueryString(returnToUrl.Query);
foreach (string key in returnToArgs) {
if (OpenIdRelyingParty.ShouldParameterBeStrippedFromReturnToUrl(key)) {
Logger.WarnFormat("OpenId argument \"{0}\" found in return_to URL. This can corrupt an OpenID response.", key);
break;
}
}
}
var endpoints = new List<ServiceEndpoint>(userSuppliedIdentifier.Discover());
ServiceEndpoint endpoint = selectEndpoint(endpoints.AsReadOnly(), relyingParty);
if (endpoint == null)
throw new OpenIdException(Strings.OpenIdEndpointNotFound);
Logger.DebugFormat("Discovered provider endpoint: {0}", endpoint);
// Throw an exception now if the realm and the return_to URLs don't match
// as required by the provider. We could wait for the provider to test this and
// fail, but this will be faster and give us a better error message.
if (!realm.Contains(returnToUrl))
throw new OpenIdException(string.Format(CultureInfo.CurrentCulture,
Strings.ReturnToNotUnderRealm, returnToUrl, realm));
string token = new Token(endpoint).Serialize(relyingParty.Store);
// Retrieve the association, but don't create one, as a creation was already
// attempted by the selectEndpoint method.
Association association = relyingParty.Store != null ? getAssociation(relyingParty, endpoint, false) : null;
return new AuthenticationRequest(
token, association, endpoint, realm, returnToUrl, relyingParty);
}
