bool IExtensionRequest.Deserialize(IDictionary<string, string> fields, DotNetOpenId.Provider.IRequest request, string typeUri)
{
if (fields == null) return false;
string mode;
fields.TryGetValue("mode", out mode);
if (mode != Mode) return false;
string updateUrl;
fields.TryGetValue("update_url", out updateUrl);
Uri updateUri;
if (Uri.TryCreate(updateUrl, UriKind.Absolute, out updateUri))
UpdateUrl = updateUri;
string requiredAliasString, optionalAliasString;
fields.TryGetValue("if_available", out optionalAliasString);
fields.TryGetValue("required", out requiredAliasString);
var requiredAliases = parseAliasList(requiredAliasString);
var optionalAliases = parseAliasList(optionalAliasString);
// if an alias shows up in both lists, an exception will result implicitly.
var allAliases = new List<string>(requiredAliases.Count + optionalAliases.Count);
allAliases.AddRange(requiredAliases);
allAliases.AddRange(optionalAliases);
if (allAliases.Count == 0) {
Logger.Error("Attribute Exchange extension did not provide any aliases in the if_available or required lists.");
return false;
}
AliasManager aliasManager = new AliasManager();
foreach (var alias in allAliases) {
string attributeTypeUri;
if (fields.TryGetValue("type." + alias, out attributeTypeUri)) {
aliasManager.SetAlias(alias, attributeTypeUri);
AttributeRequest att = new AttributeRequest {
TypeUri = attributeTypeUri,
IsRequired = requiredAliases.Contains(alias),
};
string countString;
if (fields.TryGetValue("count." + alias, out countString)) {
if (countString == "unlimited")
att.Count = int.MaxValue;
else {
int count;
if (int.TryParse(countString, out count) && count > 0) {
att.Count = count;
} else {
Logger.Error("count." + alias + " could not be parsed into a positive integer.");
}
}
} else {
att.Count = 1;
}
AddAttribute(att);
} else {
Logger.Error("Type URI definition of alias " + alias + " is missing.");
}
}
return true;
}
bool IExtensionRequest.Deserialize(IDictionary<string, string> fields, DotNetOpenId.Provider.IRequest request, string typeUri)
{
if (fields == null) return false;
string mode;
fields.TryGetValue("mode", out mode);
if (mode != Mode) return false;
foreach (var att in FetchResponse.DeserializeAttributes(fields))
AddAttribute(att);
return true;
}
protected void ProviderEndpoint1_AuthenticationChallenge(object sender, DotNetOpenId.Provider.AuthenticationChallengeEventArgs e)
{
if (!e.Request.IsReturnUrlDiscoverable) {
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture,
"return_to could not be verified using RP discovery realm {0}.", e.Request.Realm));
}
TestSupport.Scenarios scenario = (TestSupport.Scenarios)Enum.Parse(typeof(TestSupport.Scenarios),
new Uri(e.Request.LocalIdentifier).AbsolutePath.TrimStart('/'));
switch (scenario) {
case TestSupport.Scenarios.AutoApproval:
e.Request.IsAuthenticated = true;
break;
case TestSupport.Scenarios.ApproveOnSetup:
e.Request.IsAuthenticated = !e.Request.Immediate;
break;
default:
// All other scenarios are done programmatically only.
throw new InvalidOperationException("Unrecognized scenario");
}
e.Request.Response.Send();
}
public void AddExtension(DotNetOpenId.Extensions.IExtensionRequest extension)
{
if (extension == null) throw new ArgumentNullException("extension");
OutgoingExtensions.AddExtensionArguments(extension.TypeUri, extension.Serialize(this));
}
return fields;
}
bool IExtensionResponse.Deserialize(IDictionary<string, string> fields, DotNetOpenId.RelyingParty.IAuthenticationResponse response, string typeUri) {
if (fields == null) return false;
if (!fields.ContainsKey(Constants.ResponseParameters.AuthPolicies)) return false;
ActualPolicies.Clear();
string[] actualPolicies = fields[Constants.ResponseParameters.AuthPolicies].Split(' ');
foreach (string policy in actualPolicies) {
if (policy.Length > 0 && policy != AuthenticationPolicies.None)
ActualPolicies.Add(policy);
}
AuthenticationTimeUtc = null;
string authTime;
if (fields.TryGetValue(Constants.ResponseParameters.AuthTime, out authTime)) {
DateTime authDateTime;
if (DateTime.TryParse(authTime, CultureInfo.InvariantCulture, DateTimeStyles.AdjustToUniversal, out authDateTime) &&
authDateTime.Kind == DateTimeKind.Utc) { // may be unspecified per our option above
AuthenticationTimeUtc = authDateTime;
} else {
Logger.ErrorFormat("Invalid format for {0} parameter: {1}",
Constants.ResponseParameters.AuthTime, authTime);
}
}
AssuranceLevels.Clear();
AliasManager authLevelAliases = PolicyRequest.FindIncomingAliases(fields);
foreach (string authLevelAlias in authLevelAliases.Aliases) {
string authValue;
if (fields.TryGetValue(Constants.ResponseParameters.AuthLevelAliasPrefix + authLevelAlias, out authValue)) {
string authLevelType = authLevelAliases.ResolveAlias(authLevelAlias);
AssuranceLevels[authLevelType] = authValue;
}
}
protected void openIdTxt_LoggedIn(object sender, DotNetOpenId.RelyingParty.OpenIdEventArgs e)
{
if (e.Response.ClaimedIdentifier != null &&
e.Response.Status == DotNetOpenId.RelyingParty.AuthenticationStatus.Authenticated)
{
string userNameTxt = e.Response.ClaimedIdentifier;
bool publicTerminal = true;
if (Session["publicTerminal"] != null)
publicTerminal = (bool)Session["publicTerminal"];
Operator.LoginOpenID(userNameTxt, e.Response.FriendlyIdentifierForDisplay, publicTerminal);
login.Visible = false;
if (LoggedIn != null)
LoggedIn(this, new EventArgs());
}
}
IDictionary<string, string> IExtensionResponse.Serialize(DotNetOpenId.Provider.IRequest authenticationRequest)
{
var fields = new Dictionary<string, string>();
fields.Add(Constants.ResponseParameters.AuthPolicies, PolicyRequest.SerializePolicies(ActualPolicies));
if (AuthenticationTimeUtc.HasValue) {
fields.Add(Constants.ResponseParameters.AuthTime, AuthenticationTimeUtc.Value.ToUniversalTime().ToString(PermissibleDateTimeFormats[0], CultureInfo.InvariantCulture));
}
if (NistAssuranceLevel.HasValue) {
fields.Add(Constants.ResponseParameters.NistAuthLevel, ((int)NistAssuranceLevel).ToString(CultureInfo.InvariantCulture));
}
return fields;
}
#region IExtensionResponse Members
IDictionary<string, string> IExtensionResponse.Serialize(DotNetOpenId.Provider.IRequest authenticationRequest) {
var fields = new Dictionary<string, string>();
fields.Add(Constants.ResponseParameters.AuthPolicies, SerializePolicies(ActualPolicies));
if (AuthenticationTimeUtc.HasValue) {
fields.Add(Constants.ResponseParameters.AuthTime, AuthenticationTimeUtc.Value.ToUniversalTime().ToString(PermissibleDateTimeFormats[0], CultureInfo.InvariantCulture));
}
if (AssuranceLevels.Count > 0) {
AliasManager aliases = new AliasManager();
aliases.AssignAliases(AssuranceLevels.Keys, Constants.AuthenticationLevels.PreferredTypeUriToAliasMap);
// Add a definition for each Auth Level Type alias.
foreach (string alias in aliases.Aliases) {
fields.Add(Constants.AuthLevelNamespaceDeclarationPrefix + alias, aliases.ResolveAlias(alias));
}
// Now use the aliases for those type URIs to list the individual values.
foreach (var pair in AssuranceLevels) {
fields.Add(Constants.ResponseParameters.AuthLevelAliasPrefix + aliases.GetAlias(pair.Key), pair.Value);
}
}
bool IExtensionResponse.Deserialize(IDictionary<string, string> fields, DotNetOpenId.RelyingParty.IAuthenticationResponse response, string typeUri)
{
if (fields == null) return false;
if (!fields.ContainsKey(Constants.ResponseParameters.AuthPolicies)) return false;
ActualPolicies.Clear();
string[] actualPolicies = fields[Constants.ResponseParameters.AuthPolicies].Split(' ');
foreach (string policy in actualPolicies) {
if (policy.Length > 0)
ActualPolicies.Add(policy);
}
AuthenticationTimeUtc = null;
string authTime;
if (fields.TryGetValue(Constants.ResponseParameters.AuthTime, out authTime)) {
DateTime authDateTime;
if (DateTime.TryParse(authTime, CultureInfo.InvariantCulture, DateTimeStyles.AdjustToUniversal, out authDateTime) &&
authDateTime.Kind == DateTimeKind.Utc) { // may be unspecified per our option above
AuthenticationTimeUtc = authDateTime;
} else {
Logger.ErrorFormat("Invalid format for {0} parameter: {1}",
Constants.ResponseParameters.AuthTime, authTime);
}
}
NistAssuranceLevel = null;
string nistAuthLevel;
if (fields.TryGetValue(Constants.ResponseParameters.NistAuthLevel, out nistAuthLevel)) {
int nistAuthLevelNumber;
if (int.TryParse(nistAuthLevel, out nistAuthLevelNumber) &&
nistAuthLevelNumber >= 0 && nistAuthLevelNumber <= 4) {
NistAssuranceLevel = (NistAssuranceLevel)nistAuthLevelNumber;
} else {
Logger.Error("Invalid NIST level.");
}
}
return true;
}
internal static void SetAuthenticationFromScenario(Scenarios scenario, DotNetOpenId.Provider.IAuthenticationRequest request)
{
Assert.IsTrue(request.IsReturnUrlDiscoverable);
switch (scenario) {
case TestSupport.Scenarios.ExtensionFullCooperation:
case TestSupport.Scenarios.ExtensionPartialCooperation:
case TestSupport.Scenarios.AutoApproval:
// immediately approve
request.IsAuthenticated = true;
break;
case TestSupport.Scenarios.AutoApprovalAddFragment:
request.SetClaimedIdentifierFragment("frag");
request.IsAuthenticated = true;
break;
case TestSupport.Scenarios.ApproveOnSetup:
request.IsAuthenticated = !request.Immediate;
break;
case TestSupport.Scenarios.AlwaysDeny:
request.IsAuthenticated = false;
break;
default:
throw new InvalidOperationException("Unrecognized scenario");
}
}
internal static IAuthenticationResponse CreateRelyingPartyResponseThroughProvider(
DotNetOpenId.RelyingParty.IAuthenticationRequest request,
Action<DotNetOpenId.Provider.IAuthenticationRequest> providerAction)
{
var rpReq = (AuthenticationRequest)request;
var opResponse = CreateProviderResponseToRequest(rpReq, providerAction);
// Be careful to use whatever store the original RP was using.
var rp = CreateRelyingPartyResponse(rpReq.RelyingParty.Store, opResponse,
((AuthenticationRequest)request).RelyingParty.Settings.RequireSsl);
Assert.IsNotNull(rp);
return rp;
}
internal static IResponse CreateProviderResponseToRequest(
DotNetOpenId.RelyingParty.IAuthenticationRequest request,
Action<DotNetOpenId.Provider.IAuthenticationRequest> prepareProviderResponse)
{
{
// Sidetrack: Verify the return_to and realm URLs
var consumerToProviderQuery = HttpUtility.ParseQueryString(request.RedirectingResponse.ExtractUrl().Query);
Protocol protocol = Protocol.Detect(consumerToProviderQuery.ToDictionary());
Assert.IsTrue(consumerToProviderQuery[protocol.openid.return_to].StartsWith(request.ReturnToUrl.AbsoluteUri, StringComparison.Ordinal));
Assert.AreEqual(request.Realm.ToString(), consumerToProviderQuery[protocol.openid.Realm]);
}
var op = TestSupport.CreateProviderForRequest(request);
var opReq = (DotNetOpenId.Provider.IAuthenticationRequest)op.Request;
prepareProviderResponse(opReq);
Assert.IsTrue(opReq.IsResponseReady);
return opReq.Response;
}
internal static OpenIdProvider CreateProviderForRequest(DotNetOpenId.RelyingParty.IAuthenticationRequest request)
{
IResponse relyingPartyAuthenticationRequest = request.RedirectingResponse;
var rpWebMessageToOP = (Response)relyingPartyAuthenticationRequest;
var rpMessageToOP = (IndirectMessageRequest)rpWebMessageToOP.EncodableMessage;
var opEndpoint = (ServiceEndpoint)request.Provider;
var provider = new OpenIdProvider(ProviderStore, opEndpoint.ProviderEndpoint,
opEndpoint.ProviderEndpoint, rpMessageToOP.EncodedFields.ToNameValueCollection());
return provider;
}
