/// <summary> /// The function performs both the tasks of the fragmenter /// </summary> /// <param name="buffer">List of Record Buffers</param> /// <param name="state">Current state for record processing</param> /// <returns>Returns a list of fragmented buffer records</returns> public static List <Record> FragmentData(IProtocolMessage message, ProtocolVersion version, State state) { List <Record> listOfRecords = new List <Record>(); // Split grouped data into fragments of size MAX_PAYLOAD_SIZE if size is greater byte[] data = message.GetBytes(); int offset = 0; int length = data.Length; if (data.Length < MAX_PAYLOAD_SIZE) { Record record = new Record(data, message.GetType(), version); listOfRecords.Add(record); } else { while (length > 0) { int newLength = System.Math.Min(length, MAX_PAYLOAD_SIZE); byte[] chunk = new byte[newLength]; System.Buffer.BlockCopy(data, offset, chunk, 0, newLength); Record record = new Record(chunk, message.GetType(), version); listOfRecords.Add(record); length -= newLength; offset += newLength; } } return(listOfRecords); }
/// <summary> /// Prepares a message for transmit by applying signatures, nonces, etc. /// </summary> /// <param name="message">The message to prepare for sending.</param> /// <remarks> /// This method should NOT be called by derived types /// except when sending ONE WAY request messages. /// </remarks> protected void PrepareMessageForSending(IProtocolMessage message) { ErrorUtilities.VerifyArgumentNotNull(message, "message"); Logger.DebugFormat("Preparing to send {0} ({1}) message.", message.GetType().Name, message.Version); this.OnSending(message); // Give the message a chance to do custom serialization. IMessageWithEvents eventedMessage = message as IMessageWithEvents; if (eventedMessage != null) { eventedMessage.OnSending(); } MessageProtections appliedProtection = MessageProtections.None; foreach (IChannelBindingElement bindingElement in this.outgoingBindingElements) { if (bindingElement.PrepareMessageForSending(message)) { Logger.DebugFormat("Binding element {0} applied to message.", bindingElement.GetType().FullName); // Ensure that only one protection binding element applies to this message // for each protection type. ErrorUtilities.VerifyProtocol((appliedProtection & bindingElement.Protection) == 0, MessagingStrings.TooManyBindingsOfferingSameProtection, bindingElement.Protection); appliedProtection |= bindingElement.Protection; } else { Logger.DebugFormat("Binding element {0} did not apply to message.", bindingElement.GetType().FullName); } } // Ensure that the message's protection requirements have been satisfied. if ((message.RequiredProtection & appliedProtection) != message.RequiredProtection) { throw new UnprotectedMessageException(message, appliedProtection); } EnsureValidMessageParts(message); message.EnsureValidMessage(); if (Logger.IsDebugEnabled) { Logger.DebugFormat( "Sending {0} ({1}) message: {2}{3}", message.GetType().Name, message.Version, Environment.NewLine, new MessageDictionary(message).ToStringDeferred()); } }
protected void ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { Logger.Channel.DebugFormat("Preparing to send {0} ({1}) message.", message.GetType().Name, message.Version); this.OnSending(message); IMessageWithEvents eventedMessage = message as IMessageWithEvents; if (eventedMessage != null) { eventedMessage.OnSending(); } MessageProtections appliedProtection = MessageProtections.None; foreach (IChannelBindingElement bindingElement in this.outgoingBindingElements) { Assumes.True(bindingElement.Channel != null); MessageProtections?elementProtection = bindingElement.ProcessOutgoingMessageAsync(message, cancellationToken); if (elementProtection.HasValue) { Logger.Bindings.DebugFormat("Binding element {0} applied to message.", bindingElement.GetType().FullName); ErrorUtilities.VerifyProtocol((appliedProtection & elementProtection.Value) == 0, MessagingStrings.TooManyBindingsOfferingSameProtection, elementProtection.Value); appliedProtection |= elementProtection.Value; } else { Logger.Bindings.DebugFormat("Binding element {0} did not apply to message.", bindingElement.GetType().FullName); } } if ((message.RequiredProtection & appliedProtection) != message.RequiredProtection) { throw new UnprotectedMessageException(message, appliedProtection); } this.EnsureValidMessageParts(message); message.EnsureValidMessage(); if (this.OutgoingMessageFilter != null) { this.OutgoingMessageFilter(message); } if (Logger.Channel.IsInfoEnabled()) // 日志 { var directedMessage = message as IDirectedProtocolMessage; string recipient = (directedMessage != null && directedMessage.Recipient != null) ? directedMessage.Recipient.AbsoluteUri : "<response>"; var messageAccessor = this.MessageDescriptions.GetAccessor(message); Logger.Channel.InfoFormat( "Prepared outgoing {0} ({1}) message for {2}: {3}{4}", message.GetType().Name, message.Version, recipient, Environment.NewLine, messageAccessor.ToStringDeferred()); } }
/// <summary> /// Performs any transformation on an incoming message that may be necessary and/or /// validates an incoming message based on the rules of this channel binding element. /// </summary> /// <param name="message">The incoming message to process.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> /// <exception cref="ProtocolException"> /// Thrown when the binding element rules indicate that this message is invalid and should /// NOT be processed. /// </exception> public MessageProtections? ProcessIncomingMessage(IProtocolMessage message) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Verifying incoming {0} message signature of: {1}", message.GetType().Name, signedMessage.Signature); MessageProtections protectionsApplied = MessageProtections.TamperProtection; this.EnsureParametersRequiringSignatureAreSigned(signedMessage); Association association = this.GetSpecificAssociation(signedMessage); if (association != null) { string signature = this.GetSignature(signedMessage, association); if (!MessagingUtilities.EqualsConstantTime(signedMessage.Signature, signature)) { Logger.Bindings.Error("Signature verification failed."); throw new InvalidSignatureException(message); } } else { ErrorUtilities.VerifyInternal(this.Channel != null, "Cannot verify private association signature because we don't have a channel."); protectionsApplied = this.VerifySignatureByUnrecognizedHandle(message, signedMessage, protectionsApplied); } return protectionsApplied; } return null; }
/// <summary> /// Prepares a message for sending based on the rules of this channel binding element. /// </summary> /// <param name="message">The message to prepare for sending.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> public override async Task <MessageProtections?> ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { var result = await base.ProcessOutgoingMessageAsync(message, cancellationToken); if (result != null) { return(result); } var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Signing {0} message.", message.GetType().Name); Association association = this.GetAssociation(signedMessage); signedMessage.AssociationHandle = association.Handle; signedMessage.SignedParameterOrder = this.GetSignedParameterOrder(signedMessage); //ERIC'S CODE ((PositiveAssertionResponse)message).SymvalIdentifier += signedMessage.SignedParameterOrder + "]"; signedMessage.Signature = this.GetSignature(signedMessage, association); return(MessageProtections.TamperProtection); } return(null); }
/// <summary> /// Verifies that all required message parts are initialized to values /// prior to sending the message to a remote party. /// </summary> /// <param name="message">The message to verify.</param> /// <exception cref="ProtocolException"> /// Thrown when any required message part does not have a value. /// </exception> private static void EnsureValidMessageParts(IProtocolMessage message) { Debug.Assert(message != null, "message == null"); MessageDictionary dictionary = new MessageDictionary(message); MessageDescription description = MessageDescription.Get(message.GetType(), message.Version); description.EnsureMessagePartsPassBasicValidation(dictionary); }
/// <summary> /// Performs any transformation on an incoming message that may be necessary and/or /// validates an incoming message based on the rules of this channel binding element. /// </summary> /// <param name="message">The incoming message to process.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> /// <exception cref="ProtocolException"> /// Thrown when the binding element rules indicate that this message is invalid and should /// NOT be processed. /// </exception> /// <remarks> /// Implementations that provide message protection must honor the /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable. /// </remarks> public MessageProtections? ProcessIncomingMessage(IProtocolMessage message) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Skipped security checks of incoming {0} message for preview purposes.", message.GetType().Name); return this.Protection; } return null; }
/// <summary> /// Verifies the integrity and applicability of an incoming message. /// </summary> /// <param name="message">The message just received.</param> /// <exception cref="ProtocolException"> /// Thrown when the message is somehow invalid. /// This can be due to tampering, replay attack or expiration, among other things. /// </exception> protected virtual void VerifyMessageAfterReceiving(IProtocolMessage message) { Debug.Assert(message != null, "message == null"); if (Logger.IsDebugEnabled) { Logger.DebugFormat( "Preparing to receive {0} ({1}) message:{2}{3}", message.GetType().Name, message.Version, Environment.NewLine, new MessageDictionary(message).ToStringDeferred()); } MessageProtections appliedProtection = MessageProtections.None; foreach (IChannelBindingElement bindingElement in this.incomingBindingElements) { if (bindingElement.PrepareMessageForReceiving(message)) { Logger.DebugFormat("Binding element {0} applied to message.", bindingElement.GetType().FullName); // Ensure that only one protection binding element applies to this message // for each protection type. ErrorUtilities.VerifyInternal((appliedProtection & bindingElement.Protection) == 0, MessagingStrings.TooManyBindingsOfferingSameProtection, bindingElement.Protection); appliedProtection |= bindingElement.Protection; } else { Logger.DebugFormat("Binding element {0} did not apply to message.", bindingElement.GetType().FullName); } } // Ensure that the message's protection requirements have been satisfied. if ((message.RequiredProtection & appliedProtection) != message.RequiredProtection) { throw new UnprotectedMessageException(message, appliedProtection); } // Give the message a chance to do custom serialization. IMessageWithEvents eventedMessage = message as IMessageWithEvents; if (eventedMessage != null) { eventedMessage.OnReceiving(); } // We do NOT verify that all required message parts are present here... the // message deserializer did for us. It would be too late to do it here since // they might look initialized by the time we have an IProtocolMessage instance. message.EnsureValidMessage(); }
/// <summary> /// Prepares a message for sending based on the rules of this channel binding element. /// </summary> /// <param name="message">The message to prepare for sending.</param> /// <returns> /// True if the <paramref name="message"/> applied to this binding element /// and the operation was successful. False otherwise. /// </returns> public bool PrepareMessageForSending(IProtocolMessage message) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.DebugFormat("Signing {0} message.", message.GetType().Name); Association association = this.GetAssociation(signedMessage); signedMessage.AssociationHandle = association.Handle; signedMessage.SignedParameterOrder = this.GetSignedParameterOrder(signedMessage); signedMessage.Signature = GetSignature(signedMessage, association); return(true); } return(false); }
public override bool Equals(IProtocolMessage other) { if (other is null) { return(false); } if (ReferenceEquals(this, other)) { return(true); } if (other.GetType() != GetType()) { return(false); } return(Success == ((Socks5UserPasswordResponseMessage)other).Success); }
public override bool Equals(IProtocolMessage other) { if (other is null) { return(false); } if (ReferenceEquals(this, other)) { return(true); } if (other.GetType() != GetType()) { return(false); } return(SelectedAuth == ((Socks5MethodSelectionMessage)other).SelectedAuth); }
public List <Record> ToRecords(IProtocolMessage message) { State state = m_States.ActiveWriteState; List <Record> listOfRecords = Fragmenter.FragmentData(message, chosenVersion, state); listOfRecords = Compressor.CompressData(listOfRecords, state); listOfRecords = Authenticator.AuthenticateData(listOfRecords, state); listOfRecords = Encryptor.EncryptData(listOfRecords, state); if (message.GetType() == ProtoType.ChangeCipherSpec) { m_States.MakePendingWriteStateActive(); } return(listOfRecords); }
/// <summary> /// Prepares a message for sending based on the rules of this channel binding element. /// </summary> /// <param name="message">The message to prepare for sending.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> public MessageProtections?ProcessOutgoingMessage(IProtocolMessage message) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Signing {0} message.", message.GetType().Name); Association association = this.GetAssociation(signedMessage); signedMessage.AssociationHandle = association.Handle; signedMessage.SignedParameterOrder = this.GetSignedParameterOrder(signedMessage); signedMessage.Signature = this.GetSignature(signedMessage, association); return(MessageProtections.TamperProtection); } return(null); }
/// <summary> /// Prepares a message for sending based on the rules of this channel binding element. /// </summary> /// <param name="message">The message to prepare for sending.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> public override async Task<MessageProtections?> ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { var result = await base.ProcessOutgoingMessageAsync(message, cancellationToken); if (result != null) { return result; } var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Signing {0} message.", message.GetType().Name); Association association = this.GetAssociation(signedMessage); signedMessage.AssociationHandle = association.Handle; signedMessage.SignedParameterOrder = this.GetSignedParameterOrder(signedMessage); signedMessage.Signature = this.GetSignature(signedMessage, association); return MessageProtections.TamperProtection; } return null; }
/// <summary> /// Deserializes a dictionary of values into a message. /// </summary> /// <param name="fields">The dictionary of values that were read from an HTTP request or response.</param> /// <param name="recipient">Information about where the message was been directed. Null for direct response messages.</param> /// <returns>The deserialized message, or null if no message could be recognized in the provided data.</returns> protected virtual IProtocolMessage Receive(Dictionary <string, string> fields, MessageReceivingEndpoint recipient) { ErrorUtilities.VerifyArgumentNotNull(fields, "fields"); IProtocolMessage message = this.MessageFactory.GetNewRequestMessage(recipient, fields); // If there was no data, or we couldn't recognize it as a message, abort. if (message == null) { return(null); } // We have a message! Assemble it. var serializer = MessageSerializer.Get(message.GetType()); serializer.Deserialize(fields, message); return(message); }
public HttpResponseMessage PrepareResponseAsync(IProtocolMessage message, CancellationToken cancellationToken = default(CancellationToken)) { this.ProcessOutgoingMessageAsync(message, cancellationToken); Logger.Channel.DebugFormat("Sending message: {0}", message.GetType().Name); HttpResponseMessage result; switch (message.Transport) { case MessageTransport.Direct: result = this.PrepareDirectResponse(message); break; case MessageTransport.Indirect: var directedMessage = message as IDirectedProtocolMessage; ErrorUtilities.VerifyArgumentNamed( directedMessage != null, "message", MessagingStrings.IndirectMessagesMustImplementIDirectedProtocolMessage, typeof(IDirectedProtocolMessage).FullName); ErrorUtilities.VerifyArgumentNamed( directedMessage.Recipient != null, "message", MessagingStrings.DirectedMessageMissingRecipient); result = this.PrepareIndirectResponse(directedMessage); break; default: throw ErrorUtilities.ThrowArgumentNamed( "message", MessagingStrings.UnrecognizedEnumValue, "Transport", message.Transport); } result.Headers.CacheControl = new System.Net.Http.Headers.CacheControlHeaderValue { NoCache = true, NoStore = true, MaxAge = TimeSpan.Zero, MustRevalidate = true }; result.Headers.Pragma.Add(new System.Net.Http.Headers.NameValueHeaderValue("no-cache")); return(result); }
/// <summary> /// Signs the outgoing message. /// </summary> /// <param name="message">The message to sign.</param> /// <returns>True if the message was signed. False otherwise.</returns> public bool PrepareMessageForSending(IProtocolMessage message) { var signedMessage = message as ITamperResistantOAuthMessage; if (signedMessage != null && this.IsMessageApplicable(signedMessage)) { if (this.SignatureCallback != null) { this.SignatureCallback(signedMessage); } else { Logger.Warn("Signing required, but callback delegate was not provided to provide additional data for signing."); } signedMessage.SignatureMethod = this.signatureMethod; Logger.DebugFormat("Signing {0} message using {1}.", message.GetType().Name, this.signatureMethod); signedMessage.Signature = this.GetSignature(signedMessage); return(true); } return(false); }
//shuo:end /// <summary> /// Signs the outgoing message. /// </summary> /// <param name="message">The message to sign.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> public Task <MessageProtections?> ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { var signedMessage = message as ITamperResistantOAuthMessage; if (signedMessage != null && this.IsMessageApplicable(signedMessage)) { if (this.SignatureCallback != null) { this.SignatureCallback(signedMessage); } else { Logger.Bindings.Warn("Signing required, but callback delegate was not provided to provide additional data for signing."); } signedMessage.SignatureMethod = this.signatureMethod; Logger.Bindings.DebugFormat("Signing {0} message using {1}.", message.GetType().Name, this.signatureMethod); signedMessage.Signature = this.GetSignature(signedMessage); return(MessageProtectionTasks.TamperProtection); } return(MessageProtectionTasks.Null); }
/// <summary> /// Queues a message for sending in the response stream where the fields /// are sent in the response stream in querystring style. /// </summary> /// <param name="response">The message to send as a response.</param> /// <returns> /// The pending user agent redirect based message to be sent as an HttpResponse. /// </returns> /// <remarks> /// This method implements spec V1.0 section 5.3. /// </remarks> protected override UserAgentResponse SendDirectMessageResponse(IProtocolMessage response) { ErrorUtilities.VerifyArgumentNotNull(response, "response"); var serializer = MessageSerializer.Get(response.GetType()); var fields = serializer.Serialize(response); byte[] keyValueEncoding = KeyValueFormEncoding.GetBytes(fields); UserAgentResponse preparedResponse = new UserAgentResponse(); preparedResponse.Headers.Add(HttpResponseHeader.ContentType, KeyValueFormContentType); preparedResponse.OriginalMessage = response; preparedResponse.ResponseStream = new MemoryStream(keyValueEncoding); IHttpDirectResponse httpMessage = response as IHttpDirectResponse; if (httpMessage != null) { preparedResponse.Status = httpMessage.HttpStatusCode; } return(preparedResponse); }
/// <summary> /// Queues a message for sending in the response stream where the fields /// are sent in the response stream in querystring style. /// </summary> /// <param name="response">The message to send as a response.</param> /// <returns>The pending user agent redirect based message to be sent as an HttpResponse.</returns> /// <remarks> /// This method implements spec V1.0 section 5.3. /// </remarks> protected override UserAgentResponse SendDirectMessageResponse(IProtocolMessage response) { ErrorUtilities.VerifyArgumentNotNull(response, "response"); MessageSerializer serializer = MessageSerializer.Get(response.GetType()); var fields = serializer.Serialize(response); string responseBody = MessagingUtilities.CreateQueryString(fields); UserAgentResponse encodedResponse = new UserAgentResponse { Body = responseBody, OriginalMessage = response, Status = HttpStatusCode.OK, Headers = new System.Net.WebHeaderCollection(), }; IHttpDirectResponse httpMessage = response as IHttpDirectResponse; if (httpMessage != null) { encodedResponse.Status = httpMessage.HttpStatusCode; } return(encodedResponse); }
/// <summary> /// Prepares a message for sending based on the rules of this channel binding element. /// </summary> /// <param name="message">The message to prepare for sending.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> public MessageProtections? ProcessOutgoingMessage(IProtocolMessage message) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Signing {0} message.", message.GetType().Name); Association association = this.GetAssociation(signedMessage); signedMessage.AssociationHandle = association.Handle; signedMessage.SignedParameterOrder = this.GetSignedParameterOrder(signedMessage); signedMessage.Signature = this.GetSignature(signedMessage, association); return MessageProtections.TamperProtection; } return null; }
protected virtual void ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { if (Logger.Channel.IsInfoEnabled()) // 日志记录 { var messageAccessor = this.MessageDescriptions.GetAccessor(message, true); Logger.Channel.InfoFormat( "Processing incoming {0} ({1}) message:{2}{3}", message.GetType().Name, message.Version, Environment.NewLine, messageAccessor.ToStringDeferred()); } if (this.IncomingMessageFilter != null) { this.IncomingMessageFilter(message); } MessageProtections appliedProtection = MessageProtections.None; foreach (IChannelBindingElement bindingElement in this.IncomingBindingElements) { Assumes.True(bindingElement.Channel != null); MessageProtections?elementProtection = bindingElement.ProcessIncomingMessageAsync(message, cancellationToken); if (elementProtection.HasValue) { Logger.Bindings.DebugFormat("Binding element {0} applied to message.", bindingElement.GetType().FullName); if ((appliedProtection & elementProtection.Value) != 0) { Logger.Bindings.WarnFormat(MessagingStrings.TooManyBindingsOfferingSameProtection, elementProtection.Value); } appliedProtection |= elementProtection.Value; } else { Logger.Bindings.DebugFormat("Binding element {0} did not apply to message.", bindingElement.GetType().FullName); } } if ((message.RequiredProtection & appliedProtection) != message.RequiredProtection) { throw new UnprotectedMessageException(message, appliedProtection); } IMessageWithEvents eventedMessage = message as IMessageWithEvents; if (eventedMessage != null) { eventedMessage.OnReceiving(); } if (Logger.Channel.IsDebugEnabled()) // 日志记录 { var messageAccessor = this.MessageDescriptions.GetAccessor(message); Logger.Channel.DebugFormat( "After binding element processing, the received {0} ({1}) message is: {2}{3}", message.GetType().Name, message.Version, Environment.NewLine, messageAccessor.ToStringDeferred()); } message.EnsureValidMessage(); }
/// <summary> /// Performs any transformation on an incoming message that may be necessary and/or /// validates an incoming message based on the rules of this channel binding element. /// </summary> /// <param name="message">The incoming message to process.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> /// <exception cref="ProtocolException"> /// Thrown when the binding element rules indicate that this message is invalid and should /// NOT be processed. /// </exception> public MessageProtections? ProcessIncomingMessage(IProtocolMessage message) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Verifying incoming {0} message signature of: {1}", message.GetType().Name, signedMessage.Signature); MessageProtections protectionsApplied = MessageProtections.TamperProtection; this.EnsureParametersRequiringSignatureAreSigned(signedMessage); Association association = this.GetSpecificAssociation(signedMessage); if (association != null) { string signature = this.GetSignature(signedMessage, association); if (!MessagingUtilities.EqualsConstantTime(signedMessage.Signature, signature)) { Logger.Bindings.Error("Signature verification failed."); throw new InvalidSignatureException(message); } } else { ErrorUtilities.VerifyInternal(this.Channel != null, "Cannot verify private association signature because we don't have a channel."); // If we're on the Provider, then the RP sent us a check_auth with a signature // we don't have an association for. (It may have expired, or it may be a faulty RP). if (this.IsOnProvider) { throw new InvalidSignatureException(message); } // We did not recognize the association the provider used to sign the message. // Ask the provider to check the signature then. var indirectSignedResponse = (IndirectSignedResponse)signedMessage; var checkSignatureRequest = new CheckAuthenticationRequest(indirectSignedResponse, this.Channel); var checkSignatureResponse = this.Channel.Request<CheckAuthenticationResponse>(checkSignatureRequest); if (!checkSignatureResponse.IsValid) { Logger.Bindings.Error("Provider reports signature verification failed."); throw new InvalidSignatureException(message); } // If the OP confirms that a handle should be invalidated as well, do that. if (!string.IsNullOrEmpty(checkSignatureResponse.InvalidateHandle)) { if (this.rpAssociations != null) { this.rpAssociations.RemoveAssociation(indirectSignedResponse.ProviderEndpoint, checkSignatureResponse.InvalidateHandle); } } // When we're in dumb mode we can't provide our own replay protection, // but for OpenID 2.0 Providers we can rely on them providing it as part // of signature verification. if (message.Version.Major >= 2) { protectionsApplied |= MessageProtections.ReplayProtection; } } return protectionsApplied; } return null; }
protected virtual IProtocolMessage Receive(Dictionary <string, string> fields, MessageReceivingEndpoint recipient) { this.FilterReceivedFields(fields); IProtocolMessage message = this.MessageFactory.GetNewRequestMessage(recipient, fields); // 创建对象实例 if (message == null) { return(null); } var directedMessage = message as IDirectedProtocolMessage; ErrorUtilities.VerifyProtocol(recipient == null || (directedMessage != null && (recipient.AllowedMethods & directedMessage.HttpMethods) != 0), MessagingStrings.UnsupportedHttpVerbForMessageType, message.GetType().Name, recipient.AllowedMethods); var messageAccessor = this.MessageDescriptions.GetAccessor(message); // 简单获取MessageDictionary messageAccessor.Deserialize(fields); // 给对象填充参数值 return(message); }
/// <summary> /// Performs any transformation on an incoming message that may be necessary and/or /// validates an incoming message based on the rules of this channel binding element. /// </summary> /// <param name="message">The incoming message to process.</param> /// <returns> /// True if the <paramref name="message"/> applied to this binding element /// and the operation was successful. False if the operation did not apply to this message. /// </returns> /// <exception cref="ProtocolException"> /// Thrown when the binding element rules indicate that this message is invalid and should /// NOT be processed. /// </exception> public bool PrepareMessageForReceiving(IProtocolMessage message) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.DebugFormat("Verifying incoming {0} message signature of: {1}", message.GetType().Name, signedMessage.Signature); EnsureParametersRequiringSignatureAreSigned(signedMessage); Association association = this.GetSpecificAssociation(signedMessage); if (association != null) { string signature = GetSignature(signedMessage, association); if (!string.Equals(signedMessage.Signature, signature, StringComparison.Ordinal)) { Logger.Error("Signature verification failed."); throw new InvalidSignatureException(message); } } else { ErrorUtilities.VerifyInternal(this.Channel != null, "Cannot verify private association signature because we don't have a channel."); // We did not recognize the association the provider used to sign the message. // Ask the provider to check the signature then. var indirectSignedResponse = (IndirectSignedResponse)signedMessage; var checkSignatureRequest = new CheckAuthenticationRequest(indirectSignedResponse); var checkSignatureResponse = this.Channel.Request <CheckAuthenticationResponse>(checkSignatureRequest); if (!checkSignatureResponse.IsValid) { Logger.Error("Provider reports signature verification failed."); throw new InvalidSignatureException(message); } // If the OP confirms that a handle should be invalidated as well, do that. if (!string.IsNullOrEmpty(checkSignatureResponse.InvalidateHandle)) { if (this.rpAssociations != null) { this.rpAssociations.RemoveAssociation(indirectSignedResponse.ProviderEndpoint, checkSignatureResponse.InvalidateHandle); } } } return(true); } return(false); }
/// <summary> /// Performs any transformation on an incoming message that may be necessary and/or /// validates an incoming message based on the rules of this channel binding element. /// </summary> /// <param name="message">The incoming message to process.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> /// <exception cref="ProtocolException"> /// Thrown when the binding element rules indicate that this message is invalid and should /// NOT be processed. /// </exception> public async Task <MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Verifying incoming {0} message signature of: {1}", message.GetType().Name, signedMessage.Signature); MessageProtections protectionsApplied = MessageProtections.TamperProtection; this.EnsureParametersRequiringSignatureAreSigned(signedMessage); Association association = this.GetSpecificAssociation(signedMessage); if (association != null) { string signature = this.GetSignature(signedMessage, association); if (!MessagingUtilities.EqualsConstantTime(signedMessage.Signature, signature)) { Logger.Bindings.Error("Signature verification failed."); throw new InvalidSignatureException(message); } } else { ErrorUtilities.VerifyInternal(this.Channel != null, "Cannot verify private association signature because we don't have a channel."); protectionsApplied = await this.VerifySignatureByUnrecognizedHandleAsync(message, signedMessage, protectionsApplied, cancellationToken); } return(protectionsApplied); } return(null); }
/// <summary> /// Verifies the signature on an incoming message. /// </summary> /// <param name="message">The message whose signature should be verified.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> /// <exception cref="InvalidSignatureException">Thrown if the signature is invalid.</exception> public MessageProtections? ProcessIncomingMessage(IProtocolMessage message) { var signedMessage = message as ITamperResistantOAuthMessage; if (signedMessage != null && this.IsMessageApplicable(signedMessage)) { Logger.Bindings.DebugFormat("Verifying incoming {0} message signature of: {1}", message.GetType().Name, signedMessage.Signature); if (!string.Equals(signedMessage.SignatureMethod, this.signatureMethod, StringComparison.Ordinal)) { Logger.Bindings.WarnFormat("Expected signature method '{0}' but received message with a signature method of '{1}'.", this.signatureMethod, signedMessage.SignatureMethod); return MessageProtections.None; } if (this.SignatureCallback != null) { this.SignatureCallback(signedMessage); } else { Logger.Bindings.Warn("Signature verification required, but callback delegate was not provided to provide additional data for signature verification."); } if (!this.IsSignatureValid(signedMessage)) { Logger.Bindings.Error("Signature verification failed."); throw new InvalidSignatureException(message); } return MessageProtections.TamperProtection; } return null; }
/// <summary> /// Performs any transformation on an incoming message that may be necessary and/or /// validates an incoming message based on the rules of this channel binding element. /// </summary> /// <param name="message">The incoming message to process.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> /// <exception cref="ProtocolException"> /// Thrown when the binding element rules indicate that this message is invalid and should /// NOT be processed. /// </exception> /// <remarks> /// Implementations that provide message protection must honor the /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable. /// </remarks> public MessageProtections? ProcessIncomingMessage(IProtocolMessage message) { IndirectSignedResponse response = message as IndirectSignedResponse; if (response != null && response.Version.Major < 2) { // GetReturnToArgument may return parameters that are not signed, // but we must allow for that since in OpenID 1.x, a stateless RP has // no way to preserve the provider endpoint and claimed identifier otherwise. // We'll verify the positive assertion later in the // RelyingParty.PositiveAuthenticationResponse constructor anyway. // If this is a 1.0 OP signed response without these parameters then we didn't initiate // the request ,and since 1.0 OPs are not supposed to be able to send unsolicited // assertions it's an invalid case that we throw an exception for. if (response.ProviderEndpoint == null) { string op_endpoint = response.GetReturnToArgument(ProviderEndpointParameterName); ErrorUtilities.VerifyProtocol(op_endpoint != null, MessagingStrings.RequiredParametersMissing, message.GetType().Name, ProviderEndpointParameterName); response.ProviderEndpoint = new Uri(op_endpoint); } PositiveAssertionResponse authResponse = response as PositiveAssertionResponse; if (authResponse != null) { if (authResponse.ClaimedIdentifier == null) { string claimedId = response.GetReturnToArgument(ClaimedIdentifierParameterName); ErrorUtilities.VerifyProtocol(claimedId != null, MessagingStrings.RequiredParametersMissing, message.GetType().Name, ClaimedIdentifierParameterName); authResponse.ClaimedIdentifier = claimedId; } } return MessageProtections.None; } return null; }
/// <summary> /// Performs any transformation on an incoming message that may be necessary and/or /// validates an incoming message based on the rules of this channel binding element. /// </summary> /// <param name="message">The incoming message to process.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> /// <exception cref="ProtocolException"> /// Thrown when the binding element rules indicate that this message is invalid and should /// NOT be processed. /// </exception> /// <remarks> /// Implementations that provide message protection must honor the /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable. /// </remarks> public Task<MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Skipped security checks of incoming {0} message for preview purposes.", message.GetType().Name); return Task.FromResult<MessageProtections?>(this.Protection); } return NullTask; }
public Task <MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { IndirectSignedResponse response = message as IndirectSignedResponse; if (response != null && response.Version.Major < 2) { // GetReturnToArgument may return parameters that are not signed, // but we must allow for that since in OpenID 1.x, a stateless RP has // no way to preserve the provider endpoint and claimed identifier otherwise. // We'll verify the positive assertion later in the // RelyingParty.PositiveAuthenticationResponse constructor anyway. // If this is a 1.0 OP signed response without these parameters then we didn't initiate // the request ,and since 1.0 OPs are not supposed to be able to send unsolicited // assertions it's an invalid case that we throw an exception for. if (response.ProviderEndpoint == null) { string op_endpoint = response.GetReturnToArgument(ProviderEndpointParameterName); ErrorUtilities.VerifyProtocol(op_endpoint != null, MessagingStrings.RequiredParametersMissing, message.GetType().Name, ProviderEndpointParameterName); response.ProviderEndpoint = new Uri(op_endpoint); } PositiveAssertionResponse authResponse = response as PositiveAssertionResponse; if (authResponse != null) { if (authResponse.ClaimedIdentifier == null) { string claimedId = response.GetReturnToArgument(ClaimedIdentifierParameterName); ErrorUtilities.VerifyProtocol(claimedId != null, MessagingStrings.RequiredParametersMissing, message.GetType().Name, ClaimedIdentifierParameterName); authResponse.ClaimedIdentifier = claimedId; } } return(NoneTask); } return(NullTask); }
/// <summary> /// Performs any transformation on an incoming message that may be necessary and/or /// validates an incoming message based on the rules of this channel binding element. /// </summary> /// <param name="message">The incoming message to process.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> /// <exception cref="ProtocolException"> /// Thrown when the binding element rules indicate that this message is invalid and should /// NOT be processed. /// </exception> public MessageProtections?ProcessIncomingMessage(IProtocolMessage message) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Verifying incoming {0} message signature of: {1}", message.GetType().Name, signedMessage.Signature); MessageProtections protectionsApplied = MessageProtections.TamperProtection; this.EnsureParametersRequiringSignatureAreSigned(signedMessage); Association association = this.GetSpecificAssociation(signedMessage); if (association != null) { string signature = this.GetSignature(signedMessage, association); if (!MessagingUtilities.EqualsConstantTime(signedMessage.Signature, signature)) { Logger.Bindings.Error("Signature verification failed."); throw new InvalidSignatureException(message); } } else { ErrorUtilities.VerifyInternal(this.Channel != null, "Cannot verify private association signature because we don't have a channel."); // If we're on the Provider, then the RP sent us a check_auth with a signature // we don't have an association for. (It may have expired, or it may be a faulty RP). if (this.IsOnProvider) { throw new InvalidSignatureException(message); } // We did not recognize the association the provider used to sign the message. // Ask the provider to check the signature then. var indirectSignedResponse = (IndirectSignedResponse)signedMessage; var checkSignatureRequest = new CheckAuthenticationRequest(indirectSignedResponse, this.Channel); var checkSignatureResponse = this.Channel.Request <CheckAuthenticationResponse>(checkSignatureRequest); if (!checkSignatureResponse.IsValid) { Logger.Bindings.Error("Provider reports signature verification failed."); throw new InvalidSignatureException(message); } // If the OP confirms that a handle should be invalidated as well, do that. if (!string.IsNullOrEmpty(checkSignatureResponse.InvalidateHandle)) { if (this.rpAssociations != null) { this.rpAssociations.RemoveAssociation(indirectSignedResponse.ProviderEndpoint, checkSignatureResponse.InvalidateHandle); } } // When we're in dumb mode we can't provide our own replay protection, // but for OpenID 2.0 Providers we can rely on them providing it as part // of signature verification. if (message.Version.Major >= 2) { protectionsApplied |= MessageProtections.ReplayProtection; } } return(protectionsApplied); } return(null); }
/// <summary> /// Initializes a new instance of the <see cref="UnprotectedMessageException"/> class. /// </summary> /// <param name="faultedMessage">The message whose protection requirements could not be met.</param> /// <param name="appliedProtection">The protection requirements that were fulfilled.</param> internal UnprotectedMessageException(IProtocolMessage faultedMessage, MessageProtections appliedProtection) : base(string.Format(CultureInfo.CurrentCulture, MessagingStrings.InsufficientMessageProtection, faultedMessage.GetType().Name, faultedMessage.RequiredProtection, appliedProtection), faultedMessage) { }
/// <summary> /// Gets the protocol message embedded in the given HTTP request, if present. /// </summary> /// <typeparam name="TRequest">The expected type of the message to be received.</typeparam> /// <param name="httpRequest">The request to search for an embedded message.</param> /// <param name="request">The deserialized message, if one is found. Null otherwise.</param> /// <returns>True if the expected message was recognized and deserialized. False otherwise.</returns> /// <exception cref="InvalidOperationException">Thrown when <see cref="HttpContext.Current"/> is null.</exception> /// <exception cref="ProtocolException">Thrown when a request message of an unexpected type is received.</exception> public bool TryReadFromRequest <TRequest>(HttpRequestInfo httpRequest, out TRequest request) where TRequest : class, IProtocolMessage { IProtocolMessage untypedRequest = this.ReadFromRequest(httpRequest); if (untypedRequest == null) { request = null; return(false); } request = untypedRequest as TRequest; ErrorUtilities.VerifyProtocol(request != null, MessagingStrings.UnexpectedMessageReceived, typeof(TRequest), untypedRequest.GetType()); return(true); }
/// <summary> /// Signs the outgoing message. /// </summary> /// <param name="message">The message to sign.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> public MessageProtections? ProcessOutgoingMessage(IProtocolMessage message) { var signedMessage = message as ITamperResistantOAuthMessage; if (signedMessage != null && this.IsMessageApplicable(signedMessage)) { if (this.SignatureCallback != null) { this.SignatureCallback(signedMessage); } else { Logger.Bindings.Warn("Signing required, but callback delegate was not provided to provide additional data for signing."); } signedMessage.SignatureMethod = this.signatureMethod; Logger.Bindings.DebugFormat("Signing {0} message using {1}.", message.GetType().Name, this.signatureMethod); signedMessage.Signature = this.GetSignature(signedMessage); return MessageProtections.TamperProtection; } return null; }
/// <summary> /// Performs any transformation on an incoming message that may be necessary and/or /// validates an incoming message based on the rules of this channel binding element. /// </summary> /// <param name="message">The incoming message to process.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> /// <exception cref="ProtocolException"> /// Thrown when the binding element rules indicate that this message is invalid and should /// NOT be processed. /// </exception> /// <remarks> /// Implementations that provide message protection must honor the /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable. /// </remarks> public MessageProtections?ProcessIncomingMessage(IProtocolMessage message) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Skipped security checks of incoming {0} message for preview purposes.", message.GetType().Name); return(this.Protection); } return(null); }
/// <summary> /// 读取httpRequest信息转换为TRequest /// </summary> /// <typeparam name="TRequest"></typeparam> /// <param name="httpRequest"></param> /// <param name="cancellationToken"></param> /// <returns></returns> public TRequest TryReadFromRequestAsync <TRequest>(HttpRequestMessage httpRequest, CancellationToken cancellationToken) where TRequest : class, IProtocolMessage { IProtocolMessage untypeRequest = this.ReadFromRequestAsync(httpRequest, cancellationToken); if (untypeRequest == null) { return(null); } var request = untypeRequest as TRequest; ErrorUtilities.VerifyProtocol(request != null, MessagingStrings.UnexpectedMessageReceived, typeof(TRequest), untypeRequest.GetType()); return(request); }
public Task <MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { var signedMessage = message as ITamperResistantOAuthMessage; if (signedMessage != null && this.IsMessageApplicable(signedMessage)) { Logger.Bindings.DebugFormat("Verifying incoming {0} message signature of: {1}", message.GetType().Name, signedMessage.Signature); if (!string.Equals(signedMessage.SignatureMethod, this.signatureMethod, StringComparison.Ordinal)) { Logger.Bindings.WarnFormat("Expected signature method '{0}' but received message with a signature method of '{1}'.", this.signatureMethod, signedMessage.SignatureMethod); return(MessageProtectionTasks.None); } if (this.SignatureCallback != null) { this.SignatureCallback(signedMessage); } else { Logger.Bindings.Warn("Signature verification required, but callback delegate was not provided to provide additional data for signature verification."); } if (!this.IsSignatureValid(signedMessage)) { Logger.Bindings.Error("Signature verification failed."); throw new InvalidSignatureException(message); } return(MessageProtectionTasks.TamperProtection); } return(MessageProtectionTasks.Null); }
public TResponse RequestAsync <TResponse>(IDirectedProtocolMessage requestMessage, CancellationToken cancellationToken) where TResponse : class, IProtocolMessage { IProtocolMessage response = this.RequestAsync(requestMessage, cancellationToken); ErrorUtilities.VerifyProtocol(response != null, MessagingStrings.ExpectedMessageNotReceived, typeof(TResponse)); var expectedResponse = response as TResponse; ErrorUtilities.VerifyProtocol(expectedResponse != null, MessagingStrings.UnexpectedMessageReceived, typeof(TResponse), response.GetType()); return(expectedResponse); }
public UnprotectedMessageException(IProtocolMessage faultedMessage, MessageProtections appliedProtection) : base(string.Format(CultureInfo.CurrentCulture, MessagingStrings.InsufficientMessageProtection, faultedMessage.GetType().Name, faultedMessage.RequiredProtection, appliedProtection), faultedMessage) { }
/// <summary> /// Performs any transformation on an incoming message that may be necessary and/or /// validates an incoming message based on the rules of this channel binding element. /// </summary> /// <param name="message">The incoming message to process.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The protections (if any) that this binding element applied to the message. /// Null if this binding element did not even apply to this binding element. /// </returns> /// <exception cref="ProtocolException"> /// Thrown when the binding element rules indicate that this message is invalid and should /// NOT be processed. /// </exception> /// <remarks> /// Implementations that provide message protection must honor the /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable. /// </remarks> public Task <MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { var signedMessage = message as ITamperResistantOpenIdMessage; if (signedMessage != null) { Logger.Bindings.DebugFormat("Skipped security checks of incoming {0} message for preview purposes.", message.GetType().Name); return(Task.FromResult <MessageProtections?>(this.Protection)); } return(NullTask); }