private OpenIdRelyingParty(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, IHostFactories hostFactories) { // If we are a smart-mode RP (supporting associations), then we MUST also be // capable of storing nonces to prevent replay attacks. // If we're a dumb-mode RP, then 2.0 OPs are responsible for preventing replays. Requires.That(cryptoKeyStore == null || nonceStore != null, null, OpenIdStrings.AssociationStoreRequiresNonceStore); this.securitySettings = OpenIdElement.Configuration.RelyingParty.SecuritySettings.CreateSecuritySettings(); this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in OpenIdElement.Configuration.RelyingParty.Behaviors.CreateInstances(false, null)) { this.behaviors.Add(behavior); } // Without a nonce store, we must rely on the Provider to protect against // replay attacks. But only 2.0+ Providers can be expected to provide // replay protection. if (nonceStore == null && this.SecuritySettings.ProtectDownlevelReplayAttacks && this.SecuritySettings.MinimumRequiredOpenIdVersion < ProtocolVersion.V20) { Logger.OpenId.Warn("Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks."); this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20; } this.channel = new OpenIdRelyingPartyChannel(cryptoKeyStore, nonceStore, this.SecuritySettings, hostFactories); var associationStore = cryptoKeyStore != null ? new CryptoKeyStoreAsRelyingPartyAssociationStore(cryptoKeyStore) : null; this.AssociationManager = new AssociationManager(this.Channel, associationStore, this.SecuritySettings); this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, cryptoKeyStore, nonceStore); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProvider"/> class. /// </summary> /// <param name="nonceStore">The nonce store to use. Cannot be null.</param> /// <param name="cryptoKeyStore">The crypto key store. Cannot be null.</param> private OpenIdProvider(INonceStore nonceStore, ICryptoKeyStore cryptoKeyStore) { Requires.NotNull(nonceStore, "nonceStore"); Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); this.SecuritySettings = OpenIdElement.Configuration.Provider.SecuritySettings.CreateSecuritySettings(); this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in OpenIdElement.Configuration.Provider.Behaviors.CreateInstances(false)) { this.behaviors.Add(behavior); } this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings); this.CryptoKeyStore = cryptoKeyStore; this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, nonceStore); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdProvider" /> class. /// </summary> /// <param name="nonceStore">The nonce store to use. Cannot be null.</param> /// <param name="cryptoKeyStore">The crypto key store. Cannot be null.</param> /// <param name="hostFactories">The host factories.</param> private OpenIdProvider(INonceStore nonceStore, ICryptoKeyStore cryptoKeyStore, IHostFactories hostFactories) { Requires.NotNull(nonceStore, "nonceStore"); Requires.NotNull(cryptoKeyStore, "cryptoKeyStore"); this.SecuritySettings = OpenIdElement.Configuration.Provider.SecuritySettings.CreateSecuritySettings(); this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in OpenIdElement.Configuration.Provider.Behaviors.CreateInstances(false, null)) { this.behaviors.Add(behavior); } this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings, hostFactories); this.CryptoKeyStore = cryptoKeyStore; this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, nonceStore); }