/// <summary>
/// Gets the dictionary of message parts that should be deserialized into extensions.
/// </summary>
/// <param name="message">The message.</param>
/// <param name="ignoreUnsigned">If set to <c>true</c> only signed extensions will be available.</param>
/// <returns>
/// A dictionary of message parts, including only signed parts when appropriate.
/// </returns>
private IDictionary <string, string> GetExtensionsDictionary(IProtocolMessage message, bool ignoreUnsigned)
{
RequiresEx.ValidState(this.Channel != null);
IndirectSignedResponse signedResponse = message as IndirectSignedResponse;
if (signedResponse != null && ignoreUnsigned)
{
return(signedResponse.GetSignedMessageParts(this.Channel));
}
else
{
return(this.Channel.MessageDescriptions.GetAccessor(message));
}
}
/// <summary>
/// Gets the dictionary of message parts that should be deserialized into extensions.
/// </summary>
/// <param name="message">The message.</param>
/// <returns>A dictionary of message parts, including only signed parts when appropriate.</returns>
private IDictionary <string, string> GetExtensionsDictionary(IProtocolMessage message)
{
// An IndirectSignedResponse message (the only one we care to filter parts for)
// can be received both by RPs and OPs (during check_auth).
// Whichever party is reading the extensions, apply their security policy regarding
// signing. (Although OPs have no reason to deserialize extensions during check_auth)
// so that scenario might be optimized away eventually.
bool extensionsShouldBeSigned = this.rpSecuritySettings != null ? !this.rpSecuritySettings.AllowUnsignedIncomingExtensions : this.opSecuritySettings.SignOutgoingExtensions;
IndirectSignedResponse signedResponse = message as IndirectSignedResponse;
if (signedResponse != null && extensionsShouldBeSigned)
{
return(signedResponse.GetSignedMessageParts());
}
else
{
return(new MessageDictionary(message));
}
}