/// <summary>
/// Initializes the binding elements.
/// </summary>
/// <param name="cryptoKeyStore">The crypto key store.</param>
/// <param name="nonceStore">The nonce store to use.</param>
/// <param name="securitySettings">The security settings to apply. Must be an instance of either <see cref="RelyingPartySecuritySettings"/> or ProviderSecuritySettings.</param>
/// <param name="nonVerifying">A value indicating whether the channel is set up with no functional security binding elements.</param>
/// <returns>
/// An array of binding elements which may be used to construct the channel.
/// </returns>
private static IChannelBindingElement[] InitializeBindingElements(ICryptoKeyStore cryptoKeyStore, INonceStore nonceStore, RelyingPartySecuritySettings securitySettings, bool nonVerifying)
{
Requires.NotNull(securitySettings, "securitySettings");
SigningBindingElement signingElement;
signingElement = nonVerifying ? null : new RelyingPartySigningBindingElement(new CryptoKeyStoreAsRelyingPartyAssociationStore(cryptoKeyStore ?? new MemoryCryptoKeyStore()));
var extensionFactory = OpenIdExtensionFactoryAggregator.LoadFromConfiguration();
List <IChannelBindingElement> elements = new List <IChannelBindingElement>(8);
elements.Add(new ExtensionsBindingElementRelyingParty(extensionFactory, securitySettings));
elements.Add(new RelyingPartySecurityOptions(securitySettings));
elements.Add(new BackwardCompatibilityBindingElement());
ReturnToNonceBindingElement requestNonceElement = null;
if (cryptoKeyStore != null)
{
if (nonceStore != null)
{
// There is no point in having a ReturnToNonceBindingElement without
// a ReturnToSignatureBindingElement because the nonce could be
// artificially changed without it.
requestNonceElement = new ReturnToNonceBindingElement(nonceStore, securitySettings);
elements.Add(requestNonceElement);
}
// It is important that the return_to signing element comes last
// so that the nonce is included in the signature.
elements.Add(new ReturnToSignatureBindingElement(cryptoKeyStore));
}
ErrorUtilities.VerifyOperation(!securitySettings.RejectUnsolicitedAssertions || requestNonceElement != null, OpenIdStrings.UnsolicitedAssertionRejectionRequiresNonceStore);
if (nonVerifying)
{
elements.Add(new SkipSecurityBindingElement());
}
else
{
if (nonceStore != null)
{
elements.Add(new StandardReplayProtectionBindingElement(nonceStore, true));
}
elements.Add(new StandardExpirationBindingElement());
elements.Add(signingElement);
}
return(elements.ToArray());
}
/// <summary>
/// Initializes the binding elements.
/// </summary>
/// <param name="cryptoKeyStore">The OpenID Provider's crypto key store.</param>
/// <param name="nonceStore">The nonce store to use.</param>
/// <param name="securitySettings">The security settings to apply. Must be an instance of either RelyingPartySecuritySettings or ProviderSecuritySettings.</param>
/// <returns>
/// An array of binding elements which may be used to construct the channel.
/// </returns>
private static IChannelBindingElement[] InitializeBindingElements(IProviderAssociationStore cryptoKeyStore, INonceStore nonceStore, ProviderSecuritySettings securitySettings)
{
Requires.NotNull(cryptoKeyStore, "cryptoKeyStore");
Requires.NotNull(securitySettings, "securitySettings");
Requires.NotNull(nonceStore, "nonceStore");
SigningBindingElement signingElement;
signingElement = new ProviderSigningBindingElement(cryptoKeyStore, securitySettings);
var extensionFactory = OpenIdExtensionFactoryAggregator.LoadFromConfiguration();
List <IChannelBindingElement> elements = new List <IChannelBindingElement>(8);
elements.Add(new ExtensionsBindingElement(extensionFactory, securitySettings, true));
elements.Add(new StandardReplayProtectionBindingElement(nonceStore, true));
elements.Add(new StandardExpirationBindingElement());
elements.Add(signingElement);
return(elements.ToArray());
}
private static IChannelBindingElement[] InitializeBindingElements <T>(IAssociationStore <T> associationStore, INonceStore nonceStore, SecuritySettings securitySettings, bool nonVerifying)
{
Contract.Requires <ArgumentNullException>(securitySettings != null);
Contract.Requires <ArgumentException>(!nonVerifying || securitySettings is RelyingPartySecuritySettings);
var rpSecuritySettings = securitySettings as RelyingPartySecuritySettings;
var opSecuritySettings = securitySettings as ProviderSecuritySettings;
ErrorUtilities.VerifyInternal(rpSecuritySettings != null || opSecuritySettings != null, "Expected an RP or OP security settings instance.");
ErrorUtilities.VerifyInternal(!nonVerifying || rpSecuritySettings != null, "Non-verifying channels can only be constructed for relying parties.");
bool isRelyingPartyRole = rpSecuritySettings != null;
var rpAssociationStore = associationStore as IAssociationStore <Uri>;
var opAssociationStore = associationStore as IAssociationStore <AssociationRelyingPartyType>;
ErrorUtilities.VerifyInternal(isRelyingPartyRole || opAssociationStore != null, "Providers MUST have an association store.");
SigningBindingElement signingElement;
if (isRelyingPartyRole)
{
signingElement = nonVerifying ? null : new SigningBindingElement(rpAssociationStore);
}
else
{
signingElement = new SigningBindingElement(opAssociationStore, opSecuritySettings);
}
var extensionFactory = OpenIdExtensionFactoryAggregator.LoadFromConfiguration();
List <IChannelBindingElement> elements = new List <IChannelBindingElement>(8);
elements.Add(new ExtensionsBindingElement(extensionFactory, securitySettings));
if (isRelyingPartyRole)
{
elements.Add(new RelyingPartySecurityOptions(rpSecuritySettings));
elements.Add(new BackwardCompatibilityBindingElement());
ReturnToNonceBindingElement requestNonceElement = null;
if (associationStore != null)
{
if (nonceStore != null)
{
// There is no point in having a ReturnToNonceBindingElement without
// a ReturnToSignatureBindingElement because the nonce could be
// artificially changed without it.
requestNonceElement = new ReturnToNonceBindingElement(nonceStore, rpSecuritySettings);
elements.Add(requestNonceElement);
}
// It is important that the return_to signing element comes last
// so that the nonce is included in the signature.
elements.Add(new ReturnToSignatureBindingElement(rpAssociationStore, rpSecuritySettings));
}
ErrorUtilities.VerifyOperation(!rpSecuritySettings.RejectUnsolicitedAssertions || requestNonceElement != null, OpenIdStrings.UnsolicitedAssertionRejectionRequiresNonceStore);
}
else
{
// Providers must always have a nonce store.
ErrorUtilities.VerifyArgumentNotNull(nonceStore, "nonceStore");
}
if (nonVerifying)
{
elements.Add(new SkipSecurityBindingElement());
}
else
{
if (nonceStore != null)
{
elements.Add(new StandardReplayProtectionBindingElement(nonceStore, true));
}
elements.Add(new StandardExpirationBindingElement());
elements.Add(signingElement);
}
return(elements.ToArray());
}
