/// <summary>
/// Creates an association request message that is appropriate for a given Provider.
/// </summary>
/// <param name="securityRequirements">The set of requirements the selected association type must comply to.</param>
/// <param name="provider">The provider to create an association with.</param>
/// <param name="associationType">Type of the association.</param>
/// <param name="sessionType">Type of the session.</param>
/// <returns>
/// The message to send to the Provider to request an association.
/// Null if no association could be created that meet the security requirements
/// and the provider OpenID version.
/// </returns>
internal static AssociateRequest Create(SecuritySettings securityRequirements, IProviderEndpoint provider, string associationType, string sessionType)
{
Requires.NotNull(securityRequirements, "securityRequirements");
Requires.NotNull(provider, "provider");
Requires.NotNullOrEmpty(associationType, "associationType");
Requires.NotNull(sessionType, "sessionType");
bool unencryptedAllowed = provider.Uri.IsTransportSecure();
if (unencryptedAllowed)
{
var associateRequest = new AssociateUnencryptedRequest(provider.Version, provider.Uri);
associateRequest.AssociationType = associationType;
return(associateRequest);
}
else
{
if (OpenIdUtilities.IsDiffieHellmanPresent)
{
var associateRequest = new AssociateDiffieHellmanRequest(provider.Version, provider.Uri);
associateRequest.AssociationType = associationType;
associateRequest.SessionType = sessionType;
associateRequest.InitializeRequest();
return(associateRequest);
}
else
{
return(null);
}
}
}
public async Task AssociateDiffieHellmanOverHttps() {
Protocol protocol = Protocol.V20;
this.RegisterAutoProvider();
var rp = this.CreateRelyingParty();
// We have to formulate the associate request manually,
// since the DNOI RP won't voluntarily use DH on HTTPS.
var request = new AssociateDiffieHellmanRequest(protocol.Version, OPUri) {
AssociationType = protocol.Args.SignatureAlgorithm.HMAC_SHA256,
SessionType = protocol.Args.SessionType.DH_SHA256
};
request.InitializeRequest();
var response = await rp.Channel.RequestAsync<AssociateSuccessfulResponse>(request, CancellationToken.None);
Assert.IsNotNull(response);
Assert.AreEqual(request.AssociationType, response.AssociationType);
Assert.AreEqual(request.SessionType, response.SessionType);
}
public void AssociateDiffieHellmanOverHttps() {
Protocol protocol = Protocol.V20;
OpenIdCoordinator coordinator = new OpenIdCoordinator(
rp => {
// We have to formulate the associate request manually,
// since the DNOI RP won't voluntarily use DH on HTTPS.
AssociateDiffieHellmanRequest request = new AssociateDiffieHellmanRequest(protocol.Version, new Uri("https://Provider"));
request.AssociationType = protocol.Args.SignatureAlgorithm.HMAC_SHA256;
request.SessionType = protocol.Args.SessionType.DH_SHA256;
request.InitializeRequest();
var response = rp.Channel.Request<AssociateSuccessfulResponse>(request);
Assert.IsNotNull(response);
Assert.AreEqual(request.AssociationType, response.AssociationType);
Assert.AreEqual(request.SessionType, response.SessionType);
},
AutoProvider);
coordinator.Run();
}
/// <summary>
/// Creates an association request message that is appropriate for a given Provider.
/// </summary>
/// <param name="securityRequirements">The set of requirements the selected association type must comply to.</param>
/// <param name="provider">The provider to create an association with.</param>
/// <param name="associationType">Type of the association.</param>
/// <param name="sessionType">Type of the session.</param>
/// <returns>
/// The message to send to the Provider to request an association.
/// Null if no association could be created that meet the security requirements
/// and the provider OpenID version.
/// </returns>
internal static AssociateRequest Create(SecuritySettings securityRequirements, IProviderEndpoint provider, string associationType, string sessionType) {
Requires.NotNull(securityRequirements, "securityRequirements");
Requires.NotNull(provider, "provider");
Requires.NotNullOrEmpty(associationType, "associationType");
Requires.NotNull(sessionType, "sessionType");
bool unencryptedAllowed = provider.Uri.IsTransportSecure();
if (unencryptedAllowed) {
var associateRequest = new AssociateUnencryptedRequest(provider.Version, provider.Uri);
associateRequest.AssociationType = associationType;
return associateRequest;
} else {
if (OpenIdUtilities.IsDiffieHellmanPresent) {
var associateRequest = new AssociateDiffieHellmanRequest(provider.Version, provider.Uri);
associateRequest.AssociationType = associationType;
associateRequest.SessionType = sessionType;
associateRequest.InitializeRequest();
return associateRequest;
} else {
return null;
}
}
}
/// <summary>
/// Creates an association request message that is appropriate for a given Provider.
/// </summary>
/// <param name="securityRequirements">The set of requirements the selected association type must comply to.</param>
/// <param name="provider">The provider to create an association with.</param>
/// <param name="associationType">Type of the association.</param>
/// <param name="sessionType">Type of the session.</param>
/// <returns>
/// The message to send to the Provider to request an association.
/// Null if no association could be created that meet the security requirements
/// and the provider OpenID version.
/// </returns>
internal static AssociateRequest Create(SecuritySettings securityRequirements, IProviderEndpoint provider, string associationType, string sessionType)
{
Contract.Requires <ArgumentNullException>(securityRequirements != null);
Contract.Requires <ArgumentNullException>(provider != null);
Contract.Requires <ArgumentException>(!String.IsNullOrEmpty(associationType));
Contract.Requires <ArgumentNullException>(sessionType != null);
bool unencryptedAllowed = provider.Uri.IsTransportSecure();
if (unencryptedAllowed)
{
var associateRequest = new AssociateUnencryptedRequest(provider.Version, provider.Uri);
associateRequest.AssociationType = associationType;
return(associateRequest);
}
else
{
var associateRequest = new AssociateDiffieHellmanRequest(provider.Version, provider.Uri);
associateRequest.AssociationType = associationType;
associateRequest.SessionType = sessionType;
associateRequest.InitializeRequest();
return(associateRequest);
}
}
/// <summary>
/// Creates an association request message that is appropriate for a given Provider.
/// </summary>
/// <param name="securityRequirements">The set of requirements the selected association type must comply to.</param>
/// <param name="provider">The provider to create an association with.</param>
/// <param name="associationType">Type of the association.</param>
/// <param name="sessionType">Type of the session.</param>
/// <returns>
/// The message to send to the Provider to request an association.
/// Null if no association could be created that meet the security requirements
/// and the provider OpenID version.
/// </returns>
internal static AssociateRequest Create(SecuritySettings securityRequirements, ProviderEndpointDescription provider, string associationType, string sessionType)
{
ErrorUtilities.VerifyArgumentNotNull(securityRequirements, "securityRequirements");
ErrorUtilities.VerifyArgumentNotNull(provider, "provider");
ErrorUtilities.VerifyNonZeroLength(associationType, "associationType");
ErrorUtilities.VerifyArgumentNotNull(sessionType, "sessionType");
bool unencryptedAllowed = provider.Endpoint.IsTransportSecure();
if (unencryptedAllowed)
{
var associateRequest = new AssociateUnencryptedRequest(provider.ProtocolVersion, provider.Endpoint);
associateRequest.AssociationType = associationType;
return(associateRequest);
}
else
{
var associateRequest = new AssociateDiffieHellmanRequest(provider.ProtocolVersion, provider.Endpoint);
associateRequest.AssociationType = associationType;
associateRequest.SessionType = sessionType;
associateRequest.InitializeRequest();
return(associateRequest);
}
}
/// <summary>
/// Creates an association request message that is appropriate for a given Provider.
/// </summary>
/// <param name="securityRequirements">The set of requirements the selected association type must comply to.</param>
/// <param name="provider">The provider to create an association with.</param>
/// <param name="associationType">Type of the association.</param>
/// <param name="sessionType">Type of the session.</param>
/// <returns>
/// The message to send to the Provider to request an association.
/// Null if no association could be created that meet the security requirements
/// and the provider OpenID version.
/// </returns>
internal static AssociateRequest Create(SecuritySettings securityRequirements, IProviderEndpoint provider, string associationType, string sessionType) {
Contract.Requires<ArgumentNullException>(securityRequirements != null);
Contract.Requires<ArgumentNullException>(provider != null);
Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(associationType));
Contract.Requires<ArgumentNullException>(sessionType != null);
bool unencryptedAllowed = provider.Uri.IsTransportSecure();
if (unencryptedAllowed) {
var associateRequest = new AssociateUnencryptedRequest(provider.Version, provider.Uri);
associateRequest.AssociationType = associationType;
return associateRequest;
} else {
var associateRequest = new AssociateDiffieHellmanRequest(provider.Version, provider.Uri);
associateRequest.AssociationType = associationType;
associateRequest.SessionType = sessionType;
associateRequest.InitializeRequest();
return associateRequest;
}
}
public async Task OPRejectsMismatchingAssociationAndSessionTypes() {
Protocol protocol = Protocol.V20;
this.RegisterAutoProvider();
var rp = this.CreateRelyingParty();
// We have to formulate the associate request manually,
// since the DNOI RP won't voluntarily mismatch the association and session types.
var request = new AssociateDiffieHellmanRequest(protocol.Version, OPUri);
request.AssociationType = protocol.Args.SignatureAlgorithm.HMAC_SHA256;
request.SessionType = protocol.Args.SessionType.DH_SHA1;
request.InitializeRequest();
var response = await rp.Channel.RequestAsync<AssociateUnsuccessfulResponse>(request, CancellationToken.None);
Assert.IsNotNull(response);
Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA1, response.AssociationType);
Assert.AreEqual(protocol.Args.SessionType.DH_SHA1, response.SessionType);
}
/// <summary>
/// Creates an association request message that is appropriate for a given Provider.
/// </summary>
/// <param name="securityRequirements">The set of requirements the selected association type must comply to.</param>
/// <param name="provider">The provider to create an association with.</param>
/// <param name="associationType">Type of the association.</param>
/// <param name="sessionType">Type of the session.</param>
/// <returns>
/// The message to send to the Provider to request an association.
/// Null if no association could be created that meet the security requirements
/// and the provider OpenID version.
/// </returns>
internal static AssociateRequest Create(SecuritySettings securityRequirements, ProviderEndpointDescription provider, string associationType, string sessionType)
{
ErrorUtilities.VerifyArgumentNotNull(securityRequirements, "securityRequirements");
ErrorUtilities.VerifyArgumentNotNull(provider, "provider");
ErrorUtilities.VerifyNonZeroLength(associationType, "associationType");
ErrorUtilities.VerifyArgumentNotNull(sessionType, "sessionType");
bool unencryptedAllowed = provider.Endpoint.IsTransportSecure();
if (unencryptedAllowed) {
var associateRequest = new AssociateUnencryptedRequest(provider.ProtocolVersion, provider.Endpoint);
associateRequest.AssociationType = associationType;
return associateRequest;
} else {
var associateRequest = new AssociateDiffieHellmanRequest(provider.ProtocolVersion, provider.Endpoint);
associateRequest.AssociationType = associationType;
associateRequest.SessionType = sessionType;
associateRequest.InitializeRequest();
return associateRequest;
}
}