forked from DotNetOpenAuth/DotNetOpenAuth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMessagingElement.cs
209 lines (188 loc) · 8.68 KB
/
MessagingElement.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
//-----------------------------------------------------------------------
// <copyright file="MessagingElement.cs" company="Outercurve Foundation">
// Copyright (c) Outercurve Foundation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.Configuration {
using System;
using System.Configuration;
using System.Diagnostics.Contracts;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.Messaging.Bindings;
/// <summary>
/// Represents the <messaging> element in the host's .config file.
/// </summary>
[ContractVerification(true)]
public class MessagingElement : ConfigurationSection {
/// <summary>
/// The name of the <webResourceUrlProvider> sub-element.
/// </summary>
private const string WebResourceUrlProviderName = "webResourceUrlProvider";
/// <summary>
/// The name of the <untrustedWebRequest> sub-element.
/// </summary>
private const string UntrustedWebRequestElementName = "untrustedWebRequest";
/// <summary>
/// The name of the attribute that stores the association's maximum lifetime.
/// </summary>
private const string MaximumMessageLifetimeConfigName = "lifetime";
/// <summary>
/// The name of the attribute that stores the maximum allowable clock skew.
/// </summary>
private const string MaximumClockSkewConfigName = "clockSkew";
/// <summary>
/// The name of the attribute that indicates whether to disable SSL requirements across the library.
/// </summary>
private const string RelaxSslRequirementsConfigName = "relaxSslRequirements";
/// <summary>
/// The name of the attribute that controls whether messaging rules are strictly followed.
/// </summary>
private const string StrictConfigName = "strict";
/// <summary>
/// The default value for the <see cref="MaximumIndirectMessageUrlLength"/> property.
/// </summary>
/// <value>
/// 2KB, recommended by OpenID group
/// </value>
private const int DefaultMaximumIndirectMessageUrlLength = 2 * 1024;
/// <summary>
/// The name of the attribute that controls the maximum length of a URL before it is converted
/// to a POST payload.
/// </summary>
private const string MaximumIndirectMessageUrlLengthConfigName = "maximumIndirectMessageUrlLength";
/// <summary>
/// Gets the name of the @privateSecretMaximumAge attribute.
/// </summary>
private const string PrivateSecretMaximumAgeConfigName = "privateSecretMaximumAge";
/// <summary>
/// The name of the <messaging> sub-element.
/// </summary>
private const string MessagingElementName = DotNetOpenAuthSection.SectionName + "/messaging";
/// <summary>
/// Gets the configuration section from the .config file.
/// </summary>
public static MessagingElement Configuration {
get {
Contract.Ensures(Contract.Result<MessagingElement>() != null);
return (MessagingElement)ConfigurationManager.GetSection(MessagingElementName) ?? new MessagingElement();
}
}
/// <summary>
/// Gets the actual maximum message lifetime that a program should allow.
/// </summary>
/// <value>The sum of the <see cref="MaximumMessageLifetime"/> and
/// <see cref="MaximumClockSkew"/> property values.</value>
public TimeSpan MaximumMessageLifetime {
get { return this.MaximumMessageLifetimeNoSkew + this.MaximumClockSkew; }
}
/// <summary>
/// Gets or sets the maximum lifetime of a private symmetric secret,
/// that may be used for signing or encryption.
/// </summary>
/// <value>The default value is 28 days (twice the age of the longest association).</value>
[ConfigurationProperty(PrivateSecretMaximumAgeConfigName, DefaultValue = "28.00:00:00")]
public TimeSpan PrivateSecretMaximumAge {
get { return (TimeSpan)this[PrivateSecretMaximumAgeConfigName]; }
set { this[PrivateSecretMaximumAgeConfigName] = value; }
}
/// <summary>
/// Gets or sets the time between a message's creation and its receipt
/// before it is considered expired.
/// </summary>
/// <value>
/// The default value value is 3 minutes.
/// </value>
/// <remarks>
/// <para>Smaller timespans mean lower tolerance for delays in message delivery.
/// Larger timespans mean more nonces must be stored to provide replay protection.</para>
/// <para>The maximum age a message implementing the
/// <see cref="IExpiringProtocolMessage"/> interface can be before
/// being discarded as too old.</para>
/// <para>This time limit should NOT take into account expected
/// time skew for servers across the Internet. Time skew is added to
/// this value and is controlled by the <see cref="MaximumClockSkew"/> property.</para>
/// </remarks>
[ConfigurationProperty(MaximumMessageLifetimeConfigName, DefaultValue = "00:03:00")]
internal TimeSpan MaximumMessageLifetimeNoSkew {
get { return (TimeSpan)this[MaximumMessageLifetimeConfigName]; }
set { this[MaximumMessageLifetimeConfigName] = value; }
}
/// <summary>
/// Gets or sets the maximum clock skew.
/// </summary>
/// <value>The default value is 10 minutes.</value>
/// <remarks>
/// <para>Smaller timespans mean lower tolerance for
/// time variance due to server clocks not being synchronized.
/// Larger timespans mean greater chance for replay attacks and
/// larger nonce caches.</para>
/// <para>For example, if a server could conceivably have its
/// clock d = 5 minutes off UTC time, then any two servers could have
/// their clocks disagree by as much as 2*d = 10 minutes. </para>
/// </remarks>
[ConfigurationProperty(MaximumClockSkewConfigName, DefaultValue = "00:10:00")]
internal TimeSpan MaximumClockSkew {
get { return (TimeSpan)this[MaximumClockSkewConfigName]; }
set { this[MaximumClockSkewConfigName] = value; }
}
/// <summary>
/// Gets or sets a value indicating whether SSL requirements within the library are disabled/relaxed.
/// Use for TESTING ONLY.
/// </summary>
[ConfigurationProperty(RelaxSslRequirementsConfigName, DefaultValue = false)]
internal bool RelaxSslRequirements {
get { return (bool)this[RelaxSslRequirementsConfigName]; }
set { this[RelaxSslRequirementsConfigName] = value; }
}
/// <summary>
/// Gets or sets a value indicating whether messaging rules are strictly
/// adhered to.
/// </summary>
/// <value><c>true</c> by default.</value>
/// <remarks>
/// Strict will require that remote parties adhere strictly to the specifications,
/// even when a loose interpretation would not compromise security.
/// <c>true</c> is a good default because it shakes out interoperability bugs in remote services
/// so they can be identified and corrected. But some web sites want things to Just Work
/// more than they want to file bugs against others, so <c>false</c> is the setting for them.
/// </remarks>
[ConfigurationProperty(StrictConfigName, DefaultValue = true)]
internal bool Strict {
get { return (bool)this[StrictConfigName]; }
set { this[StrictConfigName] = value; }
}
/// <summary>
/// Gets or sets the configuration for the <see cref="UntrustedWebRequestHandler"/> class.
/// </summary>
/// <value>The untrusted web request.</value>
[ConfigurationProperty(UntrustedWebRequestElementName)]
internal UntrustedWebRequestElement UntrustedWebRequest {
get { return (UntrustedWebRequestElement)this[UntrustedWebRequestElementName] ?? new UntrustedWebRequestElement(); }
set { this[UntrustedWebRequestElementName] = value; }
}
/// <summary>
/// Gets or sets the maximum allowable size for a 301 Redirect response before we send
/// a 200 OK response with a scripted form POST with the parameters instead
/// in order to ensure successfully sending a large payload to another server
/// that might have a maximum allowable size restriction on its GET request.
/// </summary>
/// <value>The default value is 2048.</value>
[ConfigurationProperty(MaximumIndirectMessageUrlLengthConfigName, DefaultValue = DefaultMaximumIndirectMessageUrlLength)]
[IntegerValidator(MinValue = 500, MaxValue = 4096)]
internal int MaximumIndirectMessageUrlLength {
get { return (int)this[MaximumIndirectMessageUrlLengthConfigName]; }
set { this[MaximumIndirectMessageUrlLengthConfigName] = value; }
}
/// <summary>
/// Gets or sets the embedded resource retrieval provider.
/// </summary>
/// <value>
/// The embedded resource retrieval provider.
/// </value>
[ConfigurationProperty(WebResourceUrlProviderName)]
internal TypeConfigurationElement<IEmbeddedResourceRetrieval> EmbeddedResourceRetrievalProvider {
get { return (TypeConfigurationElement<IEmbeddedResourceRetrieval>)this[WebResourceUrlProviderName] ?? new TypeConfigurationElement<IEmbeddedResourceRetrieval>(); }
set { this[WebResourceUrlProviderName] = value; }
}
}
}