src/DotNetOpenAuth/OpenId/Provider/ProviderSecuritySettings.cs

   1 //-----------------------------------------------------------------------
   2 // <copyright file="ProviderSecuritySettings.cs" company="Andrew Arnott">
   3 //     Copyright (c) Andrew Arnott. All rights reserved.
   4 // </copyright>
   5 //-----------------------------------------------------------------------
   6
   7 namespace DotNetOpenAuth.OpenId.Provider {
   8         using System;
   9         using System.Collections.Generic;
  10         using DotNetOpenAuth.Messaging;
  11
  12         /// <summary>
  13         /// Security settings that are applicable to providers.
  14         /// </summary>
  15         public sealed class ProviderSecuritySettings : SecuritySettings {
  16                 /// <summary>
  17                 /// The subset of association types and their customized lifetimes.
  18                 /// </summary>
  19                 private IDictionary<string, TimeSpan> associationLifetimes = new Dictionary<string, TimeSpan>();
  20
  21                 /// <summary>
  22                 /// Initializes a new instance of the <see cref="ProviderSecuritySettings"/> class.
  23                 /// </summary>
  24                 internal ProviderSecuritySettings()
  25                         : base(true) {
  26                         this.SignOutgoingExtensions = true;
  27                 }
  28
  29                 /// <summary>
  30                 /// Gets a subset of the available association types and their
  31                 /// customized maximum lifetimes.
  32                 /// </summary>
  33                 public IDictionary<string, TimeSpan> AssociationLifetimes {
  34                         get { return this.associationLifetimes; }
  35                 }
  36
  37                 /// <summary>
  38                 /// Gets or sets a value indicating whether OpenID 1.x relying parties that may not be
  39                 /// protecting their users from replay attacks are protected from
  40                 /// replay attacks by this provider.
  41                 /// *** This property is a placeholder for a feature that has not been written yet. ***
  42                 /// </summary>
  43                 /// <remarks>
  44                 /// <para>Nonces for protection against replay attacks were not mandated
  45                 /// by OpenID 1.x, which leaves users open to replay attacks.</para>
  46                 /// <para>This feature works by preventing associations from being formed
  47                 /// with OpenID 1.x relying parties, thereby forcing them into
  48                 /// "dumb" mode and verifying every claim with this provider.
  49                 /// This gives the provider an opportunity to verify its own nonce
  50                 /// to protect against replay attacks.</para>
  51                 /// </remarks>
  52                 internal bool ProtectDownlevelReplayAttacks { get; set; }
  53
  54                 /// <summary>
  55                 /// Gets or sets a value indicating whether outgoing extensions are always signed.
  56                 /// </summary>
  57                 /// <value>
  58                 ///     <c>true</c> if outgoing extensions should be signed; otherwise, <c>false</c>.
  59                 ///     The default is <c>true</c>.
  60                 /// </value>
  61                 /// <remarks>
  62                 /// This property is internal because Providers should never turn it off, but it is
  63                 /// needed for testing the RP's rejection of unsigned extensions.
  64                 /// </remarks>
  65                 internal bool SignOutgoingExtensions { get; set; }
  66         }
  67 }