This repository has been archived by the owner on Mar 20, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 732
/
Realm.cs
228 lines (201 loc) · 9.36 KB
/
Realm.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
using System;
using System.Text.RegularExpressions;
using System.Diagnostics;
using System.Globalization;
namespace DotNetOpenId {
/// <summary>
/// A trust root to validate requests and match return URLs against.
/// </summary>
/// <remarks>
/// This fills the OpenID Authentication 2.0 specification for realms.
/// See http://openid.net/specs/openid-authentication-2_0.html#realms
/// </remarks>
public class Realm {
[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2234:PassSystemUriObjectsInsteadOfStrings"), System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1057:StringUriOverloadsCallSystemUriOverloads")]
public static implicit operator Realm(string uri) {
return new Realm(uri);
}
[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2234:PassSystemUriObjectsInsteadOfStrings")]
public static implicit operator Realm(Uri uri) {
return new Realm(uri.AbsoluteUri);
}
public static implicit operator string(Realm realm) {
return realm.ToString();
}
[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1057:StringUriOverloadsCallSystemUriOverloads"), System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Globalization", "CA1308:NormalizeStringsToUppercase")]
public Realm(string realmUrl) {
if (realmUrl == null) throw new ArgumentNullException("realmUrl");
DomainWildcard = Regex.IsMatch(realmUrl, wildcardDetectionPattern);
uri = new Uri(Regex.Replace(realmUrl, wildcardDetectionPattern, m => m.Groups[1].Value));
if (!uri.Scheme.Equals("http", StringComparison.OrdinalIgnoreCase) &&
!uri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase))
throw new UriFormatException(string.Format(CultureInfo.CurrentUICulture,
Strings.InvalidScheme, uri.Scheme));
}
public Realm(Uri realmUrl) {
if (realmUrl == null) throw new ArgumentNullException("realmUrl");
uri = realmUrl;
if (!uri.Scheme.Equals("http", StringComparison.OrdinalIgnoreCase) &&
!uri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase))
throw new UriFormatException(string.Format(CultureInfo.CurrentUICulture,
Strings.InvalidScheme, uri.Scheme));
}
Uri uri;
const string wildcardDetectionPattern = @"^(\w+://)\*\.";
/// <summary>
/// Whether a '*.' prefix to the hostname is used in the realm to allow
/// subdomains or hosts to be added to the URL.
/// </summary>
public bool DomainWildcard { get; private set; }
/// <summary>
/// Gets the host component of this instance.
/// </summary>
public string Host { get { return uri.Host; } }
/// <summary>
/// Gets the scheme name for this URI.
/// </summary>
public string Scheme { get { return uri.Scheme; } }
/// <summary>
/// Gets the port number of this URI.
/// </summary>
public int Port { get { return uri.Port; } }
/// <summary>
/// Gets the absolute path of the URI.
/// </summary>
public string AbsolutePath { get { return uri.AbsolutePath; } }
/// <summary>
/// Gets the System.Uri.AbsolutePath and System.Uri.Query properties separated
/// by a question mark (?).
/// </summary>
public string PathAndQuery { get { return uri.PathAndQuery; } }
/// <summary>
/// Gets the realm URL. If the realm includes a wildcard, it is not included here.
/// </summary>
internal Uri NoWildcardUri { get { return uri; } }
static string[] _top_level_domains = {"com", "edu", "gov", "int", "mil", "net", "org", "biz", "info", "name", "museum", "coop", "aero", "ac", "ad", "ae",
"af", "ag", "ai", "al", "am", "an", "ao", "aq", "ar", "as", "at", "au", "aw", "az", "ba", "bb", "bd", "be", "bf", "bg", "bh", "bi", "bj",
"bm", "bn", "bo", "br", "bs", "bt", "bv", "bw", "by", "bz", "ca", "cc", "cd", "cf", "cg", "ch", "ci", "ck", "cl", "cm", "cn", "co", "cr",
"cu", "cv", "cx", "cy", "cz", "de", "dj", "dk", "dm", "do", "dz", "ec", "ee", "eg", "eh", "er", "es", "et", "fi", "fj", "fk", "fm", "fo",
"fr", "ga", "gd", "ge", "gf", "gg", "gh", "gi", "gl", "gm", "gn", "gp", "gq", "gr", "gs", "gt", "gu", "gw", "gy", "hk", "hm", "hn", "hr",
"ht", "hu", "id", "ie", "il", "im", "in", "io", "iq", "ir", "is", "it", "je", "jm", "jo", "jp", "ke", "kg", "kh", "ki", "km", "kn", "kp",
"kr", "kw", "ky", "kz", "la", "lb", "lc", "li", "lk", "lr", "ls", "lt", "lu", "lv", "ly", "ma", "mc", "md", "mg", "mh", "mk", "ml", "mm",
"mn", "mo", "mp", "mq", "mr", "ms", "mt", "mu", "mv", "mw", "mx", "my", "mz", "na", "nc", "ne", "nf", "ng", "ni", "nl", "no", "np", "nr",
"nu", "nz", "om", "pa", "pe", "pf", "pg", "ph", "pk", "pl", "pm", "pn", "pr", "ps", "pt", "pw", "py", "qa", "re", "ro", "ru", "rw", "sa",
"sb", "sc", "sd", "se", "sg", "sh", "si", "sj", "sk", "sl", "sm", "sn", "so", "sr", "st", "sv", "sy", "sz", "tc", "td", "tf", "tg", "th",
"tj", "tk", "tm", "tn", "to", "tp", "tr", "tt", "tv", "tw", "tz", "ua", "ug", "uk", "um", "us", "uy", "uz", "va", "vc", "ve", "vg", "vi",
"vn", "vu", "wf", "ws", "ye", "yt", "yu", "za", "zm", "zw"};
/// <summary>
/// This method checks the to see if a trust root represents a reasonable (sane) set of URLs.
/// </summary>
/// <remarks>
/// 'http://*.com/', for example is not a reasonable pattern, as it cannot meaningfully
/// specify the site claiming it. This function attempts to find many related examples,
/// but it can only work via heuristics. Negative responses from this method should be
/// treated as advisory, used only to alert the user to examine the trust root carefully.
/// </remarks>
internal bool IsSane {
get {
if (Host.Equals("localhost", StringComparison.OrdinalIgnoreCase))
return true;
string[] host_parts = Host.Split('.');
string tld = host_parts[host_parts.Length - 1];
if (Array.IndexOf(_top_level_domains, tld) < 0)
return false;
if (tld.Length == 2) {
if (host_parts.Length == 1)
return false;
if (host_parts[host_parts.Length - 2].Length <= 3)
return host_parts.Length > 2;
} else {
return host_parts.Length > 1;
}
return false;
}
}
/// <summary>
/// Validates a URL against this trust root.
/// </summary>
/// <param name="url">A string specifying URL to check.</param>
/// <returns>Whether the given URL is within this trust root.</returns>
internal bool Contains(string url) {
return Contains(new Uri(url));
}
/// <summary>
/// Validates a URL against this trust root.
/// </summary>
/// <param name="url">The URL to check.</param>
/// <returns>Whether the given URL is within this trust root.</returns>
internal bool Contains(Uri url) {
if (url.Scheme != Scheme)
return false;
if (url.Port != Port)
return false;
if (!DomainWildcard) {
if (url.Host != Host) {
return false;
}
} else {
Debug.Assert(!string.IsNullOrEmpty(Host), "The host part of the Regex should evaluate to at least one char for successful parsed trust roots.");
string[] host_parts = Host.Split('.');
string[] url_parts = url.Host.Split('.');
// If the domain contain the wildcard has more parts than the URL to match against,
// it naturally can't be valid.
// Unless *.example.com actually matches example.com too.
if (host_parts.Length > url_parts.Length)
return false;
// Compare last part first and move forward.
// Could be done by using EndsWith, but this solution seems more elegant.
for (int i = host_parts.Length - 1; i >= 0; i--) {
/*
if (host_parts[i].Equals("*", StringComparison.Ordinal))
{
break;
}
*/
if (!host_parts[i].Equals(url_parts[i + 1], StringComparison.OrdinalIgnoreCase)) {
return false;
}
}
}
// If path matches or is specified to root ...
if (PathAndQuery.Equals(url.PathAndQuery, StringComparison.Ordinal)
|| PathAndQuery.Equals("/", StringComparison.Ordinal))
return true;
// If trust root has a longer path, the return URL must be invalid.
if (PathAndQuery.Length > url.PathAndQuery.Length)
return false;
// The following code assures that http://example.com/directory isn't below http://example.com/dir,
// but makes sure http://example.com/dir/ectory is below http://example.com/dir
int path_len = PathAndQuery.Length;
string url_prefix = url.PathAndQuery.Substring(0, path_len);
if (PathAndQuery != url_prefix)
return false;
// If trust root includes a query string ...
if (PathAndQuery.Contains("?")) {
// ... make sure return URL begins with a new argument
return url.PathAndQuery[path_len] == '&';
}
// Or make sure a query string is introduced or a path below trust root
return PathAndQuery.EndsWith("/", StringComparison.Ordinal)
|| url.PathAndQuery[path_len] == '?'
|| url.PathAndQuery[path_len] == '/';
}
public override bool Equals(object obj) {
Realm other = obj as Realm;
if (other == null) return false;
return uri.Equals(other.uri) && DomainWildcard == other.DomainWildcard;
}
public override int GetHashCode() {
return uri.GetHashCode() + (DomainWildcard ? 1 : 0);
}
public override string ToString() {
if (DomainWildcard) {
UriBuilder builder = new UriBuilder(uri);
builder.Host = "*." + builder.Host;
return builder.ToString();
} else {
return uri.ToString();
}
}
}
}