Adds option to force SHA-1 associations, and force new association with each test.origin/osis

2 files changed, 10 insertions, 1 deletions

diff --git a/osis/OsisMain/OP/CheckAuthSharedSecret.aspx b/osis/OsisMain/OP/CheckAuthSharedSecret.aspx
index 36de9ca..e9e50f3 100644
--- a/osis/OsisMain/OP/CheckAuthSharedSecret.aspx
+++ b/osis/OsisMain/OP/CheckAuthSharedSecret.aspx
@@ -14,6 +14,8 @@
 				ErrorMessage="Enter an identifier first." Display="Dynamic" />
 			<asp:Label ID="errorLabel" runat="server" EnableViewState="False" ForeColor="Red"
 				Visible="False" />
+			<br />
+			<asp:CheckBox runat="server" ID="ForceSHA1Association" Text="Use SHA-1 instead of SHA-256 association"/>
 		</asp:View>
 		<asp:View ID="View2" runat="server">
 			<osis:TestResultDisplay runat="server" ID="testResultDisplay" />
diff --git a/osis/OsisMain/OP/CheckAuthSharedSecret.aspx.cs b/osis/OsisMain/OP/CheckAuthSharedSecret.aspx.cs
index bd8c467..095e2c0 100644
--- a/osis/OsisMain/OP/CheckAuthSharedSecret.aspx.cs
+++ b/osis/OsisMain/OP/CheckAuthSharedSecret.aspx.cs
@@ -33,9 +33,16 @@ public partial class OP_CheckAuthRejectsSharedAssociationHandles : System.Web.UI
 		testResultDisplay.ProviderEndpoint = endpoint.ProviderEndpoint;
 		testResultDisplay.ProtocolVersion = endpoint.Version;
 
+		if (ForceSHA1Association.Checked) {
+			rp.SecuritySettings.MaximumHashBitLength = 160;
+		}
+
 		try {
 			// Establish a shared association with that provider endpoint.
-			Association association = rp.AssociationManager.GetOrCreateAssociation(endpoint);
+			Association association = rp.AssociationManager.CreateNewAssociation(endpoint);
+			if (association == null) {
+				throw new ApplicationException("Unable to establish an association with the Provider");
+			}
 
 			// Forge an assertion from the Provider.
 			var assertion = new PositiveAssertionResponse(endpoint.Version, new Uri(Request.Url, Request.Url.AbsolutePath));