We have HTTP Basic client authentication working now in OAuth 2.

8 files changed, 167 insertions, 10 deletions

diff --git a/src/DotNetOpenAuth.Core/Configuration/DotNetOpenAuth.xsd b/src/DotNetOpenAuth.Core/Configuration/DotNetOpenAuth.xsd
index d193776..3caadde 100644
--- a/src/DotNetOpenAuth.Core/Configuration/DotNetOpenAuth.xsd
+++ b/src/DotNetOpenAuth.Core/Configuration/DotNetOpenAuth.xsd
@@ -898,6 +898,71 @@
 						</xs:choice>
 					</xs:complexType>
 				</xs:element>
+				<xs:element name="oauth2">
+					<xs:annotation>
+						<xs:documentation>
+							Settings OAuth 2 clients, authorization servers and resource servers.
+						</xs:documentation>
+					</xs:annotation>
+					<xs:complexType>
+						<xs:choice minOccurs="0" maxOccurs="unbounded">
+							<xs:element name="client">
+								<xs:annotation>
+									<xs:documentation>
+										Settings applicable to OAuth 2 Clients.
+									</xs:documentation>
+								</xs:annotation>
+								<xs:complexType>
+									<xs:choice minOccurs="0" maxOccurs="unbounded">
+									</xs:choice>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="authorizationServer">
+								<xs:annotation>
+									<xs:documentation>
+										Settings applicable to OAuth 2 Authorization Servers.
+									</xs:documentation>
+								</xs:annotation>
+								<xs:complexType>
+									<xs:choice minOccurs="0" maxOccurs="unbounded">
+										<xs:element name="clientAuthenticationModules">
+											<xs:complexType>
+												<xs:choice minOccurs="0" maxOccurs="unbounded">
+													<xs:element name="add">
+														<xs:complexType>
+															<xs:attribute name="name" type="xs:string" use="required" />
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="remove">
+														<xs:complexType>
+															<xs:attribute name="name" type="xs:string" use="required" />
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="clear">
+														<xs:complexType>
+															<!--tag is empty-->
+														</xs:complexType>
+													</xs:element>
+												</xs:choice>
+											</xs:complexType>
+										</xs:element>
+									</xs:choice>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="resourceServer">
+								<xs:annotation>
+									<xs:documentation>
+										Settings applicable to OAuth 2 Resource Servers.
+									</xs:documentation>
+								</xs:annotation>
+								<xs:complexType>
+									<xs:choice minOccurs="0" maxOccurs="unbounded">
+									</xs:choice>
+								</xs:complexType>
+							</xs:element>
+						</xs:choice>
+					</xs:complexType>
+				</xs:element>
 				<xs:element name="reporting">
 					<xs:annotation>
 						<xs:documentation>
diff --git a/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj b/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj
index 447a3c5..65dee44 100644
--- a/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj
+++ b/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj
@@ -29,6 +29,8 @@
     <Compile Include="Messaging\ChannelContract.cs" />
     <Compile Include="Messaging\DataBagFormatterBase.cs" />
     <Compile Include="Messaging\HttpRequestHeaders.cs" />
+    <Compile Include="Messaging\IHttpDirectRequest.cs" />
+    <Compile Include="Messaging\IHttpDirectRequestContract.cs" />
     <Compile Include="Messaging\IHttpIndirectResponse.cs" />
     <Compile Include="Messaging\IMessageOriginalPayload.cs" />
     <Compile Include="Messaging\DirectWebRequestOptions.cs" />
diff --git a/src/DotNetOpenAuth.Core/Messaging/Channel.cs b/src/DotNetOpenAuth.Core/Messaging/Channel.cs
index 016a2b6..fbcb3d6 100644
--- a/src/DotNetOpenAuth.Core/Messaging/Channel.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/Channel.cs
@@ -478,6 +478,14 @@ namespace DotNetOpenAuth.Messaging {
 			IDirectedProtocolMessage requestMessage = this.ReadFromRequestCore(httpRequest);
 			if (requestMessage != null) {
 				Logger.Channel.DebugFormat("Incoming request received: {0}", requestMessage.GetType().Name);
+
+				var directRequest = requestMessage as IHttpDirectRequest;
+				if (directRequest != null) {
+					foreach (string header in httpRequest.Headers) {
+						directRequest.Headers[header] = httpRequest.Headers[header];
+					}
+				}
+
 				this.ProcessIncomingMessage(requestMessage);
 			}
 
@@ -717,6 +725,13 @@ namespace DotNetOpenAuth.Messaging {
 			Requires.True(request.Recipient != null, "request", MessagingStrings.DirectedMessageMissingRecipient);
 
 			HttpWebRequest webRequest = this.CreateHttpRequest(request);
+			var directRequest = request as IHttpDirectRequest;
+			if (directRequest != null) {
+				foreach (string header in directRequest.Headers) {
+					webRequest.Headers[header] = directRequest.Headers[header];
+				}
+			}
+
 			IDictionary<string, string> responseFields;
 			IDirectResponseProtocolMessage responseMessage;
 
diff --git a/src/DotNetOpenAuth.Core/Messaging/ErrorUtilities.cs b/src/DotNetOpenAuth.Core/Messaging/ErrorUtilities.cs
index f499d67..2237cc7 100644
--- a/src/DotNetOpenAuth.Core/Messaging/ErrorUtilities.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/ErrorUtilities.cs
@@ -193,17 +193,17 @@ namespace DotNetOpenAuth.Messaging {
 		/// Throws a <see cref="ProtocolException"/> if some <paramref name="condition"/> evaluates to false.
 		/// </summary>
 		/// <param name="condition">True to do nothing; false to throw the exception.</param>
-		/// <param name="message">The error message for the exception.</param>
+		/// <param name="unformattedMessage">The error message for the exception.</param>
 		/// <param name="args">The string formatting arguments, if any.</param>
 		/// <exception cref="ProtocolException">Thrown if <paramref name="condition"/> evaluates to <c>false</c>.</exception>
 		[Pure]
-		internal static void VerifyProtocol(bool condition, string message, params object[] args) {
+		internal static void VerifyProtocol(bool condition, string unformattedMessage, params object[] args) {
 			Requires.NotNull(args, "args");
 			Contract.Ensures(condition);
 			Contract.EnsuresOnThrow<ProtocolException>(!condition);
-			Contract.Assume(message != null);
+			Contract.Assume(unformattedMessage != null);
 			if (!condition) {
-				var exception = new ProtocolException(string.Format(CultureInfo.CurrentCulture, message, args));
+				var exception = new ProtocolException(string.Format(CultureInfo.CurrentCulture, unformattedMessage, args));
 				if (Logger.Messaging.IsErrorEnabled) {
 					Logger.Messaging.Error(
 						string.Format(
@@ -220,7 +220,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <summary>
 		/// Throws a <see cref="ProtocolException"/>.
 		/// </summary>
-		/// <param name="message">The message to set in the exception.</param>
+		/// <param name="unformattedMessage">The message to set in the exception.</param>
 		/// <param name="args">The formatting arguments of the message.</param>
 		/// <returns>
 		/// An InternalErrorException, which may be "thrown" by the caller in order
@@ -229,10 +229,10 @@ namespace DotNetOpenAuth.Messaging {
 		/// </returns>
 		/// <exception cref="ProtocolException">Always thrown.</exception>
 		[Pure]
-		internal static Exception ThrowProtocol(string message, params object[] args) {
+		internal static Exception ThrowProtocol(string unformattedMessage, params object[] args) {
 			Requires.NotNull(args, "args");
-			Contract.Assume(message != null);
-			VerifyProtocol(false, message, args);
+			Contract.Assume(unformattedMessage != null);
+			VerifyProtocol(false, unformattedMessage, args);
 
 			// we never reach here, but this allows callers to "throw" this method.
 			return new InternalErrorException();
diff --git a/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs b/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs
index 0f60e04..f613dc5 100644
--- a/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs
@@ -90,7 +90,7 @@ namespace DotNetOpenAuth.Messaging {
 			this.requestUri = requestUri;
 			this.form = form ?? new NameValueCollection();
 			this.queryString = HttpUtility.ParseQueryString(requestUri.Query);
-			this.headers = headers ?? new NameValueCollection();
+			this.headers = headers ?? new WebHeaderCollection();
 			this.serverVariables = new NameValueCollection();
 		}
 
diff --git a/src/DotNetOpenAuth.Core/Messaging/IHttpDirectRequest.cs b/src/DotNetOpenAuth.Core/Messaging/IHttpDirectRequest.cs
new file mode 100644
index 0000000..7153334
--- /dev/null
+++ b/src/DotNetOpenAuth.Core/Messaging/IHttpDirectRequest.cs
@@ -0,0 +1,22 @@
+//-----------------------------------------------------------------------
+// <copyright file="IHttpDirectRequest.cs" company="Outercurve Foundation">
+//     Copyright (c) Outercurve Foundation. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Messaging {
+	using System.Diagnostics.Contracts;
+	using System.Net;
+
+	/// <summary>
+	/// An interface that allows direct request messages to capture the details of the HTTP request they arrived on.
+	/// </summary>
+	[ContractClass(typeof(IHttpDirectRequestContract))]
+	public interface IHttpDirectRequest : IMessage {
+		/// <summary>
+		/// Gets the HTTP headers of the request.
+		/// </summary>
+		/// <value>May be an empty collection, but must not be <c>null</c>.</value>
+		WebHeaderCollection Headers { get; }
+	}
+}
diff --git a/src/DotNetOpenAuth.Core/Messaging/IHttpDirectRequestContract.cs b/src/DotNetOpenAuth.Core/Messaging/IHttpDirectRequestContract.cs
new file mode 100644
index 0000000..c17a4c2
--- /dev/null
+++ b/src/DotNetOpenAuth.Core/Messaging/IHttpDirectRequestContract.cs
@@ -0,0 +1,51 @@
+//-----------------------------------------------------------------------
+// <copyright file="IHttpDirectRequestContract.cs" company="Outercurve Foundation">
+//     Copyright (c) Outercurve Foundation. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Messaging {
+	using System;
+	using System.Collections.Generic;
+	using System.Diagnostics.Contracts;
+	using System.Linq;
+	using System.Net;
+	using System.Text;
+
+	/// <summary>
+	/// Contract class for the <see cref="IHttpDirectRequest"/> interface.
+	/// </summary>
+	[ContractClassFor(typeof(IHttpDirectRequest))]
+	public abstract class IHttpDirectRequestContract : IHttpDirectRequest {
+		#region IHttpDirectRequest Members
+
+		/// <summary>
+		/// Gets the HTTP headers of the request.
+		/// </summary>
+		/// <value>May be an empty collection, but must not be <c>null</c>.</value>
+		WebHeaderCollection IHttpDirectRequest.Headers {
+			get {
+				Contract.Ensures(Contract.Result<WebHeaderCollection>() != null);
+				throw new NotImplementedException();
+			}
+		}
+
+		#endregion
+
+		#region IMessage Members
+
+		Version IMessage.Version {
+			get { throw new NotImplementedException(); }
+		}
+
+		IDictionary<string, string> IMessage.ExtraData {
+			get { throw new NotImplementedException(); }
+		}
+
+		void IMessage.EnsureValidMessage() {
+			throw new NotImplementedException();
+		}
+
+		#endregion
+	}
+}
diff --git a/src/DotNetOpenAuth.Core/Requires.cs b/src/DotNetOpenAuth.Core/Requires.cs
index 7a196a3..5cd8b6a 100644
--- a/src/DotNetOpenAuth.Core/Requires.cs
+++ b/src/DotNetOpenAuth.Core/Requires.cs
@@ -47,10 +47,12 @@ namespace DotNetOpenAuth {
 		[ContractArgumentValidator]
 #endif
 		[Pure, DebuggerStepThrough]
-		internal static void NotNullOrEmpty(string value, string parameterName) {
+		internal static string NotNullOrEmpty(string value, string parameterName) {
 			NotNull(value, parameterName);
 			True(value.Length > 0, parameterName, Strings.EmptyStringNotAllowed);
+			Contract.Ensures(Contract.Result<string>() == value);
 			Contract.EndContractBlock();
+			return value;
 		}
 
 		/// <summary>