Merge branch 'master' into contracts

Conflicts:
	src/DotNetOpenAuth.vsmdi
	src/DotNetOpenAuth/Configuration/TypeConfigurationCollection.cs
	src/DotNetOpenAuth/Configuration/TypeConfigurationElement.cs
	src/DotNetOpenAuth/DotNetOpenAuth.csproj
	src/DotNetOpenAuth/Messaging/HttpRequestInfo.cs
	src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs
	src/DotNetOpenAuth/Messaging/Reflection/ValueMapping.cs
	src/DotNetOpenAuth/OAuth/ChannelElements/OAuthChannel.cs
	src/DotNetOpenAuth/OAuth/ConsumerBase.cs
	src/DotNetOpenAuth/OAuth/Messages/MessageBase.cs
	src/DotNetOpenAuth/OAuth/Messages/UnauthorizedTokenResponse.cs
	src/DotNetOpenAuth/OAuth/ServiceProvider.cs
	src/DotNetOpenAuth/OpenId/Protocol.cs
	src/DotNetOpenAuth/OpenId/Provider/AutoResponsiveRequest.cs
	src/DotNetOpenAuth/OpenId/Provider/HostProcessedRequest.cs
	src/DotNetOpenAuth/OpenId/Provider/IHostProcessedRequest.cs
	src/DotNetOpenAuth/OpenId/Provider/Request.cs
	src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
	src/DotNetOpenAuth/OpenId/RelyingParty/ServiceEndpoint.cs

14 files changed, 623 insertions, 47 deletions

diff --git a/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs b/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
index f88af0d..af3b1b1 100644
--- a/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
@@ -375,8 +375,8 @@ namespace DotNetOpenAuth.Test.OpenId {
 					var unencryptedResponse = (AssociateUnencryptedResponse)associateSuccessfulResponse;
 				}
 			} else {
-				Assert.IsNull(associationManagerAccessor.associationStore.GetAssociation(opDescription.Endpoint, new SecuritySettings(false)));
-				Assert.IsNull(coordinator.Provider.AssociationStore.GetAssociation(AssociationRelyingPartyType.Smart, new SecuritySettings(true)));
+				Assert.IsNull(associationManagerAccessor.associationStore.GetAssociation(opDescription.Endpoint, new RelyingPartySecuritySettings()));
+				Assert.IsNull(coordinator.Provider.AssociationStore.GetAssociation(AssociationRelyingPartyType.Smart, new ProviderSecuritySettings()));
 			}
 		}
 	}
diff --git a/src/DotNetOpenAuth.Test/OpenId/ChannelElements/ExtensionsBindingElementTests.cs b/src/DotNetOpenAuth.Test/OpenId/ChannelElements/ExtensionsBindingElementTests.cs
index 08432ff..29797dc 100644
--- a/src/DotNetOpenAuth.Test/OpenId/ChannelElements/ExtensionsBindingElementTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/ChannelElements/ExtensionsBindingElementTests.cs
@@ -32,7 +32,7 @@ namespace DotNetOpenAuth.Test.OpenId.ChannelElements {
 
 			this.factory = new StandardOpenIdExtensionFactory();
 			this.factory.RegisterExtension(MockOpenIdExtension.Factory);
-			this.rpElement = new ExtensionsBindingElement(this.factory);
+			this.rpElement = new ExtensionsBindingElement(this.factory, new RelyingPartySecuritySettings());
 			this.rpElement.Channel = new TestChannel(this.MessageDescriptions);
 			this.request = new SignedResponseRequest(Protocol.Default.Version, OpenIdTestBase.OPUri, AuthenticationRequestMode.Immediate);
 		}
diff --git a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperOPTests.cs b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperOPTests.cs
new file mode 100644
index 0000000..9f849ea
--- /dev/null
+++ b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperOPTests.cs
@@ -0,0 +1,147 @@
+//-----------------------------------------------------------------------
+// <copyright file="ExtensionsInteropHelperOPTests.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Test.OpenId.Extensions {
+	using System.Collections.Generic;
+	using System.Linq;
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OpenId;
+	using DotNetOpenAuth.OpenId.Extensions;
+	using DotNetOpenAuth.OpenId.Extensions.AttributeExchange;
+	using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
+	using DotNetOpenAuth.OpenId.Messages;
+	using DotNetOpenAuth.OpenId.Provider;
+	using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+	[TestClass]
+	public class ExtensionsInteropHelperOPTests : OpenIdTestBase {
+		private AuthenticationRequest request;
+		private IList<IExtensionMessage> extensions;
+
+		[TestInitialize]
+		public override void SetUp() {
+			base.SetUp();
+
+			var op = this.CreateProvider();
+			var rpRequest = new CheckIdRequest(Protocol.Default.Version, OPUri, DotNetOpenAuth.OpenId.RelyingParty.AuthenticationRequestMode.Setup);
+			rpRequest.ReturnTo = RPUri;
+			this.extensions = rpRequest.Extensions;
+			this.request = new AuthenticationRequest(op, rpRequest);
+			this.request.IsAuthenticated = true;
+		}
+
+		/// <summary>
+		/// Verifies no extensions appear as no extensions
+		/// </summary>
+		[TestMethod]
+		public void NoRequestedExtensions() {
+			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.request);
+			Assert.IsNull(sreg);
+
+			// Make sure we're still able to send an sreg response.
+			var sregResponse = new ClaimsResponse();
+			this.request.AddResponseExtension(sregResponse);
+			ExtensionsInteropHelper.ConvertSregToMatchRequest(this.request);
+			var extensions = this.GetResponseExtensions();
+			Assert.AreSame(sregResponse, extensions.Single());
+		}
+
+		/// <summary>
+		/// Verifies sreg coming in is seen as sreg.
+		/// </summary>
+		[TestMethod]
+		public void UnifyExtensionsAsSregWithSreg() {
+			var sregInjected = new ClaimsRequest {
+				Nickname = DemandLevel.Request,
+			};
+			this.extensions.Add(sregInjected);
+			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.request);
+			Assert.AreSame(sregInjected, sreg);
+			Assert.AreEqual(DemandLevel.Request, sreg.Nickname);
+			Assert.AreEqual(DemandLevel.NoRequest, sreg.FullName);
+
+			var sregResponse = new ClaimsResponse();
+			this.request.AddResponseExtension(sregResponse);
+			ExtensionsInteropHelper.ConvertSregToMatchRequest(this.request);
+			var extensions = this.GetResponseExtensions();
+			Assert.AreSame(sregResponse, extensions.Single());
+		}
+
+		/// <summary>
+		/// Verifies AX coming in looks like sreg.
+		/// </summary>
+		[TestMethod]
+		public void UnifyExtensionsAsSregWithAX() {
+			this.ParameterizedAXTest(AXAttributeFormats.AXSchemaOrg);
+		}
+
+		/// <summary>
+		/// Verifies AX coming in looks like sreg.
+		/// </summary>
+		[TestMethod]
+		public void UnifyExtensionsAsSregWithAXSchemaOpenIdNet() {
+			this.ParameterizedAXTest(AXAttributeFormats.SchemaOpenIdNet);
+		}
+
+		/// <summary>
+		/// Verifies sreg and AX in one request has a preserved sreg request.
+		/// </summary>
+		[TestMethod]
+		public void UnifyExtensionsAsSregWithBothSregAndAX() {
+			var sregInjected = new ClaimsRequest {
+				Nickname = DemandLevel.Request,
+			};
+			this.extensions.Add(sregInjected);
+			var axInjected = new FetchRequest();
+			axInjected.Attributes.AddOptional(WellKnownAttributes.Contact.Email);
+			this.extensions.Add(axInjected);
+			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.request);
+			Assert.AreSame(sregInjected, sreg);
+			Assert.AreEqual(DemandLevel.Request, sreg.Nickname);
+			Assert.AreEqual(DemandLevel.NoRequest, sreg.Email);
+
+			var sregResponseInjected = new ClaimsResponse {
+				Nickname = "andy",
+			};
+			this.request.AddResponseExtension(sregResponseInjected);
+			var axResponseInjected = new FetchResponse();
+			axResponseInjected.Attributes.Add(WellKnownAttributes.Contact.Email, "a@b.com");
+			this.request.AddResponseExtension(axResponseInjected);
+			ExtensionsInteropHelper.ConvertSregToMatchRequest(this.request);
+			var extensions = this.GetResponseExtensions();
+			var sregResponse = extensions.OfType<ClaimsResponse>().Single();
+			Assert.AreEqual("andy", sregResponse.Nickname);
+			var axResponse = extensions.OfType<FetchResponse>().Single();
+			Assert.AreEqual("a@b.com", axResponse.GetAttributeValue(WellKnownAttributes.Contact.Email));
+		}
+
+		private IList<IExtensionMessage> GetResponseExtensions() {
+			IProtocolMessageWithExtensions response = (IProtocolMessageWithExtensions)this.request.Response;
+			return response.Extensions;
+		}
+
+		private void ParameterizedAXTest(AXAttributeFormats format) {
+			var axInjected = new FetchRequest();
+			axInjected.Attributes.AddOptional(ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.Alias, format));
+			axInjected.Attributes.AddRequired(ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.FullName, format));
+			this.extensions.Add(axInjected);
+			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.request);
+			Assert.AreSame(sreg, this.request.GetExtension<ClaimsRequest>());
+			Assert.AreEqual(DemandLevel.Request, sreg.Nickname);
+			Assert.AreEqual(DemandLevel.Require, sreg.FullName);
+			Assert.AreEqual(DemandLevel.NoRequest, sreg.Language);
+
+			var sregResponse = new ClaimsResponse {
+				Nickname = "andy",
+			};
+			this.request.AddResponseExtension(sregResponse);
+			ExtensionsInteropHelper.ConvertSregToMatchRequest(this.request);
+			var extensions = this.GetResponseExtensions();
+			var axResponse = extensions.OfType<FetchResponse>().Single();
+			Assert.AreEqual("andy", axResponse.GetAttributeValue(ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.Alias, format)));
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPRequestTests.cs b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPRequestTests.cs
new file mode 100644
index 0000000..ba5e335
--- /dev/null
+++ b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPRequestTests.cs
@@ -0,0 +1,128 @@
+//-----------------------------------------------------------------------
+// <copyright file="ExtensionsInteropHelperRPRequestTests.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Test.OpenId {
+	using System.Linq;
+	using DotNetOpenAuth.OpenId;
+	using DotNetOpenAuth.OpenId.Extensions;
+	using DotNetOpenAuth.OpenId.Extensions.AttributeExchange;
+	using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
+	using DotNetOpenAuth.OpenId.RelyingParty;
+	using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+	[TestClass]
+	public class ExtensionsInteropHelperRPRequestTests : OpenIdTestBase {
+		private AuthenticationRequest authReq;
+		private ClaimsRequest sreg;
+
+		[TestInitialize]
+		public override void SetUp() {
+			base.SetUp();
+
+			var rp = CreateRelyingParty(true);
+			Identifier identifier = this.GetMockIdentifier(ProtocolVersion.V20);
+			this.authReq = (AuthenticationRequest)rp.CreateRequest(identifier, RPRealmUri, RPUri);
+			this.sreg = new ClaimsRequest {
+				Nickname = DemandLevel.Request,
+				FullName = DemandLevel.Request,
+				BirthDate = DemandLevel.Request,
+				Email = DemandLevel.Require,
+				Country = DemandLevel.Request,
+				PostalCode = DemandLevel.Request,
+				Gender = DemandLevel.Request,
+				Language = DemandLevel.Request,
+				TimeZone = DemandLevel.Request,
+			};
+		}
+
+		/// <summary>
+		/// Verifies that without an Sreg extension to copy from, no AX extension request is added.
+		/// </summary>
+		[TestMethod]
+		public void SpreadSregToAXNoExtensions() {
+			ExtensionsInteropHelper.SpreadSregToAX(this.authReq, AXAttributeFormats.AXSchemaOrg);
+			Assert.AreEqual(0, this.authReq.AppliedExtensions.Count());
+		}
+
+		/// <summary>
+		/// Verifies that Sreg requests are correctly copied to axschema.org AX requests.
+		/// </summary>
+		[TestMethod]
+		public void SpreadSregToAXBasic() {
+			this.authReq.AddExtension(this.sreg);
+			ExtensionsInteropHelper.SpreadSregToAX(this.authReq, AXAttributeFormats.AXSchemaOrg);
+			var ax = this.authReq.AppliedExtensions.OfType<FetchRequest>().Single();
+			Assert.IsFalse(ax.Attributes[WellKnownAttributes.Name.Alias].IsRequired);
+			Assert.IsFalse(ax.Attributes[WellKnownAttributes.Name.FullName].IsRequired);
+			Assert.IsFalse(ax.Attributes[WellKnownAttributes.BirthDate.WholeBirthDate].IsRequired);
+			Assert.IsTrue(ax.Attributes[WellKnownAttributes.Contact.Email].IsRequired);
+			Assert.IsFalse(ax.Attributes[WellKnownAttributes.Contact.HomeAddress.Country].IsRequired);
+			Assert.IsFalse(ax.Attributes[WellKnownAttributes.Contact.HomeAddress.PostalCode].IsRequired);
+			Assert.IsFalse(ax.Attributes[WellKnownAttributes.Person.Gender].IsRequired);
+			Assert.IsFalse(ax.Attributes[WellKnownAttributes.Preferences.Language].IsRequired);
+			Assert.IsFalse(ax.Attributes[WellKnownAttributes.Preferences.TimeZone].IsRequired);
+		}
+
+		/// <summary>
+		/// Verifies that sreg can spread to multiple AX schemas.
+		/// </summary>
+		[TestMethod]
+		public void SpreadSregToAxMultipleSchemas() {
+			this.authReq.AddExtension(this.sreg);
+			ExtensionsInteropHelper.SpreadSregToAX(this.authReq, AXAttributeFormats.AXSchemaOrg | AXAttributeFormats.SchemaOpenIdNet);
+			var ax = this.authReq.AppliedExtensions.OfType<FetchRequest>().Single();
+			Assert.IsTrue(ax.Attributes.Contains(WellKnownAttributes.Name.Alias));
+			Assert.IsTrue(ax.Attributes.Contains(ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.Alias, AXAttributeFormats.SchemaOpenIdNet)));
+			Assert.IsFalse(ax.Attributes.Contains(ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.Alias, AXAttributeFormats.OpenIdNetSchema)));
+		}
+
+		/// <summary>
+		/// Verifies no spread if the OP advertises sreg support.
+		/// </summary>
+		[TestMethod]
+		public void SpreadSregToAxNoOpIfOPSupportsSreg() {
+			this.authReq.AddExtension(this.sreg);
+			this.InjectAdvertisedTypeUri(DotNetOpenAuth.OpenId.Extensions.SimpleRegistration.Constants.sreg_ns);
+			ExtensionsInteropHelper.SpreadSregToAX(this.authReq, AXAttributeFormats.All);
+			Assert.IsFalse(this.authReq.AppliedExtensions.OfType<FetchRequest>().Any());
+		}
+
+		/// <summary>
+		/// Verifies a targeted AX request if the OP advertises a recognized type URI format.
+		/// </summary>
+		[TestMethod]
+		public void SpreadSregToAxTargetedAtOPFormat() {
+			this.authReq.AddExtension(this.sreg);
+			this.InjectAdvertisedTypeUri(WellKnownAttributes.Name.FullName);
+			ExtensionsInteropHelper.SpreadSregToAX(this.authReq, AXAttributeFormats.OpenIdNetSchema);
+			var ax = this.authReq.AppliedExtensions.OfType<FetchRequest>().Single();
+			Assert.IsFalse(ax.Attributes.Contains(ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Contact.Email, AXAttributeFormats.OpenIdNetSchema)));
+			Assert.IsTrue(ax.Attributes.Contains(WellKnownAttributes.Contact.Email));
+		}
+
+		/// <summary>
+		/// Verifies that TransformAXFormat correctly translates AX schema Type URIs.
+		/// </summary>
+		[TestMethod]
+		public void TransformAXFormatTest() {
+			Assert.AreEqual(WellKnownAttributes.Name.Alias, ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.Alias, AXAttributeFormats.AXSchemaOrg));
+			Assert.AreEqual("http://schema.openid.net/namePerson/friendly", ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.Alias, AXAttributeFormats.SchemaOpenIdNet));
+			Assert.AreEqual("http://openid.net/schema/namePerson/friendly", ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.Alias, AXAttributeFormats.OpenIdNetSchema));
+		}
+
+		/// <summary>
+		/// Injects the advertised type URI into the list of advertised services for the authentication request.
+		/// </summary>
+		/// <param name="typeUri">The type URI.</param>
+		private void InjectAdvertisedTypeUri(string typeUri) {
+			var serviceEndpoint = ServiceEndpoint_Accessor.AttachShadow(((ServiceEndpoint)this.authReq.Provider));
+			serviceEndpoint.ProviderDescription = ProviderEndpointDescription_Accessor.AttachShadow(
+				new ProviderEndpointDescription(
+					serviceEndpoint.ProviderDescription.Endpoint,
+					serviceEndpoint.ProviderDescription.Capabilities.Concat(new[] { typeUri })));
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPResponseTests.cs b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPResponseTests.cs
new file mode 100644
index 0000000..5fe05c1
--- /dev/null
+++ b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPResponseTests.cs
@@ -0,0 +1,83 @@
+//-----------------------------------------------------------------------
+// <copyright file="ExtensionsInteropHelperRPResponseTests.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Test.OpenId {
+	using System.Collections.Generic;
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OpenId;
+	using DotNetOpenAuth.OpenId.Extensions;
+	using DotNetOpenAuth.OpenId.Extensions.AttributeExchange;
+	using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
+	using DotNetOpenAuth.OpenId.Messages;
+	using DotNetOpenAuth.OpenId.RelyingParty;
+	using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+	[TestClass]
+	public class ExtensionsInteropHelperRPResponseTests : OpenIdTestBase {
+		private IAuthenticationResponse response;
+		private IList<IExtensionMessage> extensions;
+
+		[TestInitialize]
+		public override void SetUp() {
+			base.SetUp();
+
+			IndirectSignedResponse responseMessage = new IndirectSignedResponse(Protocol.Default.Version, RPUri);
+			this.extensions = responseMessage.Extensions;
+			this.response = new DotNetOpenAuth.OpenId.RelyingParty.PositiveAnonymousResponse(responseMessage);
+		}
+
+		/// <summary>
+		/// Verifies that with no extensions present, UnifyExtensionsAsSreg returns an empty ClaimsResponse.
+		/// </summary>
+		[TestMethod]
+		public void UnifyExtensionsAsSregNoExtensions() {
+			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.response, true);
+			Assert.IsNotNull(sreg);
+			Assert.IsNull(sreg.Nickname);
+		}
+
+		/// <summary>
+		/// Verifies that with sreg and AX extensions present, the sreg extension is returned.
+		/// </summary>
+		[TestMethod]
+		public void UnifyExtensionsAsSregWithSreg() {
+			var sregInjected = new ClaimsResponse {
+				Nickname = "andy",
+			};
+			var axInjected = new FetchResponse();
+			axInjected.Attributes.Add(WellKnownAttributes.Name.Alias, "nate");
+			this.extensions.Add(sregInjected);
+			this.extensions.Add(axInjected);
+			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.response, true);
+			Assert.AreSame(sregInjected, sreg);
+			Assert.AreEqual("andy", sreg.Nickname);
+		}
+
+		/// <summary>
+		/// Verifies UnifyExtensionsAsSreg correctly converts AX to sreg.
+		/// </summary>
+		[TestMethod]
+		public void UnifyExtensionsAsSregFromAXSchemaOrg() {
+			var axInjected = new FetchResponse();
+			axInjected.Attributes.Add(WellKnownAttributes.Name.Alias, "nate");
+			this.extensions.Add(axInjected);
+			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.response, true);
+			Assert.AreEqual("nate", sreg.Nickname);
+		}
+
+		/// <summary>
+		/// Verifies UnifyExtensionsAsSreg correctly converts AX in a non-standard format to sreg.
+		/// </summary>
+		[TestMethod]
+		public void UnifyExtensionsasSregFromSchemaOpenIdNet() {
+			var axInjected = new FetchResponse();
+			axInjected.Attributes.Add(ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.Alias, AXAttributeFormats.SchemaOpenIdNet), "nate");
+			this.extensions.Add(axInjected);
+			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.response, true);
+			Assert.AreEqual("nate", sreg.Nickname);
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth.Test/OpenId/OpenIdTestBase.cs b/src/DotNetOpenAuth.Test/OpenId/OpenIdTestBase.cs
index 8fa5580..59c818c 100644
--- a/src/DotNetOpenAuth.Test/OpenId/OpenIdTestBase.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/OpenIdTestBase.cs
@@ -187,7 +187,16 @@ namespace DotNetOpenAuth.Test.OpenId {
 		/// </summary>
 		/// <returns>The new instance.</returns>
 		protected OpenIdRelyingParty CreateRelyingParty() {
-			var rp = new OpenIdRelyingParty(new StandardRelyingPartyApplicationStore());
+			return this.CreateRelyingParty(false);
+		}
+
+		/// <summary>
+		/// Creates a standard <see cref="OpenIdRelyingParty"/> instance for general testing.
+		/// </summary>
+		/// <param name="stateless">if set to <c>true</c> a stateless RP is created.</param>
+		/// <returns>The new instance.</returns>
+		protected OpenIdRelyingParty CreateRelyingParty(bool stateless) {
+			var rp = new OpenIdRelyingParty(stateless ? null : new StandardRelyingPartyApplicationStore());
 			rp.Channel.WebRequestHandler = this.MockResponder.MockWebRequestHandler;
 			return rp;
 		}
diff --git a/src/DotNetOpenAuth.Test/OpenId/Provider/AuthenticationRequestTest.cs b/src/DotNetOpenAuth.Test/OpenId/Provider/AuthenticationRequestTest.cs
index e2a173b..accbd97 100644
--- a/src/DotNetOpenAuth.Test/OpenId/Provider/AuthenticationRequestTest.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/Provider/AuthenticationRequestTest.cs
@@ -34,7 +34,7 @@ namespace DotNetOpenAuth.Test.OpenId.Provider {
 			Assert.IsNotNull(userSetupUrl);
 
 			// Now construct a new request as if it had just come in.
-			HttpRequestInfo httpRequest = new HttpRequestInfo { Url = userSetupUrl };
+			HttpRequestInfo httpRequest = new HttpRequestInfo { UrlBeforeRewriting = userSetupUrl };
 			var setupRequest = AuthenticationRequest_Accessor.AttachShadow(provider.GetRequest(httpRequest));
 			CheckIdRequest_Accessor setupRequestMessage = setupRequest.RequestMessage;
 
diff --git a/src/DotNetOpenAuth.Test/OpenId/Provider/OpenIdProviderTests.cs b/src/DotNetOpenAuth.Test/OpenId/Provider/OpenIdProviderTests.cs
index 76a46d0..28b2b55 100644
--- a/src/DotNetOpenAuth.Test/OpenId/Provider/OpenIdProviderTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/Provider/OpenIdProviderTests.cs
@@ -90,7 +90,7 @@ namespace DotNetOpenAuth.Test.OpenId.Provider {
 		[TestMethod]
 		public void GetRequest() {
 			HttpRequestInfo httpInfo = new HttpRequestInfo();
-			httpInfo.Url = new Uri("http://someUri");
+			httpInfo.UrlBeforeRewriting = new Uri("http://someUri");
 			Assert.IsNull(this.provider.GetRequest(httpInfo), "An irrelevant request should return null.");
 			var providerDescription = new ProviderEndpointDescription(OpenIdTestBase.OPUri, Protocol.Default.Version);
 
diff --git a/src/DotNetOpenAuth.Test/OpenId/Provider/PerformanceTests.cs b/src/DotNetOpenAuth.Test/OpenId/Provider/PerformanceTests.cs
new file mode 100644
index 0000000..82384f8
--- /dev/null
+++ b/src/DotNetOpenAuth.Test/OpenId/Provider/PerformanceTests.cs
@@ -0,0 +1,149 @@
+//-----------------------------------------------------------------------
+// <copyright file="PerformanceTests.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Test.OpenId.Provider {
+	using System;
+	using System.Collections.Generic;
+	using System.Diagnostics;
+	using System.IO;
+	using System.Linq;
+	using System.Net;
+	using System.Text;
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.Messaging.Reflection;
+	using DotNetOpenAuth.OpenId;
+	using DotNetOpenAuth.OpenId.ChannelElements;
+	using DotNetOpenAuth.OpenId.Messages;
+	using DotNetOpenAuth.OpenId.Provider;
+	using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+	[TestClass]
+	public class PerformanceTests : OpenIdTestBase {
+		private const string SharedAssociationHandle = "handle";
+		private static readonly TimeSpan TestRunTime = TimeSpan.FromSeconds(3);
+		private OpenIdProvider provider;
+
+		[TestInitialize]
+		public override void SetUp() {
+			base.SetUp();
+
+			this.provider = CreateProvider();
+		}
+
+		[TestMethod]
+		public void AssociateDH() {
+			var associateRequest = this.CreateAssociateRequest(OPUri);
+			Stopwatch timer = new Stopwatch();
+			timer.Start();
+			int iterations;
+			for (iterations = 0; timer.ElapsedMilliseconds < TestRunTime.TotalMilliseconds; iterations++) {
+				IRequest request = this.provider.GetRequest(associateRequest);
+				var response = this.provider.PrepareResponse(request);
+				Assert.IsInstanceOfType(response.OriginalMessage, typeof(AssociateSuccessfulResponse));
+			}
+			timer.Stop();
+			double executionsPerSecond = GetExecutionsPerSecond(iterations, timer);
+			TestContext.WriteLine("Created {0} associations in {1}, or {2} per second.", iterations, timer.Elapsed, executionsPerSecond);
+			Assert.IsTrue(executionsPerSecond >= 2, "Too slow");
+		}
+
+		[TestMethod]
+		public void AssociateClearText() {
+			var associateRequest = this.CreateAssociateRequest(OPUriSsl); // SSL will cause a plaintext association
+			Stopwatch timer = new Stopwatch();
+			timer.Start();
+			int iterations;
+			for (iterations = 0; timer.ElapsedMilliseconds < TestRunTime.TotalMilliseconds; iterations++) {
+				IRequest request = this.provider.GetRequest(associateRequest);
+				var response = this.provider.PrepareResponse(request);
+				Assert.IsInstanceOfType(response.OriginalMessage, typeof(AssociateSuccessfulResponse));
+			}
+			timer.Stop();
+			double executionsPerSecond = GetExecutionsPerSecond(iterations, timer);
+			TestContext.WriteLine("Created {0} associations in {1}, or {2} per second.", iterations, timer.Elapsed, executionsPerSecond);
+			Assert.IsTrue(executionsPerSecond > 1000, "Too slow.");
+		}
+
+		[TestMethod]
+		public void CheckIdSharedHmacSha1Association() {
+			Protocol protocol = Protocol.Default;
+			string assocType = protocol.Args.SignatureAlgorithm.HMAC_SHA1;
+			double executionsPerSecond = this.ParameterizedCheckIdTest(protocol, assocType);
+			Assert.IsTrue(executionsPerSecond > 500, "Too slow");
+		}
+
+		[TestMethod]
+		public void CheckIdSharedHmacSha256Association() {
+			Protocol protocol = Protocol.Default;
+			string assocType = protocol.Args.SignatureAlgorithm.HMAC_SHA256;
+			double executionsPerSecond = this.ParameterizedCheckIdTest(protocol, assocType);
+			Assert.IsTrue(executionsPerSecond > 400, "Too slow");
+		}
+
+		private static double GetExecutionsPerSecond(int iterations, Stopwatch timer) {
+			return (double)iterations / (timer.ElapsedMilliseconds / 1000);
+		}
+
+		private double ParameterizedCheckIdTest(Protocol protocol, string assocType) {
+			Association assoc = HmacShaAssociation.Create(
+				protocol,
+				assocType,
+				AssociationRelyingPartyType.Smart,
+				this.provider.SecuritySettings);
+			this.provider.AssociationStore.StoreAssociation(AssociationRelyingPartyType.Smart, assoc);
+			var checkidRequest = this.CreateCheckIdRequest(true);
+			Stopwatch timer = new Stopwatch();
+			timer.Start();
+			int iterations;
+			for (iterations = 0; timer.ElapsedMilliseconds < TestRunTime.TotalMilliseconds; iterations++) {
+				var request = (IAuthenticationRequest)this.provider.GetRequest(checkidRequest);
+				request.IsAuthenticated = true;
+				var response = this.provider.PrepareResponse(request);
+				Assert.IsInstanceOfType(response.OriginalMessage, typeof(PositiveAssertionResponse));
+			}
+			timer.Stop();
+			double executionsPerSecond = GetExecutionsPerSecond(iterations, timer);
+			TestContext.WriteLine("Responded to {0} checkid messages in {1}; or {2} authentications per second.", iterations, timer.Elapsed, executionsPerSecond);
+			return executionsPerSecond;
+		}
+
+		private HttpRequestInfo CreateAssociateRequest(Uri opEndpoint) {
+			var rp = CreateRelyingParty(true);
+			AssociateRequest associateMessage = AssociateRequest.Create(rp.SecuritySettings, new ProviderEndpointDescription(opEndpoint, Protocol.Default.Version));
+			Channel rpChannel = rp.Channel;
+			MemoryStream ms = new MemoryStream();
+			StreamWriter mswriter = new StreamWriter(ms);
+			mswriter.Write(MessagingUtilities.CreateQueryString(rpChannel.MessageDescriptions.GetAccessor(associateMessage)));
+			mswriter.Flush();
+			ms.Position = 0;
+			var headers = new WebHeaderCollection();
+			headers.Add(HttpRequestHeader.ContentType, Channel.HttpFormUrlEncoded);
+			var httpRequest = new HttpRequestInfo("POST", opEndpoint, opEndpoint.PathAndQuery, headers, ms);
+			return httpRequest;
+		}
+
+		private HttpRequestInfo CreateCheckIdRequest(bool sharedAssociation) {
+			var rp = CreateRelyingParty(true);
+			CheckIdRequest checkidMessage = new CheckIdRequest(
+				Protocol.Default.Version,
+				OPUri,
+				DotNetOpenAuth.OpenId.RelyingParty.AuthenticationRequestMode.Setup);
+			if (sharedAssociation) {
+				checkidMessage.AssociationHandle = SharedAssociationHandle;
+			}
+			checkidMessage.ClaimedIdentifier = OPLocalIdentifiers[0];
+			checkidMessage.LocalIdentifier = OPLocalIdentifiers[0];
+			checkidMessage.Realm = RPRealmUri;
+			checkidMessage.ReturnTo = RPUri;
+			Channel rpChannel = rp.Channel;
+			UriBuilder receiver = new UriBuilder(OPUri);
+			receiver.Query = MessagingUtilities.CreateQueryString(rpChannel.MessageDescriptions.GetAccessor(checkidMessage));
+			var headers = new WebHeaderCollection();
+			var httpRequest = new HttpRequestInfo("GET", receiver.Uri, receiver.Uri.PathAndQuery, headers, null);
+			return httpRequest;
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth.Test/OpenId/ProviderEndpointDescriptionTests.cs b/src/DotNetOpenAuth.Test/OpenId/ProviderEndpointDescriptionTests.cs
new file mode 100644
index 0000000..005b8a0
--- /dev/null
+++ b/src/DotNetOpenAuth.Test/OpenId/ProviderEndpointDescriptionTests.cs
@@ -0,0 +1,62 @@
+//-----------------------------------------------------------------------
+// <copyright file="ProviderEndpointDescriptionTests.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Test.OpenId {
+	using System;
+	using DotNetOpenAuth.OpenId;
+	using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
+	using DotNetOpenAuth.OpenId.Messages;
+	using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+	[TestClass]
+	public class ProviderEndpointDescriptionTests : OpenIdTestBase {
+		private ProviderEndpointDescription se;
+
+		private string[] v20TypeUris = { Protocol.V20.ClaimedIdentifierServiceTypeURI };
+
+		[TestInitialize]
+		public override void SetUp() {
+			base.SetUp();
+
+			this.se = new ProviderEndpointDescription(OPUri, Protocol.V20.Version);
+		}
+
+		[TestMethod, ExpectedException(typeof(ArgumentNullException))]
+		public void IsExtensionSupportedNullType() {
+			this.se.IsExtensionSupported((Type)null);
+		}
+
+		[TestMethod, ExpectedException(typeof(ArgumentNullException))]
+		public void IsExtensionSupportedNullString() {
+			this.se.IsExtensionSupported((string)null);
+		}
+
+		[TestMethod, ExpectedException(typeof(ArgumentException))]
+		public void IsExtensionSupportedEmptyString() {
+			this.se.IsExtensionSupported(string.Empty);
+		}
+
+		[TestMethod, ExpectedException(typeof(ArgumentNullException))]
+		public void IsExtensionSupportedNullExtension() {
+			this.se.IsExtensionSupported((IOpenIdMessageExtension)null);
+		}
+
+		[TestMethod]
+		public void IsExtensionSupported() {
+			this.se = new ProviderEndpointDescription(OPUri, this.v20TypeUris);
+			Assert.IsFalse(this.se.IsExtensionSupported<ClaimsRequest>());
+			Assert.IsFalse(this.se.IsExtensionSupported(new ClaimsRequest()));
+			Assert.IsFalse(this.se.IsExtensionSupported("http://someextension/typeuri"));
+
+			this.se = new ProviderEndpointDescription(
+				OPUri,
+				new[] { Protocol.V20.ClaimedIdentifierServiceTypeURI, "http://someextension", Constants.sreg_ns });
+			Assert.IsTrue(this.se.IsExtensionSupported<ClaimsRequest>());
+			Assert.IsTrue(this.se.IsExtensionSupported(new ClaimsRequest()));
+			Assert.IsTrue(this.se.IsExtensionSupported("http://someextension"));
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAnonymousResponseTests.cs b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAnonymousResponseTests.cs
index 6452420..1418513 100644
--- a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAnonymousResponseTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAnonymousResponseTests.cs
@@ -36,7 +36,21 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
 			Assert.IsNull(response.ClaimedIdentifier);
 			Assert.IsNull(response.FriendlyIdentifierForDisplay);
 			Assert.IsNull(response.Exception);
+			Assert.IsNull(response.Provider);
 			Assert.AreSame(ext, response.GetUntrustedExtension<ClaimsResponse>());
 		}
+
+		/// <summary>
+		/// Verifies the Provider property.
+		/// </summary>
+		[TestMethod]
+		public void ProviderTest() {
+			var responseMessage = new IndirectSignedResponse(Protocol.V20.Version, this.returnTo);
+			responseMessage.ProviderEndpoint = OPUri;
+			var response = new PositiveAnonymousResponse(responseMessage);
+			Assert.IsNotNull(response.Provider);
+			Assert.AreEqual(OPUri, response.Provider.Uri);
+			Assert.AreEqual(responseMessage.Version, response.Provider.Version);
+		}
 	}
 }
diff --git a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/RelyingPartySecuritySettingsTests.cs b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/RelyingPartySecuritySettingsTests.cs
index 3f1cea0..851939e 100644
--- a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/RelyingPartySecuritySettingsTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/RelyingPartySecuritySettingsTests.cs
@@ -40,5 +40,29 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
 			this.settings.RequireSsl = false;
 			Assert.IsFalse(this.settings.RequireSsl);
 		}
+
+		/// <summary>
+		/// Verifies that the <see cref="RelyingPartySecuritySettings.RequireDirectedIdentity"/>
+		/// property getter/setter are implemented correctly.
+		/// </summary>
+		[TestMethod]
+		public void RequireDirectedIdentity() {
+			this.settings.RequireDirectedIdentity = true;
+			Assert.IsTrue(this.settings.RequireDirectedIdentity);
+			this.settings.RequireDirectedIdentity = false;
+			Assert.IsFalse(this.settings.RequireDirectedIdentity);
+		}
+
+		/// <summary>
+		/// Verifies that the <see cref="RelyingPartySecuritySettings.RequireAssociation"/>
+		/// property getter/setter are implemented correctly.
+		/// </summary>
+		[TestMethod]
+		public void RequireAssociation() {
+			this.settings.RequireAssociation = true;
+			Assert.IsTrue(this.settings.RequireAssociation);
+			this.settings.RequireAssociation = false;
+			Assert.IsFalse(this.settings.RequireAssociation);
+		}
 	}
 }
diff --git a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/ServiceEndpointTests.cs b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/ServiceEndpointTests.cs
index 7b71eef..bd09bc9 100644
--- a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/ServiceEndpointTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/ServiceEndpointTests.cs
@@ -173,46 +173,6 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
 			Assert.AreEqual("=!9B72.7DD1.50A9.5CCD", se.FriendlyIdentifierForDisplay);
 		}
 
-		[TestMethod, ExpectedException(typeof(ArgumentNullException))]
-		public void IsExtensionSupportedNullType() {
-			ServiceEndpoint se = ServiceEndpoint.CreateForClaimedIdentifier(this.claimedXri, this.userSuppliedXri, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority);
-			se.IsExtensionSupported((Type)null);
-		}
-
-		[TestMethod, ExpectedException(typeof(ArgumentNullException))]
-		public void IsExtensionSupportedNullString() {
-			ServiceEndpoint se = ServiceEndpoint.CreateForClaimedIdentifier(this.claimedXri, this.userSuppliedXri, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority);
-			se.IsExtensionSupported((string)null);
-		}
-
-		[TestMethod, ExpectedException(typeof(ArgumentException))]
-		public void IsExtensionSupportedEmptyString() {
-			ServiceEndpoint se = ServiceEndpoint.CreateForClaimedIdentifier(this.claimedXri, this.userSuppliedXri, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority);
-			se.IsExtensionSupported(string.Empty);
-		}
-
-		[TestMethod, ExpectedException(typeof(ArgumentNullException))]
-		public void IsExtensionSupportedNullExtension() {
-			ServiceEndpoint se = ServiceEndpoint.CreateForClaimedIdentifier(this.claimedXri, this.userSuppliedXri, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority);
-			se.IsExtensionSupported((IOpenIdMessageExtension)null);
-		}
-
-		[TestMethod]
-		public void IsExtensionSupported() {
-			ServiceEndpoint se = ServiceEndpoint.CreateForClaimedIdentifier(this.claimedXri, this.userSuppliedXri, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority);
-			Assert.IsFalse(se.IsExtensionSupported<ClaimsRequest>());
-			Assert.IsFalse(se.IsExtensionSupported(new ClaimsRequest()));
-			Assert.IsFalse(se.IsExtensionSupported("http://someextension/typeuri"));
-
-			ProviderEndpointDescription ped = new ProviderEndpointDescription(
-				OPUri,
-				new[] { Protocol.V20.ClaimedIdentifierServiceTypeURI, "http://someextension", Constants.sreg_ns });
-			se = ServiceEndpoint.CreateForClaimedIdentifier(this.claimedXri, this.userSuppliedXri, this.localId, ped, this.servicePriority, this.uriPriority);
-			Assert.IsTrue(se.IsExtensionSupported<ClaimsRequest>());
-			Assert.IsTrue(se.IsExtensionSupported(new ClaimsRequest()));
-			Assert.IsTrue(se.IsExtensionSupported("http://someextension"));
-		}
-
 		[TestMethod]
 		public void IsTypeUriPresent() {
 			ServiceEndpoint se = ServiceEndpoint.CreateForClaimedIdentifier(this.claimedXri, this.userSuppliedXri, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority);
diff --git a/src/DotNetOpenAuth.Test/OpenId/UriIdentifierTests.cs b/src/DotNetOpenAuth.Test/OpenId/UriIdentifierTests.cs
index 92379da..5a5182f 100644
--- a/src/DotNetOpenAuth.Test/OpenId/UriIdentifierTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/UriIdentifierTests.cs
@@ -391,7 +391,7 @@ namespace DotNetOpenAuth.Test.OpenId {
 			// the ServiceEndpoint.Equals method.
 			Assert.AreEqual(expectSreg ? 2 : 1, se.ProviderSupportedServiceTypeUris.Count);
 			Assert.IsTrue(se.ProviderSupportedServiceTypeUris.Contains(protocol.ClaimedIdentifierServiceTypeURI));
-			Assert.AreEqual(expectSreg, se.IsExtensionSupported(new ClaimsRequest()));
+			Assert.AreEqual(expectSreg, se.IsExtensionSupported<ClaimsRequest>());
 		}
 
 		private void DiscoverXrds(string page, ProtocolVersion version, Identifier expectedLocalId, string providerEndpoint) {