Added OpenID Provider downlevel protection for 1.x Relying Parties and turning it on by default.

3 files changed, 7 insertions, 8 deletions

diff --git a/src/DotNetOpenAuth.Test/OpenId/AuthenticationTests.cs b/src/DotNetOpenAuth.Test/OpenId/AuthenticationTests.cs
index 82b512a..0167ecd 100644
--- a/src/DotNetOpenAuth.Test/OpenId/AuthenticationTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/AuthenticationTests.cs
@@ -104,13 +104,12 @@ namespace DotNetOpenAuth.Test.OpenId {
 							// notice the replay, we can get one of two exceptions thrown.
 							// When the OP notices the replay we get a generic InvalidSignatureException.
 							// When the RP notices the replay we get a specific ReplayMessageException.
-							Type expectedExceptionType = sharedAssociation || protocol.Version.Major < 2 ? typeof(ReplayedMessageException) : typeof(InvalidSignatureException);
 							try {
 								CoordinatingChannel channel = (CoordinatingChannel)rp.Channel;
 								channel.Replay(response);
-								Assert.Fail("Expected exception {0} was not thrown.", expectedExceptionType.Name);
+								Assert.Fail("Expected ProtocolException was not thrown.");
 							} catch (ProtocolException ex) {
-								Assert.IsInstanceOfType(ex, expectedExceptionType);
+								Assert.IsTrue(ex is ReplayedMessageException || ex is InvalidSignatureException, "A {0} exception was thrown instead of the expected {1} or {2}.", ex.GetType(), typeof(ReplayedMessageException).Name, typeof(InvalidSignatureException).Name);
 							}
 						}
 					} else {
diff --git a/src/DotNetOpenAuth.Test/OpenId/ChannelElements/ExtensionsBindingElementTests.cs b/src/DotNetOpenAuth.Test/OpenId/ChannelElements/ExtensionsBindingElementTests.cs
index 948cd1a..764e830 100644
--- a/src/DotNetOpenAuth.Test/OpenId/ChannelElements/ExtensionsBindingElementTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/ChannelElements/ExtensionsBindingElementTests.cs
@@ -61,13 +61,13 @@ namespace DotNetOpenAuth.Test.OpenId.ChannelElements {
 		[TestMethod]
 		public void PrepareMessageForSendingNonExtendableMessage() {
 			IProtocolMessage request = new AssociateDiffieHellmanRequest(Protocol.Default.Version, OpenIdTestBase.OPUri);
-			Assert.IsFalse(this.rpElement.PrepareMessageForSending(request));
+			Assert.IsNull(this.rpElement.PrepareMessageForSending(request));
 		}
 
 		[TestMethod]
 		public void PrepareMessageForSending() {
 			this.request.Extensions.Add(new MockOpenIdExtension("part", "extra"));
-			Assert.IsTrue(this.rpElement.PrepareMessageForSending(this.request));
+			Assert.IsNotNull(this.rpElement.PrepareMessageForSending(this.request));
 
 			string alias = GetAliases(this.request.ExtraData).Single();
 			Assert.AreEqual(MockOpenIdExtension.MockTypeUri, this.request.ExtraData["openid.ns." + alias]);
@@ -80,7 +80,7 @@ namespace DotNetOpenAuth.Test.OpenId.ChannelElements {
 			this.request.ExtraData["openid.ns.mock"] = MockOpenIdExtension.MockTypeUri;
 			this.request.ExtraData["openid.mock.Part"] = "part";
 			this.request.ExtraData["openid.mock.data"] = "extra";
-			Assert.IsTrue(this.rpElement.PrepareMessageForReceiving(this.request));
+			Assert.IsNotNull(this.rpElement.PrepareMessageForReceiving(this.request));
 			MockOpenIdExtension ext = this.request.Extensions.OfType<MockOpenIdExtension>().Single();
 			Assert.AreEqual("part", ext.Part);
 			Assert.AreEqual("extra", ext.Data);
diff --git a/src/DotNetOpenAuth.Test/OpenId/ChannelElements/SigningBindingElementTests.cs b/src/DotNetOpenAuth.Test/OpenId/ChannelElements/SigningBindingElementTests.cs
index 78b96e6..6b99541 100644
--- a/src/DotNetOpenAuth.Test/OpenId/ChannelElements/SigningBindingElementTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/ChannelElements/SigningBindingElementTests.cs
@@ -35,7 +35,7 @@ namespace DotNetOpenAuth.Test.OpenId.ChannelElements {
 			message.ProviderEndpoint = new Uri("http://provider");
 			signedMessage.UtcCreationDate = DateTime.Parse("1/1/2009");
 			signedMessage.AssociationHandle = association.Handle;
-			Assert.IsTrue(signer.PrepareMessageForSending(message));
+			Assert.IsNotNull(signer.PrepareMessageForSending(message));
 			Assert.AreEqual("0wOdvNgzCZ5I5AzbU58Nq2Tg8EJZ7QoNz4gpx2r7jII=", signedMessage.Signature);
 		}
 
@@ -53,7 +53,7 @@ namespace DotNetOpenAuth.Test.OpenId.ChannelElements {
 			response.ExtraData["someunsigned"] = "value";
 			response.ExtraData["openid.somesigned"] = "value";
 
-			Assert.IsTrue(sbe.PrepareMessageForSending(response));
+			Assert.IsNotNull(sbe.PrepareMessageForSending(response));
 			ITamperResistantOpenIdMessage signedResponse = (ITamperResistantOpenIdMessage)response;
 
 			// Make sure that the extra parameters are signed.