Added test to verify OP's compliance with OpenID 2.0 section 8.4.1.

5 files changed, 124 insertions, 7 deletions

diff --git a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
index 52bd0bd..bbd955d 100644
--- a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
+++ b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
@@ -114,7 +114,9 @@
     <Compile Include="Messaging\Bindings\StandardExpirationBindingElementTests.cs" />
     <Compile Include="Messaging\Reflection\MessagePartTests.cs" />
     <Compile Include="Messaging\Reflection\ValueMappingTests.cs" />
+    <Compile Include="Mocks\AssociateUnencryptedRequestNoSslCheck.cs" />
     <Compile Include="Mocks\CoordinatingChannel.cs" />
+    <Compile Include="Mocks\CoordinatingHttpRequestInfo.cs" />
     <Compile Include="Mocks\CoordinatingUserAgentResponse.cs" />
     <Compile Include="Mocks\InMemoryTokenManager.cs" />
     <Compile Include="Mocks\MockHttpRequest.cs" />
diff --git a/src/DotNetOpenAuth.Test/Mocks/AssociateUnencryptedRequestNoSslCheck.cs b/src/DotNetOpenAuth.Test/Mocks/AssociateUnencryptedRequestNoSslCheck.cs
new file mode 100644
index 0000000..94028e9
--- /dev/null
+++ b/src/DotNetOpenAuth.Test/Mocks/AssociateUnencryptedRequestNoSslCheck.cs
@@ -0,0 +1,28 @@
+//-----------------------------------------------------------------------
+// <copyright file="AssociateUnencryptedRequestNoSslCheck.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Test.Mocks {
+	using System;
+	using System.Collections.Generic;
+	using System.Linq;
+	using System.Text;
+	using DotNetOpenAuth.OpenId.Messages;
+
+	/// <summary>
+	/// An associate request message that doesn't throw when
+	/// it is used over HTTP (without SSL).
+	/// </summary>
+	internal class AssociateUnencryptedRequestNoSslCheck : AssociateUnencryptedRequest {
+		internal AssociateUnencryptedRequestNoSslCheck(Version version, Uri providerEndpoint)
+			: base(version, providerEndpoint) {
+		}
+
+		public override void EnsureValidMessage() {
+			// We deliberately do NOT call our base class method to avoid throwing
+			// when no-encryption is used over an HTTP transport.
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth.Test/Mocks/CoordinatingChannel.cs b/src/DotNetOpenAuth.Test/Mocks/CoordinatingChannel.cs
index 53e0b3c..80351d4 100644
--- a/src/DotNetOpenAuth.Test/Mocks/CoordinatingChannel.cs
+++ b/src/DotNetOpenAuth.Test/Mocks/CoordinatingChannel.cs
@@ -136,15 +136,10 @@ namespace DotNetOpenAuth.Test.Mocks {
 		protected internal override HttpRequestInfo GetRequestFromContext() {
 			MessageReceivingEndpoint recipient;
 			var messageData = this.AwaitIncomingMessage(out recipient);
-			IDirectedProtocolMessage message = null;
 			if (messageData != null) {
-				message = this.MessageFactory.GetNewRequestMessage(recipient, messageData);
-				if (message != null) {
-					MessageSerializer.Get(message.GetType()).Deserialize(messageData, message);
-				}
-				return new HttpRequestInfo(message, recipient.AllowedMethods);
+				return new CoordinatingHttpRequestInfo(this.MessageFactory, messageData, recipient);
 			} else {
-				return new HttpRequestInfo(null, HttpDeliveryMethods.GetRequest);
+				return new CoordinatingHttpRequestInfo(recipient);
 			}
 		}
 
diff --git a/src/DotNetOpenAuth.Test/Mocks/CoordinatingHttpRequestInfo.cs b/src/DotNetOpenAuth.Test/Mocks/CoordinatingHttpRequestInfo.cs
new file mode 100644
index 0000000..5467045
--- /dev/null
+++ b/src/DotNetOpenAuth.Test/Mocks/CoordinatingHttpRequestInfo.cs
@@ -0,0 +1,65 @@
+//-----------------------------------------------------------------------
+// <copyright file="CoordinatingHttpRequestInfo.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Test.Mocks {
+	using System.Collections.Generic;
+	using System.Diagnostics.Contracts;
+	using DotNetOpenAuth.Messaging;
+
+	internal class CoordinatingHttpRequestInfo : HttpRequestInfo {
+		private IDictionary<string, string> messageData;
+		private IMessageFactory messageFactory;
+		private MessageReceivingEndpoint recipient;
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="CoordinatingHttpRequestInfo"/> class
+		/// that will generate a message when the <see cref="Message"/> property getter is called.
+		/// </summary>
+		/// <param name="messageFactory">The message factory.</param>
+		/// <param name="messageData">The message data.</param>
+		/// <param name="recipient">The recipient.</param>
+		internal CoordinatingHttpRequestInfo(IMessageFactory messageFactory, IDictionary<string, string> messageData, MessageReceivingEndpoint recipient)
+			: this(recipient) {
+			Contract.Requires(messageFactory != null);
+			Contract.Requires(messageData != null);
+			this.messageFactory = messageFactory;
+			this.messageData = messageData;
+		}
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="CoordinatingHttpRequestInfo"/> class
+		/// that will not generate any message.
+		/// </summary>
+		/// <param name="recipient">The recipient.</param>
+		internal CoordinatingHttpRequestInfo(MessageReceivingEndpoint recipient) {
+			this.recipient = recipient;
+
+			if (recipient == null || (recipient.AllowedMethods & HttpDeliveryMethods.GetRequest) != 0) {
+				this.HttpMethod = "GET";
+			} else if ((recipient.AllowedMethods & HttpDeliveryMethods.PostRequest) != 0) {
+				this.HttpMethod = "POST";
+			}
+		}
+
+		internal override IDirectedProtocolMessage Message {
+			get {
+				if (base.Message == null && this.messageData != null) {
+					IDirectedProtocolMessage message = this.messageFactory.GetNewRequestMessage(this.recipient, this.messageData);
+					if (message != null) {
+						MessageSerializer.Get(message.GetType()).Deserialize(this.messageData, message);
+					}
+					base.Message = message;
+				}
+
+				return base.Message;
+			}
+
+			set {
+				base.Message = value;
+			}
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs b/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
index 94c0671..f88af0d 100644
--- a/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
@@ -11,6 +11,7 @@ namespace DotNetOpenAuth.Test.OpenId {
 	using DotNetOpenAuth.OpenId.Messages;
 	using DotNetOpenAuth.OpenId.Provider;
 	using DotNetOpenAuth.OpenId.RelyingParty;
+	using DotNetOpenAuth.Test.Mocks;
 	using Microsoft.VisualStudio.TestTools.UnitTesting;
 
 	[TestClass]
@@ -104,6 +105,29 @@ namespace DotNetOpenAuth.Test.OpenId {
 		}
 
 		/// <summary>
+		/// Verifies that the OP rejects an associate request that has no encryption (transport or DH).
+		/// </summary>
+		/// <remarks>
+		/// Verifies OP's compliance with OpenID 2.0 section 8.4.1.
+		/// </remarks>
+		[TestMethod]
+		public void OPRejectsHttpNoEncryptionAssociateRequests() {
+			Protocol protocol = Protocol.V20;
+			OpenIdCoordinator coordinator = new OpenIdCoordinator(
+				rp => {
+					// We have to formulate the associate request manually,
+					// since the DNOI RP won't voluntarily suggest no encryption at all.
+					var request = new AssociateUnencryptedRequestNoSslCheck(protocol.Version, OPUri);
+					request.AssociationType = protocol.Args.SignatureAlgorithm.HMAC_SHA256;
+					request.SessionType = protocol.Args.SessionType.NoEncryption;
+					var response = rp.Channel.Request<DirectErrorResponse>(request);
+					Assert.IsNotNull(response);
+				},
+				AutoProvider);
+			coordinator.Run();
+		}
+
+		/// <summary>
 		/// Verifies that the OP rejects an associate request
 		/// when the HMAC and DH bit lengths do not match.
 		/// </summary>
@@ -154,6 +178,9 @@ namespace DotNetOpenAuth.Test.OpenId {
 		/// <summary>
 		/// Verifies that the RP quietly rejects an OP that suggests an no encryption over an HTTP channel.
 		/// </summary>
+		/// <remarks>
+		/// Verifies RP's compliance with OpenID 2.0 section 8.4.1.
+		/// </remarks>
 		[TestMethod]
 		public void RPRejectsUnencryptedSuggestion() {
 			Protocol protocol = Protocol.V20;