Introduced ICryptoKeyStore, and worked it into OpenID OPs, RPs, and OAuth 2.0 roles.

author: Andrew Arnott <andrewarnott@gmail.com> 2011-05-28 17:31:20 -0700
committer: Andrew Arnott <andrewarnott@gmail.com> 2011-05-28 17:31:20 -0700
commit: dbbc823b7580d4e7d5251539a8dcace730df2e3f (patch)
tree: 52489fda9952d9aa7ccd59fab795e6862e24753b /src/DotNetOpenAuth.Test
parent: bb155ca75f8906bde74d8adbf36fa4f4c4bcded7 (diff)
parent: 5ea256fa7309ad23f4278ef9113ccde5a231bff7 (diff)
download: DotNetOpenAuth-dbbc823b7580d4e7d5251539a8dcace730df2e3f.zip
DotNetOpenAuth-dbbc823b7580d4e7d5251539a8dcace730df2e3f.tar.gz
DotNetOpenAuth-dbbc823b7580d4e7d5251539a8dcace730df2e3f.tar.bz2
10 files changed, 35 insertions, 24 deletions
diff --git a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
index 941857d..9bae939 100644
--- a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
+++ b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
@@ -243,7 +243,7 @@
     <Compile Include="OAuth\ProtocolTests.cs" />
     <Compile Include="OAuth\ServiceProviderDescriptionTests.cs" />
     <Compile Include="OAuth\ServiceProviderTests.cs" />
-    <Compile Include="OpenId\AssociationsTests.cs" />
+    <Compile Include="OpenId\RelyingParty\AssociationsTests.cs" />
     <Compile Include="OpenId\AssociationTests.cs" />
     <Compile Include="OpenId\AuthenticationTests.cs" />
     <Compile Include="OpenId\ChannelElements\ExtensionsBindingElementTests.cs" />
diff --git a/src/DotNetOpenAuth.Test/Messaging/MessageSerializerTests.cs b/src/DotNetOpenAuth.Test/Messaging/MessageSerializerTests.cs
index d07cf32..07743e1 100644
--- a/src/DotNetOpenAuth.Test/Messaging/MessageSerializerTests.cs
+++ b/src/DotNetOpenAuth.Test/Messaging/MessageSerializerTests.cs
@@ -65,7 +65,7 @@ namespace DotNetOpenAuth.Test.Messaging {
 
 			var ms = new MemoryStream();
 			var writer = JsonReaderWriterFactory.CreateJsonWriter(ms, Encoding.UTF8);
-			serializer.Serialize(this.MessageDescriptions.GetAccessor(message), writer);
+			MessageSerializer.Serialize(this.MessageDescriptions.GetAccessor(message), writer);
 			writer.Flush();
 
 			string actual = Encoding.UTF8.GetString(ms.ToArray());
@@ -75,7 +75,7 @@ namespace DotNetOpenAuth.Test.Messaging {
 			ms.Position = 0;
 			var deserialized = new Mocks.TestDirectedMessage();
 			var reader = JsonReaderWriterFactory.CreateJsonReader(ms, XmlDictionaryReaderQuotas.Max);
-			serializer.Deserialize(this.MessageDescriptions.GetAccessor(deserialized), reader);
+			MessageSerializer.Deserialize(this.MessageDescriptions.GetAccessor(deserialized), reader);
 			Assert.AreEqual(message.Age, deserialized.Age);
 			Assert.AreEqual(message.EmptyMember, deserialized.EmptyMember);
 			Assert.AreEqual(message.Location, deserialized.Location);
@@ -86,7 +86,7 @@ namespace DotNetOpenAuth.Test.Messaging {
 		[TestCase, ExpectedException(typeof(ArgumentNullException))]
 		public void DeserializeNull() {
 			var serializer = MessageSerializer.Get(typeof(Mocks.TestMessage));
-			serializer.Deserialize(null, null);
+			MessageSerializer.Deserialize(null, null);
 		}
 
 		[TestCase]
diff --git a/src/DotNetOpenAuth.Test/Mocks/TestBadChannel.cs b/src/DotNetOpenAuth.Test/Mocks/TestBadChannel.cs
index 439acbb..515e69e 100644
--- a/src/DotNetOpenAuth.Test/Mocks/TestBadChannel.cs
+++ b/src/DotNetOpenAuth.Test/Mocks/TestBadChannel.cs
@@ -17,8 +17,8 @@ namespace DotNetOpenAuth.Test.Mocks {
 			: base(badConstructorParam ? null : new TestMessageFactory()) {
 		}
 
-		internal new void Create301RedirectResponse(IDirectedProtocolMessage message, IDictionary<string, string> fields) {
-			base.Create301RedirectResponse(message, fields);
+		internal new void Create301RedirectResponse(IDirectedProtocolMessage message, IDictionary<string, string> fields, bool payloadInFragment = false) {
+			base.Create301RedirectResponse(message, fields, payloadInFragment);
 		}
 
 		internal new void CreateFormPostResponse(IDirectedProtocolMessage message, IDictionary<string, string> fields) {
diff --git a/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs b/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
index 390a5f1..0c52b98 100644
--- a/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
@@ -352,9 +352,10 @@ namespace DotNetOpenAuth.Test.OpenId {
 
 			if (expectSuccess) {
 				Assert.IsNotNull(rpAssociation);
-				Assert.AreSame(rpAssociation, coordinator.RelyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, rpAssociation.Handle));
-				opAssociation = coordinator.Provider.AssociationStore.GetAssociation(AssociationRelyingPartyType.Smart, rpAssociation.Handle);
-				Assert.IsNotNull(opAssociation, "The Provider should have stored the association.");
+				Association actual = coordinator.RelyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, rpAssociation.Handle);
+				Assert.AreEqual(rpAssociation, actual);
+				opAssociation = coordinator.Provider.AssociationStore.Deserialize(new TestSignedDirectedMessage(), false, rpAssociation.Handle);
+				Assert.IsNotNull(opAssociation, "The Provider could not decode the association handle.");
 
 				Assert.AreEqual(opAssociation.Handle, rpAssociation.Handle);
 				Assert.AreEqual(expectedAssociationType, rpAssociation.GetAssociationType(protocol));
@@ -372,7 +373,6 @@ namespace DotNetOpenAuth.Test.OpenId {
 				}
 			} else {
 				Assert.IsNull(coordinator.RelyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, new RelyingPartySecuritySettings()));
-				Assert.IsNull(coordinator.Provider.AssociationStore.GetAssociation(AssociationRelyingPartyType.Smart, new ProviderSecuritySettings()));
 			}
 		}
 	}
diff --git a/src/DotNetOpenAuth.Test/OpenId/AuthenticationTests.cs b/src/DotNetOpenAuth.Test/OpenId/AuthenticationTests.cs
index 27db93e..2814506 100644
--- a/src/DotNetOpenAuth.Test/OpenId/AuthenticationTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/AuthenticationTests.cs
@@ -138,8 +138,10 @@ namespace DotNetOpenAuth.Test.OpenId {
 		private void ParameterizedAuthenticationTest(Protocol protocol, bool statelessRP, bool sharedAssociation, bool positive, bool immediate, bool tamper) {
 			Contract.Requires<ArgumentException>(!statelessRP || !sharedAssociation, "The RP cannot be stateless while sharing an association with the OP.");
 			Contract.Requires<ArgumentException>(positive || !tamper, "Cannot tamper with a negative response.");
-			ProviderSecuritySettings securitySettings = new ProviderSecuritySettings();
-			Association association = sharedAssociation ? HmacShaAssociation.Create(protocol, protocol.Args.SignatureAlgorithm.Best, AssociationRelyingPartyType.Smart, securitySettings) : null;
+			var securitySettings = new ProviderSecuritySettings();
+			var cryptoKeyStore = new MemoryCryptoKeyStore();
+			var associationStore = new ProviderAssociationHandleEncoder(cryptoKeyStore);
+			Association association = sharedAssociation ? HmacShaAssociation.Create(protocol, protocol.Args.SignatureAlgorithm.Best, AssociationRelyingPartyType.Smart, associationStore, securitySettings) : null;
 			var coordinator = new OpenIdCoordinator(
 				rp => {
 					var request = new CheckIdRequest(protocol.Version, OPUri, immediate ? AuthenticationRequestMode.Immediate : AuthenticationRequestMode.Setup);
@@ -197,7 +199,8 @@ namespace DotNetOpenAuth.Test.OpenId {
 				},
 				op => {
 					if (association != null) {
-						op.AssociationStore.StoreAssociation(AssociationRelyingPartyType.Smart, association);
+						var key = cryptoKeyStore.GetCurrentKey(ProviderAssociationHandleEncoder.AssociationHandleEncodingSecretBucket, TimeSpan.FromSeconds(1));
+						op.CryptoKeyStore.StoreKey(ProviderAssociationHandleEncoder.AssociationHandleEncodingSecretBucket, key.Key, key.Value);
 					}
 
 					var request = op.Channel.ReadFromRequest<CheckIdRequest>();
diff --git a/src/DotNetOpenAuth.Test/OpenId/ChannelElements/OpenIdChannelTests.cs b/src/DotNetOpenAuth.Test/OpenId/ChannelElements/OpenIdChannelTests.cs
index eaaef34..5e0ccf5 100644
--- a/src/DotNetOpenAuth.Test/OpenId/ChannelElements/OpenIdChannelTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/ChannelElements/OpenIdChannelTests.cs
@@ -29,7 +29,7 @@ namespace DotNetOpenAuth.Test.OpenId.ChannelElements {
 		[SetUp]
 		public void Setup() {
 			this.webHandler = new Mocks.TestWebRequestHandler();
-			this.channel = new OpenIdChannel(new AssociationMemoryStore<Uri>(), new NonceMemoryStore(maximumMessageAge), new RelyingPartySecuritySettings());
+			this.channel = new OpenIdChannel(new MemoryCryptoKeyStore(), new NonceMemoryStore(maximumMessageAge), new RelyingPartySecuritySettings());
 			this.channel.WebRequestHandler = this.webHandler;
 		}
 
diff --git a/src/DotNetOpenAuth.Test/OpenId/ChannelElements/SigningBindingElementTests.cs b/src/DotNetOpenAuth.Test/OpenId/ChannelElements/SigningBindingElementTests.cs
index 6160680..e6f3e6e 100644
--- a/src/DotNetOpenAuth.Test/OpenId/ChannelElements/SigningBindingElementTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/ChannelElements/SigningBindingElementTests.cs
@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.Test.OpenId.ChannelElements {
 	using System;
 	using System.Linq;
+	using DotNetOpenAuth.Messaging.Bindings;
 	using DotNetOpenAuth.OpenId;
 	using DotNetOpenAuth.OpenId.ChannelElements;
 	using DotNetOpenAuth.OpenId.Messages;
@@ -23,10 +24,12 @@ namespace DotNetOpenAuth.Test.OpenId.ChannelElements {
 		public void SignaturesMatchKnownGood() {
 			Protocol protocol = Protocol.V20;
 			var settings = new ProviderSecuritySettings();
-			var store = new AssociationMemoryStore<AssociationRelyingPartyType>();
+			var cryptoStore = new MemoryCryptoKeyStore();
 			byte[] associationSecret = Convert.FromBase64String("rsSwv1zPWfjPRQU80hciu8FPDC+GONAMJQ/AvSo1a2M=");
-			Association association = HmacShaAssociation.Create("mock", associationSecret, TimeSpan.FromDays(1));
-			store.StoreAssociation(AssociationRelyingPartyType.Smart, association);
+			string handle = "mock";
+			cryptoStore.StoreKey(ProviderAssociationKeyStorage.SharedAssociationBucket, handle, new CryptoKey(associationSecret, DateTime.UtcNow.AddDays(1)));
+
+			var store = new ProviderAssociationKeyStorage(cryptoStore);
 			SigningBindingElement signer = new SigningBindingElement(store, settings);
 			signer.Channel = new TestChannel(this.MessageDescriptions);
 
@@ -34,7 +37,7 @@ namespace DotNetOpenAuth.Test.OpenId.ChannelElements {
 			ITamperResistantOpenIdMessage signedMessage = message;
 			message.ProviderEndpoint = new Uri("http://provider");
 			signedMessage.UtcCreationDate = DateTime.Parse("1/1/2009");
-			signedMessage.AssociationHandle = association.Handle;
+			signedMessage.AssociationHandle = handle;
 			Assert.IsNotNull(signer.ProcessOutgoingMessage(message));
 			Assert.AreEqual("o9+uN7qTaUS9v0otbHTuNAtbkpBm14+es9QnNo6IHD4=", signedMessage.Signature);
 		}
@@ -45,7 +48,7 @@ namespace DotNetOpenAuth.Test.OpenId.ChannelElements {
 		[TestCase]
 		public void SignedResponsesIncludeExtraDataInSignature() {
 			Protocol protocol = Protocol.Default;
-			SigningBindingElement sbe = new SigningBindingElement(new AssociationMemoryStore<AssociationRelyingPartyType>(), new ProviderSecuritySettings());
+			SigningBindingElement sbe = new SigningBindingElement(new ProviderAssociationHandleEncoder(new MemoryCryptoKeyStore()), new ProviderSecuritySettings());
 			sbe.Channel = new TestChannel(this.MessageDescriptions);
 			IndirectSignedResponse response = new IndirectSignedResponse(protocol.Version, RPUri);
 			response.ReturnTo = RPUri;
diff --git a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionTestUtilities.cs b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionTestUtilities.cs
index 334fc93..9be806b 100644
--- a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionTestUtilities.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionTestUtilities.cs
@@ -10,6 +10,7 @@ namespace DotNetOpenAuth.Test.OpenId.Extensions {
 	using System.Diagnostics.Contracts;
 	using System.Linq;
 	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.Messaging.Bindings;
 	using DotNetOpenAuth.OpenId;
 	using DotNetOpenAuth.OpenId.ChannelElements;
 	using DotNetOpenAuth.OpenId.Extensions;
@@ -33,8 +34,10 @@ namespace DotNetOpenAuth.Test.OpenId.Extensions {
 			Protocol protocol,
 			IEnumerable<IOpenIdMessageExtension> requests,
 			IEnumerable<IOpenIdMessageExtension> responses) {
-			ProviderSecuritySettings securitySettings = new ProviderSecuritySettings();
-			Association association = HmacShaAssociation.Create(protocol, protocol.Args.SignatureAlgorithm.Best, AssociationRelyingPartyType.Smart, securitySettings);
+			var securitySettings = new ProviderSecuritySettings();
+			var cryptoKeyStore = new MemoryCryptoKeyStore();
+			var associationStore = new ProviderAssociationHandleEncoder(cryptoKeyStore);
+			Association association = HmacShaAssociation.Create(protocol, protocol.Args.SignatureAlgorithm.Best, AssociationRelyingPartyType.Smart, associationStore, securitySettings);
 			var coordinator = new OpenIdCoordinator(
 				rp => {
 					RegisterExtension(rp.Channel, Mocks.MockOpenIdExtension.Factory);
@@ -57,7 +60,8 @@ namespace DotNetOpenAuth.Test.OpenId.Extensions {
 				},
 				op => {
 					RegisterExtension(op.Channel, Mocks.MockOpenIdExtension.Factory);
-					op.AssociationStore.StoreAssociation(AssociationRelyingPartyType.Smart, association);
+					var key = cryptoKeyStore.GetCurrentKey(ProviderAssociationHandleEncoder.AssociationHandleEncodingSecretBucket, TimeSpan.FromSeconds(1));
+					op.CryptoKeyStore.StoreKey(ProviderAssociationHandleEncoder.AssociationHandleEncodingSecretBucket, key.Key, key.Value);
 					var request = op.Channel.ReadFromRequest<CheckIdRequest>();
 					var response = new PositiveAssertionResponse(request);
 					var receivedRequests = request.Extensions.Cast<IOpenIdMessageExtension>();
diff --git a/src/DotNetOpenAuth.Test/OpenId/Provider/PerformanceTests.cs b/src/DotNetOpenAuth.Test/OpenId/Provider/PerformanceTests.cs
index 4530982..365c5c5 100644
--- a/src/DotNetOpenAuth.Test/OpenId/Provider/PerformanceTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/Provider/PerformanceTests.cs
@@ -78,8 +78,8 @@ namespace DotNetOpenAuth.Test.OpenId.Provider {
 				protocol,
 				assocType,
 				AssociationRelyingPartyType.Smart,
+				this.provider.AssociationStore,
 				this.provider.SecuritySettings);
-			this.provider.AssociationStore.StoreAssociation(AssociationRelyingPartyType.Smart, assoc);
 			var checkidRequest = this.CreateCheckIdRequest(true);
 			MeasurePerformance(
 				() => {
diff --git a/src/DotNetOpenAuth.Test/OpenId/AssociationsTests.cs b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/AssociationsTests.cs
index b3d7e4d..531fb45 100644
--- a/src/DotNetOpenAuth.Test/OpenId/AssociationsTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/AssociationsTests.cs
@@ -4,13 +4,14 @@
 // </copyright>
 //-----------------------------------------------------------------------
 
-namespace DotNetOpenAuth.Test.OpenId {
+namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
 	using System;
 	using System.Collections.Generic;
 	using System.Linq;
 	using System.Security.Cryptography;
 	using System.Text;
 	using DotNetOpenAuth.OpenId;
+	using DotNetOpenAuth.OpenId.RelyingParty;
 	using NUnit.Framework;
 
 	[TestFixture]
author	Andrew Arnott <andrewarnott@gmail.com>	2011-05-28 17:31:20 -0700
committer	Andrew Arnott <andrewarnott@gmail.com>	2011-05-28 17:31:20 -0700
commit	dbbc823b7580d4e7d5251539a8dcace730df2e3f (patch)
tree	52489fda9952d9aa7ccd59fab795e6862e24753b /src/DotNetOpenAuth.Test
parent	bb155ca75f8906bde74d8adbf36fa4f4c4bcded7 (diff)
parent	5ea256fa7309ad23f4278ef9113ccde5a231bff7 (diff)
download	DotNetOpenAuth-dbbc823b7580d4e7d5251539a8dcace730df2e3f.zip DotNetOpenAuth-dbbc823b7580d4e7d5251539a8dcace730df2e3f.tar.gz DotNetOpenAuth-dbbc823b7580d4e7d5251539a8dcace730df2e3f.tar.bz2