Got all 4 association tests to pass.

But we have a lot more association tests to write.

6 files changed, 92 insertions, 22 deletions

diff --git a/src/DotNetOpenAuth.Test/CoordinatorBase.cs b/src/DotNetOpenAuth.Test/CoordinatorBase.cs
index 4463dde..8efd46d 100644
--- a/src/DotNetOpenAuth.Test/CoordinatorBase.cs
+++ b/src/DotNetOpenAuth.Test/CoordinatorBase.cs
@@ -39,12 +39,14 @@ namespace DotNetOpenAuth.Test {
 					action();
 				} catch (Exception ex) {
 					// We may be the second thread in an ThreadAbortException, so check the "flag"
-					if (failingException == null) {
-						failingException = ex;
-						if (Thread.CurrentThread == party1Thread) {
-							party2Thread.Abort();
-						} else {
-							party1Thread.Abort();
+					lock (this) {
+						if (failingException == null || (failingException is ThreadAbortException && !(ex is ThreadAbortException))) {
+							failingException = ex;
+							if (Thread.CurrentThread == party1Thread) {
+								party2Thread.Abort();
+							} else {
+								party1Thread.Abort();
+							}
 						}
 					}
 				}
diff --git a/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs b/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
index e411ecb..24b54cf 100644
--- a/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/AssociationHandshakeTests.cs
@@ -13,6 +13,11 @@ namespace DotNetOpenAuth.Test.OpenId {
 
 	[TestClass]
 	public class AssociationHandshakeTests : OpenIdTestBase {
+		[TestInitialize]
+		public override void SetUp() {
+			base.SetUp();
+		}
+
 		[TestMethod]
 		public void DHv2() {
 			var opDescription = new ProviderEndpointDescription(new Uri("http://host"), Protocol.V20);
diff --git a/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs b/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs
index 845e209..f9c2a8b 100644
--- a/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs
+++ b/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs
@@ -146,24 +146,25 @@ namespace DotNetOpenAuth.OpenId {
 		/// and perhaps a matching Diffie-Hellman session type.
 		/// </summary>
 		/// <param name="protocol">The OpenID version that dictates which associations are available.</param>
-		/// <param name="minimumHashSizeInBits">The minimum required hash length given security settings.</param>
-		/// <param name="maximumHashSizeInBits">The maximum hash length to even attempt.  Useful for the RP side where we support SHA512 but most OPs do not -- why waste time trying?</param>
+		/// <param name="securityRequirements">The set of requirements the selected association type must comply to.</param>
 		/// <param name="requireMatchingDHSessionType">True for HTTP associations, False for HTTPS associations.</param>
 		/// <param name="associationType">The resulting association type's well known protocol name.  (i.e. HMAC-SHA256)</param>
 		/// <param name="sessionType">The resulting session type's well known protocol name, if a matching one is available.  (i.e. DH-SHA256)</param>
 		/// <returns>True if a qualifying association could be found; false otherwise.</returns>
-		internal static bool TryFindBestAssociation(Protocol protocol, int? minimumHashSizeInBits, int? maximumHashSizeInBits, bool requireMatchingDHSessionType, out string associationType, out string sessionType) {
+		internal static bool TryFindBestAssociation(Protocol protocol, SecuritySettings securityRequirements, bool requireMatchingDHSessionType, out string associationType, out string sessionType) {
 			ErrorUtilities.VerifyArgumentNotNull(protocol, "protocol");
+			ErrorUtilities.VerifyArgumentNotNull(securityRequirements, "securityRequirements");
+
 			associationType = null;
 			sessionType = null;
 
 			// We assume this enumeration is in decreasing bit length order.
 			foreach (HmacSha sha in hmacShaAssociationTypes) {
 				int hashSizeInBits = sha.SecretLength * 8;
-				if (maximumHashSizeInBits.HasValue && hashSizeInBits > maximumHashSizeInBits.Value) {
+				if (hashSizeInBits > securityRequirements.MaximumHashBitLength) {
 					continue;
 				}
-				if (minimumHashSizeInBits.HasValue && hashSizeInBits < minimumHashSizeInBits.Value) {
+				if (hashSizeInBits < securityRequirements.MinimumHashBitLength) {
 					break;
 				}
 				sessionType = DiffieHellmanUtilities.GetNameForSize(protocol, hashSizeInBits);
@@ -171,8 +172,13 @@ namespace DotNetOpenAuth.OpenId {
 					continue;
 				}
 				associationType = sha.GetAssociationType(protocol);
+				if (associationType == null) {
+					continue;
+				}
+
 				return true;
 			}
+
 			return false;
 		}
 
diff --git a/src/DotNetOpenAuth/OpenId/Messages/AssociateRequest.cs b/src/DotNetOpenAuth/OpenId/Messages/AssociateRequest.cs
index 3bc0a30..656ec68 100644
--- a/src/DotNetOpenAuth/OpenId/Messages/AssociateRequest.cs
+++ b/src/DotNetOpenAuth/OpenId/Messages/AssociateRequest.cs
@@ -11,6 +11,7 @@ namespace DotNetOpenAuth.OpenId.Messages {
 	using System.Linq;
 	using System.Text;
 	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OpenId.RelyingParty;
 
 	/// <summary>
 	/// An OpenID direct request from Relying Party to Provider to initiate an association.
@@ -64,19 +65,37 @@ namespace DotNetOpenAuth.OpenId.Messages {
 		/// <summary>
 		/// Creates an association request message that is appropriate for a given Provider.
 		/// </summary>
+		/// <param name="securityRequirements">The set of requirements the selected association type must comply to.</param>
 		/// <param name="provider">The provider to create an association with.</param>
-		/// <returns>The message to send to the Provider to request an association.</returns>
-		internal static AssociateRequest Create(ProviderEndpointDescription provider) {
+		/// <returns>
+		/// The message to send to the Provider to request an association.
+		/// Null if no association could be created that meet the security requirements
+		/// and the provider OpenID version.
+		/// </returns>
+		internal static AssociateRequest Create(SecuritySettings securityRequirements, ProviderEndpointDescription provider) {
+			ErrorUtilities.VerifyArgumentNotNull(securityRequirements, "securityRequirements");
+			ErrorUtilities.VerifyArgumentNotNull(provider, "provider");
+
 			AssociateRequest associateRequest;
-			if (provider.Endpoint.IsTransportSecure()) {
+
+			// Apply our knowledge of the endpoint's transport, OpenID version, and
+			// security requirements to decide the best association 
+			bool unencryptedAllowed = provider.Endpoint.IsTransportSecure();
+			bool useDiffieHellman = !unencryptedAllowed;
+			string associationType, sessionType;
+			if (!HmacShaAssociation.TryFindBestAssociation(provider.Protocol, securityRequirements, useDiffieHellman, out associationType, out sessionType)) {
+				// There are no associations that meet all requirements.
+				Logger.Warn("Security requirements and protocol combination knock out all possible association types.  Dumb mode forced.");
+				return null;
+			}
+
+			if (unencryptedAllowed) {
 				associateRequest = new AssociateUnencryptedRequest(provider.Endpoint);
-				associateRequest.AssociationType = provider.Protocol.Args.SignatureAlgorithm.HMAC_SHA1;
+				associateRequest.AssociationType = associationType;
 			} else {
-				// TODO: apply security policies and our knowledge of the provider's OpenID version
-				// to select the right association here.
 				var diffieHellmanAssociateRequest = new AssociateDiffieHellmanRequest(provider.Endpoint);
-				diffieHellmanAssociateRequest.AssociationType = provider.Protocol.Args.SignatureAlgorithm.HMAC_SHA1;
-				diffieHellmanAssociateRequest.SessionType = provider.Protocol.Args.SessionType.DH_SHA1;
+				diffieHellmanAssociateRequest.AssociationType = associationType;
+				diffieHellmanAssociateRequest.SessionType = sessionType;
 				diffieHellmanAssociateRequest.InitializeRequest();
 				associateRequest = diffieHellmanAssociateRequest;
 			}
diff --git a/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs b/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs
index 080e131..a4ad0de 100644
--- a/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs
+++ b/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs
@@ -16,6 +16,11 @@ namespace DotNetOpenAuth.OpenId.Provider {
 	/// </summary>
 	public sealed class OpenIdProvider {
 		/// <summary>
+		/// Backing field for the <see cref="SecuritySettings"/> property.
+		/// </summary>
+		private ProviderSecuritySettings securitySettings;
+
+		/// <summary>
 		/// Initializes a new instance of the <see cref="OpenIdProvider"/> class.
 		/// </summary>
 		/// <param name="associationStore">The association store to use.  Cannot be null.</param>
@@ -35,7 +40,19 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// <summary>
 		/// Gets the security settings used by this Provider.
 		/// </summary>
-		public Provider.ProviderSecuritySettings SecuritySettings { get; internal set; }
+		public ProviderSecuritySettings SecuritySettings {
+			get {
+				return this.securitySettings;
+			}
+
+			internal set {
+				if (value == null) {
+					throw new ArgumentNullException("value");
+				}
+
+				this.securitySettings = value;
+			}
+		}
 
 		/// <summary>
 		/// Gets the association store.
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
index a7efd97..e00828a 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
@@ -16,6 +16,11 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 	/// </summary>
 	public sealed class OpenIdRelyingParty {
 		/// <summary>
+		/// Backing field for the <see cref="SecuritySettings"/> property.
+		/// </summary>
+		private RelyingPartySecuritySettings securitySettings;
+
+		/// <summary>
 		/// Initializes a new instance of the <see cref="OpenIdRelyingParty"/> class.
 		/// </summary>
 		/// <param name="associationStore">The association store.  If null, the relying party will always operate in "dumb mode".</param>
@@ -35,7 +40,19 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// <summary>
 		/// Gets the security settings used by this Relying Party.
 		/// </summary>
-		public RelyingParty.RelyingPartySecuritySettings SecuritySettings { get; internal set; }
+		public RelyingPartySecuritySettings SecuritySettings {
+			get {
+				return this.securitySettings;
+			}
+
+			internal set {
+				if (value == null) {
+					throw new ArgumentNullException("value");
+				}
+
+				this.securitySettings = value;
+			}
+		}
 
 		/// <summary>
 		/// Gets the association store.
@@ -51,7 +68,11 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		internal Association GetAssociation(ProviderEndpointDescription provider) {
 			ErrorUtilities.VerifyArgumentNotNull(provider, "provider");
 
-			var associateRequest = AssociateRequest.Create(provider);
+			var associateRequest = AssociateRequest.Create(this.SecuritySettings, provider);
+			if (associateRequest == null) {
+				return null;
+			}
+
 			var associateResponse = this.Channel.Request(associateRequest);
 			var associateSuccessfulResponse = associateResponse as AssociateSuccessfulResponse;
 			var associateUnsuccessfulResponse = associateResponse as AssociateUnsuccessfulResponse;