Merge branch 'v3.0' into v3.1

11 files changed, 121 insertions, 30 deletions

diff --git a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
index 24251c2..eecaecf 100644
--- a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
+++ b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
@@ -206,6 +206,47 @@
 						<xs:attribute name="maxAuthenticationTime" type="xs:string" />
 					</xs:complexType>
 				</xs:element>
+				<xs:element name="oauth">
+					<xs:complexType>
+						<xs:choice minOccurs="0" maxOccurs="unbounded">
+							<xs:element name="consumer">
+								<xs:complexType>
+									<xs:choice minOccurs="0" maxOccurs="unbounded">
+										<xs:element name="security">
+											<xs:complexType>
+												
+											</xs:complexType>
+										</xs:element>
+									</xs:choice>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="serviceProvider">
+								<xs:complexType>
+									<xs:choice minOccurs="0" maxOccurs="unbounded">
+										<xs:element name="security">
+											<xs:complexType>
+												<xs:attribute name="minimumRequiredOAuthVersion" default="V10">
+													<xs:simpleType>
+														<xs:restriction base="xs:NMTOKEN">
+															<xs:enumeration value="V10" />
+															<xs:enumeration value="V10a" />
+														</xs:restriction>
+													</xs:simpleType>
+												</xs:attribute>
+												<xs:attribute name="maxAuthorizationTime" type="xs:string" default="0:05" />
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="store">
+											<xs:complexType>
+												<xs:attribute name="type" type="xs:string"/>
+											</xs:complexType>
+										</xs:element>
+									</xs:choice>
+								</xs:complexType>
+							</xs:element>
+						</xs:choice>
+					</xs:complexType>
+				</xs:element>
 			</xs:choice>
 		</xs:complexType>
 	</xs:element>
diff --git a/src/DotNetOpenAuth/Configuration/OAuthServiceProviderElement.cs b/src/DotNetOpenAuth/Configuration/OAuthServiceProviderElement.cs
index 5ff528d..8e910a0 100644
--- a/src/DotNetOpenAuth/Configuration/OAuthServiceProviderElement.cs
+++ b/src/DotNetOpenAuth/Configuration/OAuthServiceProviderElement.cs
@@ -6,12 +6,18 @@
 
 namespace DotNetOpenAuth.Configuration {
 	using System.Configuration;
+	using DotNetOpenAuth.Messaging.Bindings;
 
 	/// <summary>
 	/// Represents the &lt;oauth/serviceProvider&gt; element in the host's .config file.
 	/// </summary>
 	internal class OAuthServiceProviderElement : ConfigurationElement {
 		/// <summary>
+		/// The name of the custom store sub-element.
+		/// </summary>
+		private const string StoreConfigName = "store";
+
+		/// <summary>
 		/// Gets the name of the security sub-element.
 		/// </summary>
 		private const string SecuritySettingsConfigName = "security";
@@ -23,6 +29,15 @@ namespace DotNetOpenAuth.Configuration {
 		}
 
 		/// <summary>
+		/// Gets or sets the type to use for storing application state.
+		/// </summary>
+		[ConfigurationProperty(StoreConfigName)]
+		public TypeConfigurationElement<INonceStore> ApplicationStore {
+			get { return (TypeConfigurationElement<INonceStore>)this[StoreConfigName] ?? new TypeConfigurationElement<INonceStore>(); }
+			set { this[StoreConfigName] = value; }
+		}
+
+		/// <summary>
 		/// Gets or sets the security settings.
 		/// </summary>
 		[ConfigurationProperty(SecuritySettingsConfigName)]
diff --git a/src/DotNetOpenAuth/Messaging/Bindings/INonceStore.cs b/src/DotNetOpenAuth/Messaging/Bindings/INonceStore.cs
index fff251a..6b6e2e1 100644
--- a/src/DotNetOpenAuth/Messaging/Bindings/INonceStore.cs
+++ b/src/DotNetOpenAuth/Messaging/Bindings/INonceStore.cs
@@ -19,11 +19,12 @@ namespace DotNetOpenAuth.Messaging.Bindings {
 		/// The context SHOULD be treated as case-sensitive.
 		/// The value will never be <c>null</c> but may be the empty string.</param>
 		/// <param name="nonce">A series of random characters.</param>
-		/// <param name="timestamp">The timestamp that together with the nonce string make it unique.
+		/// <param name="timestampUtc">The UTC timestamp that together with the nonce string make it unique
+		/// within the given <paramref name="context"/>.
 		/// The timestamp may also be used by the data store to clear out old nonces.</param>
 		/// <returns>
-		/// True if the nonce+timestamp (combination) was not previously in the database.
-		/// False if the nonce was stored previously with the same timestamp.
+		/// True if the context+nonce+timestamp (combination) was not previously in the database.
+		/// False if the nonce was stored previously with the same timestamp and context.
 		/// </returns>
 		/// <remarks>
 		/// The nonce must be stored for no less than the maximum time window a message may
@@ -33,6 +34,6 @@ namespace DotNetOpenAuth.Messaging.Bindings {
 		/// property, accessible via the <see cref="DotNetOpenAuth.Configuration.DotNetOpenAuthSection.Configuration"/>
 		/// property.
 		/// </remarks>
-		bool StoreNonce(string context, string nonce, DateTime timestamp);
+		bool StoreNonce(string context, string nonce, DateTime timestampUtc);
 	}
 }
diff --git a/src/DotNetOpenAuth/OAuth/ServiceProvider.cs b/src/DotNetOpenAuth/OAuth/ServiceProvider.cs
index 4563c22..40f7a5e 100644
--- a/src/DotNetOpenAuth/OAuth/ServiceProvider.cs
+++ b/src/DotNetOpenAuth/OAuth/ServiceProvider.cs
@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.OAuth {
 	using System;
 	using System.Collections.Generic;
+	using System.ComponentModel;
 	using System.Diagnostics.CodeAnalysis;
 	using System.Diagnostics.Contracts;
 	using System.Globalization;
@@ -35,6 +36,12 @@ namespace DotNetOpenAuth.OAuth {
 	/// </remarks>
 	public class ServiceProvider : IDisposable {
 		/// <summary>
+		/// The name of the key to use in the HttpApplication cache to store the
+		/// instance of <see cref="NonceMemoryStore"/> to use.
+		/// </summary>
+		private const string ApplicationStoreKey = "DotNetOpenAuth.OAuth.ServiceProvider.HttpApplicationStore";
+
+		/// <summary>
 		/// The length of the verifier code (in raw bytes before base64 encoding) to generate.
 		/// </summary>
 		private const int VerifierCodeLength = 5;
@@ -60,7 +67,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// <param name="tokenManager">The host's method of storing and recalling tokens and secrets.</param>
 		/// <param name="messageTypeProvider">An object that can figure out what type of message is being received for deserialization.</param>
 		public ServiceProvider(ServiceProviderDescription serviceDescription, IServiceProviderTokenManager tokenManager, OAuthServiceProviderMessageFactory messageTypeProvider)
-			: this(serviceDescription, tokenManager, new NonceMemoryStore(StandardExpirationBindingElement.DefaultMaximumMessageAge), messageTypeProvider) {
+			: this(serviceDescription, tokenManager, DotNetOpenAuthSection.Configuration.OAuth.ServiceProvider.ApplicationStore.CreateInstance(HttpApplicationStore), messageTypeProvider) {
 		}
 
 		/// <summary>
@@ -94,6 +101,33 @@ namespace DotNetOpenAuth.OAuth {
 		}
 
 		/// <summary>
+		/// Gets the standard state storage mechanism that uses ASP.NET's
+		/// HttpApplication state dictionary to store associations and nonces.
+		/// </summary>
+		[EditorBrowsable(EditorBrowsableState.Advanced)]
+		public static INonceStore HttpApplicationStore {
+			get {
+				Contract.Ensures(Contract.Result<INonceStore>() != null);
+
+				HttpContext context = HttpContext.Current;
+				ErrorUtilities.VerifyOperation(context != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(INonceStore).Name);
+				var store = (INonceStore)context.Application[ApplicationStoreKey];
+				if (store == null) {
+					context.Application.Lock();
+					try {
+						if ((store = (INonceStore)context.Application[ApplicationStoreKey]) == null) {
+							context.Application[ApplicationStoreKey] = store = new NonceMemoryStore(StandardExpirationBindingElement.DefaultMaximumMessageAge);
+						}
+					} finally {
+						context.Application.UnLock();
+					}
+				}
+
+				return store;
+			}
+		}
+
+		/// <summary>
 		/// Gets the description of this Service Provider.
 		/// </summary>
 		public ServiceProviderDescription ServiceDescription { get; private set; }
diff --git a/src/DotNetOpenAuth/OpenId/Association.cs b/src/DotNetOpenAuth/OpenId/Association.cs
index ce129bb..5aeaaee 100644
--- a/src/DotNetOpenAuth/OpenId/Association.cs
+++ b/src/DotNetOpenAuth/OpenId/Association.cs
@@ -30,7 +30,7 @@ namespace DotNetOpenAuth.OpenId {
 		/// <param name="handle">The handle.</param>
 		/// <param name="secret">The secret.</param>
 		/// <param name="totalLifeLength">How long the association will be useful.</param>
-		/// <param name="issued">When this association was originally issued by the Provider.</param>
+		/// <param name="issued">The UTC time of when this association was originally issued by the Provider.</param>
 		protected Association(string handle, byte[] secret, TimeSpan totalLifeLength, DateTime issued) {
 			ErrorUtilities.VerifyNonZeroLength(handle, "handle");
 			ErrorUtilities.VerifyArgumentNotNull(secret, "secret");
@@ -47,7 +47,7 @@ namespace DotNetOpenAuth.OpenId {
 		public string Handle { get; private set; }
 
 		/// <summary>
-		/// Gets the time when this <see cref="Association"/> will expire.
+		/// Gets the UTC time when this <see cref="Association"/> will expire.
 		/// </summary>
 		public DateTime Expires {
 			get { return this.Issued + this.TotalLifeLength; }
@@ -76,7 +76,7 @@ namespace DotNetOpenAuth.OpenId {
 		}
 
 		/// <summary>
-		/// Gets or sets the time that this <see cref="Association"/> was first created.
+		/// Gets or sets the UTC time that this <see cref="Association"/> was first created.
 		/// </summary>
 		internal DateTime Issued { get; set; }
 
@@ -130,8 +130,8 @@ namespace DotNetOpenAuth.OpenId {
 		/// <param name="handle">
 		/// The <see cref="Handle"/> property of the previous <see cref="Association"/> instance.
 		/// </param>
-		/// <param name="expires">
-		/// The value of the <see cref="Expires"/> property of the previous <see cref="Association"/> instance.
+		/// <param name="expiresUtc">
+		/// The UTC value of the <see cref="Expires"/> property of the previous <see cref="Association"/> instance.
 		/// </param>
 		/// <param name="privateData">
 		/// The byte array returned by a call to <see cref="SerializePrivateData"/> on the previous
@@ -142,15 +142,15 @@ namespace DotNetOpenAuth.OpenId {
 		/// from a custom association store's 
 		/// <see cref="IAssociationStore&lt;TKey&gt;.GetAssociation(TKey, SecuritySettings)"/> method.
 		/// </returns>
-		public static Association Deserialize(string handle, DateTime expires, byte[] privateData) {
+		public static Association Deserialize(string handle, DateTime expiresUtc, byte[] privateData) {
 			if (string.IsNullOrEmpty(handle)) {
 				throw new ArgumentNullException("handle");
 			}
 			if (privateData == null) {
 				throw new ArgumentNullException("privateData");
 			}
-			expires = expires.ToUniversalTimeSafe();
-			TimeSpan remainingLifeLength = expires - DateTime.UtcNow;
+			expiresUtc = expiresUtc.ToUniversalTimeSafe();
+			TimeSpan remainingLifeLength = expiresUtc - DateTime.UtcNow;
 			byte[] secret = privateData; // the whole of privateData is the secret key for now.
 			// We figure out what derived type to instantiate based on the length of the secret.
 			try {
diff --git a/src/DotNetOpenAuth/OpenId/Interop/OpenIdRelyingPartyShim.cs b/src/DotNetOpenAuth/OpenId/Interop/OpenIdRelyingPartyShim.cs
index d44809f..e2bb365 100644
--- a/src/DotNetOpenAuth/OpenId/Interop/OpenIdRelyingPartyShim.cs
+++ b/src/DotNetOpenAuth/OpenId/Interop/OpenIdRelyingPartyShim.cs
@@ -16,8 +16,8 @@ namespace DotNetOpenAuth.OpenId.Interop {
 	using DotNetOpenAuth.OpenId.RelyingParty;
 
 	/// <summary>
-	/// The COM interface describing the DotNetOpenId functionality available to
-	/// COM client relying parties.
+	/// The COM interface describing the DotNetOpenAuth functionality available to
+	/// COM client OpenID relying parties.
 	/// </summary>
 	[Guid("56BD3DB0-EE0D-4191-ADFC-1F3705CD2636")]
 	[InterfaceType(ComInterfaceType.InterfaceIsDual)]
diff --git a/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs b/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
index 134e7dd..d3181f0 100644
--- a/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
+++ b/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
@@ -551,15 +551,6 @@ namespace DotNetOpenAuth.OpenId {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to No current HttpContext was detected, so an {0} instance must be explicitly provided or specified in the .config file.  Call the constructor overload that takes an {0}..
-        /// </summary>
-        internal static string StoreRequiredWhenNoHttpContextAvailable {
-            get {
-                return ResourceManager.GetString("StoreRequiredWhenNoHttpContextAvailable", resourceCulture);
-            }
-        }
-        
-        /// <summary>
         ///   Looks up a localized string similar to The type must implement {0}..
         /// </summary>
         internal static string TypeMustImplementX {
diff --git a/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx b/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
index 9c2ad9e..18c8f2a 100644
--- a/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
+++ b/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
@@ -244,9 +244,6 @@ Discovered endpoint info:
   <data name="XriResolutionFailed" xml:space="preserve">
     <value>XRI resolution failed.</value>
   </data>
-  <data name="StoreRequiredWhenNoHttpContextAvailable" xml:space="preserve">
-    <value>No current HttpContext was detected, so an {0} instance must be explicitly provided or specified in the .config file.  Call the constructor overload that takes an {0}.</value>
-  </data>
   <data name="AttributeAlreadyAdded" xml:space="preserve">
     <value>An attribute with type URI '{0}' has already been added.</value>
   </data>
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
index 7efa60c..f05115c 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
@@ -40,7 +40,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// The name of the key to use in the HttpApplication cache to store the
 		/// instance of <see cref="StandardRelyingPartyApplicationStore"/> to use.
 		/// </summary>
-		private const string ApplicationStoreKey = "DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.ApplicationStore";
+		private const string ApplicationStoreKey = "DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.HttpApplicationStore";
 
 		/// <summary>
 		/// Backing field for the <see cref="SecuritySettings"/> property.
@@ -119,7 +119,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 				Contract.Ensures(Contract.Result<IRelyingPartyApplicationStore>() != null);
 
 				HttpContext context = HttpContext.Current;
-				ErrorUtilities.VerifyOperation(context != null, OpenIdStrings.StoreRequiredWhenNoHttpContextAvailable, typeof(IRelyingPartyApplicationStore).Name);
+				ErrorUtilities.VerifyOperation(context != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(IRelyingPartyApplicationStore).Name);
 				var store = (IRelyingPartyApplicationStore)context.Application[ApplicationStoreKey];
 				if (store == null) {
 					context.Application.Lock();
diff --git a/src/DotNetOpenAuth/Strings.Designer.cs b/src/DotNetOpenAuth/Strings.Designer.cs
index eea4675..760ef97 100644
--- a/src/DotNetOpenAuth/Strings.Designer.cs
+++ b/src/DotNetOpenAuth/Strings.Designer.cs
@@ -1,7 +1,7 @@
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.3521
+//     Runtime Version:2.0.50727.4927
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
 //     the code is regenerated.
@@ -68,5 +68,14 @@ namespace DotNetOpenAuth {
                 return ResourceManager.GetString("ConfigurationTypeMustBePublic", resourceCulture);
             }
         }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to No current HttpContext was detected, so an {0} instance must be explicitly provided or specified in the .config file.  Call the constructor overload that takes an {0}..
+        /// </summary>
+        internal static string StoreRequiredWhenNoHttpContextAvailable {
+            get {
+                return ResourceManager.GetString("StoreRequiredWhenNoHttpContextAvailable", resourceCulture);
+            }
+        }
     }
 }
diff --git a/src/DotNetOpenAuth/Strings.resx b/src/DotNetOpenAuth/Strings.resx
index c42347b..0cf00a5 100644
--- a/src/DotNetOpenAuth/Strings.resx
+++ b/src/DotNetOpenAuth/Strings.resx
@@ -120,4 +120,7 @@
   <data name="ConfigurationTypeMustBePublic" xml:space="preserve">
     <value>The configuration-specified type {0} must be public, and is not.</value>
   </data>
+  <data name="StoreRequiredWhenNoHttpContextAvailable" xml:space="preserve">
+    <value>No current HttpContext was detected, so an {0} instance must be explicitly provided or specified in the .config file.  Call the constructor overload that takes an {0}.</value>
+  </data>
 </root>
\ No newline at end of file