Merge branch 'v3.2' into v3.3

Conflicts:
	src/DotNetOpenAuth/Properties/AssemblyInfo.cs

7 files changed, 23 insertions, 49 deletions

diff --git a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperOPTests.cs b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperOPTests.cs
index 9f849ea..47fa5c8 100644
--- a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperOPTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperOPTests.cs
@@ -49,6 +49,12 @@ namespace DotNetOpenAuth.Test.OpenId.Extensions {
 			Assert.AreSame(sregResponse, extensions.Single());
 		}
 
+		[TestMethod]
+		public void NegativeResponse() {
+			this.request.IsAuthenticated = false;
+			ExtensionsInteropHelper.ConvertSregToMatchRequest(this.request);
+		}
+
 		/// <summary>
 		/// Verifies sreg coming in is seen as sreg.
 		/// </summary>
diff --git a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPRequestTests.cs b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPRequestTests.cs
index ba5e335..7edec09 100644
--- a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPRequestTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPRequestTests.cs
@@ -4,7 +4,7 @@
 // </copyright>
 //-----------------------------------------------------------------------
 
-namespace DotNetOpenAuth.Test.OpenId {
+namespace DotNetOpenAuth.Test.OpenId.Extensions {
 	using System.Linq;
 	using DotNetOpenAuth.OpenId;
 	using DotNetOpenAuth.OpenId.Extensions;
diff --git a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPResponseTests.cs b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPResponseTests.cs
index 5fe05c1..655e616 100644
--- a/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPResponseTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/Extensions/ExtensionsInteropHelperRPResponseTests.cs
@@ -4,7 +4,7 @@
 // </copyright>
 //-----------------------------------------------------------------------
 
-namespace DotNetOpenAuth.Test.OpenId {
+namespace DotNetOpenAuth.Test.OpenId.Extensions {
 	using System.Collections.Generic;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OpenId;
diff --git a/src/DotNetOpenAuth/OpenId/Behaviors/AXFetchAsSregTransform.cs b/src/DotNetOpenAuth/OpenId/Behaviors/AXFetchAsSregTransform.cs
index 580bdfd..9051998 100644
--- a/src/DotNetOpenAuth/OpenId/Behaviors/AXFetchAsSregTransform.cs
+++ b/src/DotNetOpenAuth/OpenId/Behaviors/AXFetchAsSregTransform.cs
@@ -65,7 +65,10 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
 		/// without malfunctioning.
 		/// </remarks>
 		void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request) {
-			request.SpreadSregToAX(AXFormats);
+			// Don't create AX extensions for OpenID 1.x messages, since AX requires OpenID 2.0.
+			if (request.Provider.Version.Major >= 2) {
+				request.SpreadSregToAX(AXFormats);
+			}
 		}
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth/OpenId/Extensions/ExtensionsInteropHelper.cs b/src/DotNetOpenAuth/OpenId/Extensions/ExtensionsInteropHelper.cs
index c55e3bd..e2b0bf8 100644
--- a/src/DotNetOpenAuth/OpenId/Extensions/ExtensionsInteropHelper.cs
+++ b/src/DotNetOpenAuth/OpenId/Extensions/ExtensionsInteropHelper.cs
@@ -176,9 +176,9 @@ namespace DotNetOpenAuth.OpenId.Extensions {
 		/// </remarks>
 		internal static void ConvertSregToMatchRequest(this Provider.IHostProcessedRequest request) {
 			var req = (Provider.HostProcessedRequest)request;
-			var response = (IProtocolMessageWithExtensions)req.Response;
+			var response = req.Response as IProtocolMessageWithExtensions; // negative responses don't support extensions.
 			var sregRequest = request.GetExtension<ClaimsRequest>();
-			if (sregRequest != null) {
+			if (sregRequest != null && response != null) {
 				if (sregRequest.Synthesized) {
 					var axRequest = request.GetExtension<FetchRequest>();
 					ErrorUtilities.VerifyInternal(axRequest != null, "How do we have a synthesized Sreg request without an AX request?");
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/AssociationManager.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/AssociationManager.cs
index d3e0686..87e3539 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/AssociationManager.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/AssociationManager.cs
@@ -10,6 +10,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 	using System.Diagnostics.Contracts;
 	using System.Linq;
 	using System.Net;
+	using System.Security;
 	using System.Text;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OpenId.ChannelElements;
@@ -222,6 +223,14 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 				// the exception so that auth may continue in dumb mode.
 				Logger.OpenId.ErrorFormat("An error occurred while trying to create an association with {0}.  {1}", provider.Endpoint, ex);
 				return null;
+			} catch (VerificationException ex) {
+				// See Trac ticket #163.  In partial trust host environments, the
+				// Diffie-Hellman implementation we're using for HTTP OP endpoints
+				// sometimes causes the CLR to throw:
+				// "VerificationException: Operation could destabilize the runtime."
+				// Just give up and use dumb mode in this case.
+				Logger.OpenId.ErrorFormat("VerificationException occurred while trying to create an association with {0}.  {1}", provider.Endpoint, ex);
+				return null;
 			}
 		}
 	}
diff --git a/src/DotNetOpenAuth/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth/Properties/AssemblyInfo.cs
index 0bba853..a63c71e 100644
--- a/src/DotNetOpenAuth/Properties/AssemblyInfo.cs
+++ b/src/DotNetOpenAuth/Properties/AssemblyInfo.cs
@@ -4,18 +4,6 @@
 // </copyright>
 //-----------------------------------------------------------------------
 
-// Uncomment this line to build a partially trusted assembly.
-// This has some security bonuses in that if there was a way to
-// hijack this assembly to do something it is not designed to do,
-// it will fail before doing much damage.
-// But a partially trusted assembly's events, handled by the hosting
-// web site, will also be under the partial trust restriction.
-// Also note that http://support.microsoft.com/kb/839300 states a 
-// strong-name signed assembly must use AllowPartiallyTrustedCallers 
-// to be called from a web page, but defining PARTIAL_TRUST below also
-// accomplishes this.
-////#define PARTIAL_TRUST
-
 // We DON'T put an AssemblyVersionAttribute in here because it is generated in the build.
 
 using System;
@@ -69,35 +57,3 @@ using System.Web.UI;
 #else
 [assembly: InternalsVisibleTo("DotNetOpenAuth.Test")]
 #endif
-
-// Specify what permissions are required and optional for the assembly.
-// In order for CAS to remove unnecessary privileges from this assembly (which is desirable
-// for security), we need at least one RequestMinimum and at least one RequestOptional.
-// These permissions were determined using PermCalc.exe
-
-// We need to be allowed to execute code.  Besides, it gives a good baseline RequestMinimum permission.
-[assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution = true)]
-
-// Allows the consumer to call out to the web server.  This is unnecessary in provider-only scenarios.
-// Note: we don't use a single demand for https?://.* because the regex pattern must exactly
-// match the one used by hosting providers.  Listing them individually seems to be more common.
-[assembly: WebPermission(SecurityAction.RequestMinimum, ConnectPattern = @"http://.*")]
-[assembly: WebPermission(SecurityAction.RequestMinimum, ConnectPattern = @"https://.*")]
-#if PARTIAL_TRUST
-// Allows hosting this assembly in an ASP.NET setting.  Not all applications
-// will host this using ASP.NET, so this is optional.  Besides, we need at least
-// one optional permission to activate CAS permission shrinking.
-[assembly: AspNetHostingPermission(SecurityAction.RequestOptional, Level = AspNetHostingPermissionLevel.Medium)]
-
-// Allows this assembly to store reporting data.
-[assembly: IsolatedStorageFilePermission(SecurityAction.RequestOptional, UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser)]
-
-// The following are only required for diagnostic logging (Trace.Write, Debug.Assert, etc.).
-#if TRACE || DEBUG
-[assembly: KeyContainerPermission(SecurityAction.RequestOptional, Unrestricted = true)]
-[assembly: ReflectionPermission(SecurityAction.RequestOptional, MemberAccess = true)]
-[assembly: RegistryPermission(SecurityAction.RequestOptional, Unrestricted = true)]
-[assembly: SecurityPermission(SecurityAction.RequestOptional, ControlEvidence = true, UnmanagedCode = true, ControlThread = true)]
-[assembly: FileIOPermission(SecurityAction.RequestOptional, AllFiles = FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.Read)]
-#endif
-#endif