Fixed signature verification when claimed_id has capital scheme or host name, or has path segments that end with a period under partial trust.

4 files changed, 40 insertions, 7 deletions

diff --git a/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs b/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs
index 08e2411..623f951 100644
--- a/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs
+++ b/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs
@@ -73,10 +73,10 @@ namespace DotNetOpenAuth.Messaging.Reflection {
 				Contract.Assume(str != null);
 				return bool.Parse(str);
 			};
-			Func<string, Identifier> safeIdentfier = str => {
+			Func<string, Identifier> safeIdentifier = str => {
 				Contract.Assume(str != null);
 				ErrorUtilities.VerifyFormat(str.Length > 0, MessagingStrings.NonEmptyStringExpected);
-				return Identifier.Parse(str);
+				return Identifier.Parse(str, true);
 			};
 			Func<byte[], string> safeFromByteArray = bytes => {
 				Contract.Assume(bytes != null);
@@ -94,7 +94,7 @@ namespace DotNetOpenAuth.Messaging.Reflection {
 			Map<DateTime>(dt => XmlConvert.ToString(dt, XmlDateTimeSerializationMode.Utc), str => XmlConvert.ToDateTime(str, XmlDateTimeSerializationMode.Utc));
 			Map<byte[]>(safeFromByteArray, safeToByteArray);
 			Map<Realm>(realm => realm.ToString(), safeRealm);
-			Map<Identifier>(id => id.ToString(), safeIdentfier);
+			Map<Identifier>(id => id.ToString(), safeIdentifier);
 			Map<bool>(value => value.ToString().ToLowerInvariant(), safeBool);
 			Map<CultureInfo>(c => c.Name, str => new CultureInfo(str));
 			Map<CultureInfo[]>(cs => string.Join(",", cs.Select(c => c.Name).ToArray()), str => str.Split(',').Select(s => new CultureInfo(s)).ToArray());
diff --git a/src/DotNetOpenAuth/OpenId/Identifier.cs b/src/DotNetOpenAuth/OpenId/Identifier.cs
index 2ab5360..03889be 100644
--- a/src/DotNetOpenAuth/OpenId/Identifier.cs
+++ b/src/DotNetOpenAuth/OpenId/Identifier.cs
@@ -59,6 +59,18 @@ namespace DotNetOpenAuth.OpenId {
 		protected internal bool IsDiscoverySecureEndToEnd { get; private set; }
 
 		/// <summary>
+		/// Gets or sets a value indicating whether this instance was initialized from
+		/// deserializing a message.
+		/// </summary>
+		/// <remarks>
+		/// This is interesting because when an Identifier comes from the network,
+		/// we can't normalize it and then expect signatures to still verify.  
+		/// But if the Identifier is initialized locally, we can and should normalize it
+		/// before serializing it.
+		/// </remarks>
+		protected bool OriginalStringAsToString { get; private set; }
+
+		/// <summary>
 		/// Converts the string representation of an Identifier to its strong type.
 		/// </summary>
 		/// <param name="identifier">The identifier.</param>
@@ -118,11 +130,32 @@ namespace DotNetOpenAuth.OpenId {
 			Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(identifier));
 			Contract.Ensures(Contract.Result<Identifier>() != null);
 
+			return Parse(identifier, false);
+		}
+
+		/// <summary>
+		/// Parses an identifier string and automatically determines
+		/// whether it is an XRI or URI.
+		/// </summary>
+		/// <param name="identifier">Either a URI or XRI identifier.</param>
+		/// <param name="preserveExactValue">if set to <c>true</c> this Identifier will serialize exactly as given rather than in its normalized form.</param>
+		/// <returns>
+		/// An <see cref="Identifier"/> instance for the given value.
+		/// </returns>
+		[SuppressMessage("Microsoft.Usage", "CA2234:PassSystemUriObjectsInsteadOfStrings", Justification = "Some of these identifiers are not properly formatted to be Uris at this stage.")]
+		public static Identifier Parse(string identifier, bool preserveExactValue) {
+			Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(identifier));
+			Contract.Ensures(Contract.Result<Identifier>() != null);
+
+			Identifier id;
 			if (XriIdentifier.IsValidXri(identifier)) {
-				return new XriIdentifier(identifier);
+				id = new XriIdentifier(identifier);
 			} else {
-				return new UriIdentifier(identifier);
+				id = new UriIdentifier(identifier);
 			}
+
+			id.OriginalStringAsToString = preserveExactValue;
+			return id;
 		}
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth/OpenId/UriIdentifier.cs b/src/DotNetOpenAuth/OpenId/UriIdentifier.cs
index a2f2a25..c49df45 100644
--- a/src/DotNetOpenAuth/OpenId/UriIdentifier.cs
+++ b/src/DotNetOpenAuth/OpenId/UriIdentifier.cs
@@ -225,7 +225,7 @@ namespace DotNetOpenAuth.OpenId {
 		/// A <see cref="T:System.String"/> that represents the current <see cref="T:System.Object"/>.
 		/// </returns>
 		public override string ToString() {
-			return Uri.AbsoluteUri;
+			return this.OriginalStringAsToString ? this.OriginalString : Uri.AbsoluteUri;
 		}
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth/OpenId/XriIdentifier.cs b/src/DotNetOpenAuth/OpenId/XriIdentifier.cs
index 729f603..6835b8c 100644
--- a/src/DotNetOpenAuth/OpenId/XriIdentifier.cs
+++ b/src/DotNetOpenAuth/OpenId/XriIdentifier.cs
@@ -121,7 +121,7 @@ namespace DotNetOpenAuth.OpenId {
 		/// A <see cref="T:System.String"/> that represents the current <see cref="T:System.Object"/>.
 		/// </returns>
 		public override string ToString() {
-			return this.CanonicalXri;
+			return this.OriginalStringAsToString ? this.OriginalString : this.CanonicalXri;
 		}
 
 		/// <summary>