1 files changed, 16 insertions, 24 deletions
diff --git a/src/DotNetOpenId/Provider/Signatory.cs b/src/DotNetOpenId/Provider/Signatory.cs
index 32b1945..eaf3d21 100644
--- a/src/DotNetOpenId/Provider/Signatory.cs
+++ b/src/DotNetOpenId/Provider/Signatory.cs
@@ -41,18 +41,14 @@ namespace DotNetOpenId.Provider {
 				assoc = GetAssociation(assoc_handle, AssociationRelyingPartyType.Smart);
 
 				if (assoc == null) {
-					if (TraceUtil.Switch.TraceWarning) {
-						Trace.TraceWarning("No associaton found with assoc_handle {0}. Setting invalidate_handle and creating new Association.", assoc_handle);
-					}
+					Logger.WarnFormat("No associaton found with assoc_handle {0}. Setting invalidate_handle and creating new Association.", assoc_handle);
 
 					response.Fields[response.Protocol.openidnp.invalidate_handle] = assoc_handle;
 					assoc = CreateAssociation(AssociationRelyingPartyType.Dumb, null);
 				}
 			} else {
 				assoc = this.CreateAssociation(AssociationRelyingPartyType.Dumb, null);
-				if (TraceUtil.Switch.TraceInfo) {
-					Trace.TraceInformation("No assoc_handle supplied. Creating new association.");
-				}
+				Logger.Debug("No assoc_handle supplied. Creating new association.");
 			}
 
 			response.Fields[response.Protocol.openidnp.assoc_handle] = assoc.Handle;
@@ -66,15 +62,14 @@ namespace DotNetOpenId.Provider {
 		public virtual bool Verify(string assoc_handle, string signature, IDictionary<string, string> signed_pairs, IList<string> signedKeyOrder) {
 			Association assoc = GetAssociation(assoc_handle, AssociationRelyingPartyType.Dumb);
 			if (assoc == null) {
-				if (TraceUtil.Switch.TraceError)
-					Trace.TraceError("Signature verification failed. No association with handle {0} found ", assoc_handle);
+				Logger.ErrorFormat("Signature verification failed. No association with handle {0} found ", assoc_handle);
 				return false;
 			}
 
 			string expected_sig = Convert.ToBase64String(assoc.Sign(signed_pairs, signedKeyOrder));
 
-			if (TraceUtil.Switch.TraceError && signature != expected_sig) {
-				Trace.TraceError("Expected signature is '{0}'. Actual signature is '{1}' ", expected_sig, signature);
+			if (signature != expected_sig) {
+				Logger.ErrorFormat("Expected signature is '{0}'. Actual signature is '{1}' ", expected_sig, signature);
 			}
 
 			return expected_sig.Equals(signature, StringComparison.Ordinal);
@@ -84,24 +79,25 @@ namespace DotNetOpenId.Provider {
 			if (provider == null && associationType == AssociationRelyingPartyType.Smart) 
 				throw new ArgumentNullException("provider", "For Smart associations, the provider must be given.");
 
-			bool useSha256;
 			string assoc_type;
+			Protocol associationProtocol;
 			if (associationType == AssociationRelyingPartyType.Dumb) {
-				useSha256 = true;
-				assoc_type = Protocol.v20.Args.SignatureAlgorithm.HMAC_SHA256;
+				// We'll just use the best association available.
+				associationProtocol = Protocol.Default;
+				assoc_type = associationProtocol.Args.SignatureAlgorithm.Best;
 			} else {
+				associationProtocol = provider.Protocol;
 				assoc_type = Util.GetRequiredArg(provider.Query, provider.Protocol.openid.assoc_type);
 				Debug.Assert(Array.IndexOf(provider.Protocol.Args.SignatureAlgorithm.All, assoc_type) >= 0, "This should have been checked by our caller.");
-				useSha256 = assoc_type.Equals(provider.Protocol.Args.SignatureAlgorithm.HMAC_SHA256, StringComparison.Ordinal);
 			}
-			int hashSize = useSha256 ? CryptUtil.Sha256.HashSize : CryptUtil.Sha1.HashSize;
+			int secretLength = HmacShaAssociation.GetSecretLength(associationProtocol, assoc_type);
 
 			RNGCryptoServiceProvider generator = new RNGCryptoServiceProvider();
-			byte[] secret = new byte[hashSize / 8];
+			byte[] secret = new byte[secretLength];
 			byte[] uniq_bytes = new byte[4];
 			string uniq;
 			string handle;
-			Association assoc;
+			HmacShaAssociation assoc;
 
 			generator.GetBytes(secret);
 			generator.GetBytes(uniq_bytes);
@@ -113,9 +109,7 @@ namespace DotNetOpenId.Provider {
 			handle = "{{" + assoc_type + "}{" + seconds + "}{" + uniq + "}";
 
 			TimeSpan lifeSpan = associationType == AssociationRelyingPartyType.Dumb ? dumbSecretLifetime : smartAssociationLifetime;
-			assoc = useSha256 ? (Association)
-				new HmacSha256Association(handle, secret, lifeSpan) :
-				new HmacSha1Association(handle, secret, lifeSpan);
+			assoc = HmacShaAssociation.Create(secretLength, handle, secret, lifeSpan);
 
 			store.StoreAssociation(associationType, assoc);
 
@@ -128,8 +122,7 @@ namespace DotNetOpenId.Provider {
 
 			Association assoc = store.GetAssociation(associationType, assoc_handle);
 			if (assoc == null || assoc.IsExpired) {
-				if (TraceUtil.Switch.TraceError)
-					Trace.TraceError("Association {0} expired or not in store.", assoc_handle);
+				Logger.ErrorFormat("Association {0} expired or not in store.", assoc_handle);
 				store.RemoveAssociation(associationType, assoc_handle);
 				assoc = null;
 			}
@@ -138,8 +131,7 @@ namespace DotNetOpenId.Provider {
 		}
 
 		public virtual void Invalidate(string assoc_handle, AssociationRelyingPartyType associationType) {
-			if (TraceUtil.Switch.TraceInfo)
-				Trace.TraceInformation("Invalidating association '{0}'.", assoc_handle);
+			Logger.DebugFormat("Invalidating association '{0}'.", assoc_handle);
 
 			store.RemoveAssociation(associationType, assoc_handle);
 		}