8 files changed, 89 insertions, 14 deletions
diff --git a/src/DotNetOpenAuth/ComponentModel/SuggestedStringsConverter.cs b/src/DotNetOpenAuth/ComponentModel/SuggestedStringsConverter.cs
index f5300cb..864d001 100644
--- a/src/DotNetOpenAuth/ComponentModel/SuggestedStringsConverter.cs
+++ b/src/DotNetOpenAuth/ComponentModel/SuggestedStringsConverter.cs
@@ -16,6 +16,7 @@ namespace DotNetOpenAuth.ComponentModel {
 	/// A type that generates suggested strings for Intellisense,
 	/// but doesn't actually convert between strings and other types.
 	/// </summary>
+	[ContractClass(typeof(SuggestedStringsConverterContract))]
 	public abstract class SuggestedStringsConverter : ConverterBase<string> {
 		/// <summary>
 		/// Initializes a new instance of the <see cref="SuggestedStringsConverter"/> class.
diff --git a/src/DotNetOpenAuth/ComponentModel/SuggestedStringsConverterContract.cs b/src/DotNetOpenAuth/ComponentModel/SuggestedStringsConverterContract.cs
new file mode 100644
index 0000000..1573208
--- /dev/null
+++ b/src/DotNetOpenAuth/ComponentModel/SuggestedStringsConverterContract.cs
@@ -0,0 +1,30 @@
+//-----------------------------------------------------------------------
+// <copyright file="SuggestedStringsConverterContract.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.ComponentModel {
+	using System;
+	using System.Collections;
+	using System.ComponentModel.Design.Serialization;
+	using System.Diagnostics.Contracts;
+	using System.Linq;
+	using System.Reflection;
+
+	/// <summary>
+	/// Contract class for the <see cref="SuggestedStringsConverter"/> class.
+	/// </summary>
+	[ContractClassFor(typeof(SuggestedStringsConverter))]
+	internal abstract class SuggestedStringsConverterContract : SuggestedStringsConverter {
+		/// <summary>
+		/// Gets the type to reflect over for the well known values.
+		/// </summary>
+		protected override Type WellKnownValuesType {
+			get {
+				Contract.Ensures(Contract.Result<Type>() != null);
+				throw new NotImplementedException();
+			}
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth/DotNetOpenAuth.csproj b/src/DotNetOpenAuth/DotNetOpenAuth.csproj
index 8a5659f..19155df 100644
--- a/src/DotNetOpenAuth/DotNetOpenAuth.csproj
+++ b/src/DotNetOpenAuth/DotNetOpenAuth.csproj
@@ -199,6 +199,7 @@
   <ItemGroup>
     <Compile Include="ComponentModel\ClaimTypeSuggestions.cs" />
     <Compile Include="ComponentModel\ConverterBase.cs" />
+    <Compile Include="ComponentModel\SuggestedStringsConverterContract.cs" />
     <Compile Include="ComponentModel\IssuersSuggestions.cs" />
     <Compile Include="ComponentModel\IdentifierConverter.cs" />
     <Compile Include="ComponentModel\SuggestedStringsConverter.cs" />
diff --git a/src/DotNetOpenAuth/GlobalSuppressions.cs b/src/DotNetOpenAuth/GlobalSuppressions.cs
index d0e0d05..b43e417 100644
--- a/src/DotNetOpenAuth/GlobalSuppressions.cs
+++ b/src/DotNetOpenAuth/GlobalSuppressions.cs
@@ -48,3 +48,4 @@
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "icam", Scope = "resource", Target = "DotNetOpenAuth.OpenId.Behaviors.BehaviorStrings.resources")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "idmanagement", Scope = "resource", Target = "DotNetOpenAuth.OpenId.Behaviors.BehaviorStrings.resources")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "no-pii", Scope = "resource", Target = "DotNetOpenAuth.OpenId.Behaviors.BehaviorStrings.resources")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1804:RemoveUnusedLocals", MessageId = "req", Scope = "member", Target = "DotNetOpenAuth.OpenId.Provider.IAuthenticationRequestContract.#DotNetOpenAuth.OpenId.Provider.IAuthenticationRequest.ClaimedIdentifier")]
diff --git a/src/DotNetOpenAuth/OpenId/Behaviors/GsaIcamProfile.cs b/src/DotNetOpenAuth/OpenId/Behaviors/GsaIcamProfile.cs
index 6c64264..23377c8 100644
--- a/src/DotNetOpenAuth/OpenId/Behaviors/GsaIcamProfile.cs
+++ b/src/DotNetOpenAuth/OpenId/Behaviors/GsaIcamProfile.cs
@@ -71,8 +71,6 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
 		/// incompatible with each other.
 		/// </remarks>
 		void IRelyingPartyBehavior.ApplySecuritySettings(RelyingPartySecuritySettings securitySettings) {
-			Contract.Requires<ArgumentNullException>(securitySettings != null);
-
 			if (securitySettings.MaximumHashBitLength < 256) {
 				securitySettings.MaximumHashBitLength = 256;
 			}
@@ -90,8 +88,6 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
 		/// </summary>
 		/// <param name="request">The request.</param>
 		void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request) {
-			Contract.Requires<ArgumentNullException>(request != null);
-
 			RelyingParty.AuthenticationRequest requestInternal = (RelyingParty.AuthenticationRequest)request;
 			ErrorUtilities.VerifyProtocol(string.Equals(request.Realm.Scheme, Uri.UriSchemeHttps, StringComparison.Ordinal) || DisableSslRequirement, BehaviorStrings.RealmMustBeHttps);
 
@@ -125,8 +121,6 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
 		/// </summary>
 		/// <param name="assertion">The positive assertion.</param>
 		void IRelyingPartyBehavior.OnIncomingPositiveAssertion(IAuthenticationResponse assertion) {
-			Contract.Requires<ArgumentNullException>(assertion != null);
-
 			PolicyResponse pape = assertion.GetExtension<PolicyResponse>();
 			ErrorUtilities.VerifyProtocol(
 				pape != null &&
@@ -175,8 +169,6 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
 		/// itself as that instance may be shared across many requests.
 		/// </remarks>
 		bool IProviderBehavior.OnIncomingRequest(IRequest request) {
-			Contract.Requires<ArgumentNullException>(request != null);
-
 			var hostProcessedRequest = request as IHostProcessedRequest;
 			if (hostProcessedRequest != null) {
 				// Only apply our special policies if the RP requested it.
@@ -206,8 +198,6 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
 		/// from handling it; <c>false</c> to allow other behaviors to process this request.
 		/// </returns>
 		bool IProviderBehavior.OnOutgoingResponse(Provider.IAuthenticationRequest request) {
-			Contract.Requires<ArgumentNullException>(request != null);
-
 			bool result = false;
 
 			// Nothing to do for negative assertions.
diff --git a/src/DotNetOpenAuth/OpenId/Provider/AuthenticationRequest.cs b/src/DotNetOpenAuth/OpenId/Provider/AuthenticationRequest.cs
index 7328867..7d2097b 100644
--- a/src/DotNetOpenAuth/OpenId/Provider/AuthenticationRequest.cs
+++ b/src/DotNetOpenAuth/OpenId/Provider/AuthenticationRequest.cs
@@ -132,9 +132,6 @@ namespace DotNetOpenAuth.OpenId.Provider {
 			}
 
 			set {
-				Contract.Requires<InvalidOperationException>(!this.IsDelegatedIdentifier, OpenIdStrings.ClaimedIdentifierCannotBeSetOnDelegatedAuthentication);
-				Contract.Requires<InvalidOperationException>(!this.IsDirectedIdentity || !(this.LocalIdentifier != null && this.LocalIdentifier != value), OpenIdStrings.IdentifierSelectRequiresMatchingIdentifiers);
-
 				// Keep LocalIdentifier and ClaimedIdentifier in sync for directed identity.
 				if (this.IsDirectedIdentity) {
 					this.positiveResponse.LocalIdentifier = value;
diff --git a/src/DotNetOpenAuth/OpenId/Provider/IAuthenticationRequest.cs b/src/DotNetOpenAuth/OpenId/Provider/IAuthenticationRequest.cs
index 3df7a64..155938d 100644
--- a/src/DotNetOpenAuth/OpenId/Provider/IAuthenticationRequest.cs
+++ b/src/DotNetOpenAuth/OpenId/Provider/IAuthenticationRequest.cs
@@ -175,7 +175,9 @@ namespace DotNetOpenAuth.OpenId.Provider {
 			}
 
 			set {
-				throw new NotImplementedException();
+				IAuthenticationRequest req = this;
+				Contract.Requires<InvalidOperationException>(!req.IsDelegatedIdentifier, OpenIdStrings.ClaimedIdentifierCannotBeSetOnDelegatedAuthentication);
+				Contract.Requires<InvalidOperationException>(!req.IsDirectedIdentity || !(req.LocalIdentifier != null && req.LocalIdentifier != value), OpenIdStrings.IdentifierSelectRequiresMatchingIdentifiers);
 			}
 		}
 
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/IRelyingPartyBehavior.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/IRelyingPartyBehavior.cs
index e7c38db..199368f 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/IRelyingPartyBehavior.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/IRelyingPartyBehavior.cs
@@ -5,6 +5,9 @@
 //-----------------------------------------------------------------------
 
 namespace DotNetOpenAuth.OpenId.RelyingParty {
+	using System;
+	using System.Diagnostics.Contracts;
+
 	/// <summary>
 	/// Applies a custom security policy to certain OpenID security settings and behaviors.
 	/// </summary>
@@ -12,6 +15,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 	/// BEFORE MARKING THIS INTERFACE PUBLIC: it's very important that we shift the methods to be channel-level
 	/// rather than facade class level and for the OpenIdChannel to be the one to invoke these methods.
 	/// </remarks>
+	[ContractClass(typeof(IRelyingPartyBehaviorContract))]
 	internal interface IRelyingPartyBehavior {
 		/// <summary>
 		/// Applies a well known set of security requirements to a default set of security settings.
@@ -40,4 +44,53 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// <param name="assertion">The positive assertion.</param>
 		void OnIncomingPositiveAssertion(IAuthenticationResponse assertion);
 	}
+
+	/// <summary>
+	/// Contract class for the <see cref="IRelyingPartyBehavior"/> interface.
+	/// </summary>
+	[ContractClassFor(typeof(IRelyingPartyBehavior))]
+	internal class IRelyingPartyBehaviorContract : IRelyingPartyBehavior {
+		/// <summary>
+		/// Initializes a new instance of the <see cref="IRelyingPartyBehaviorContract"/> class.
+		/// </summary>
+		protected IRelyingPartyBehaviorContract() {
+		}
+
+		#region IRelyingPartyBehavior Members
+
+		/// <summary>
+		/// Applies a well known set of security requirements to a default set of security settings.
+		/// </summary>
+		/// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param>
+		/// <remarks>
+		/// Care should be taken to never decrease security when applying a profile.
+		/// Profiles should only enhance security requirements to avoid being
+		/// incompatible with each other.
+		/// </remarks>
+		void IRelyingPartyBehavior.ApplySecuritySettings(RelyingPartySecuritySettings securitySettings) {
+			Contract.Requires<ArgumentNullException>(securitySettings != null);
+		}
+
+		/// <summary>
+		/// Called when an authentication request is about to be sent.
+		/// </summary>
+		/// <param name="request">The request.</param>
+		/// <remarks>
+		/// Implementations should be prepared to be called multiple times on the same outgoing message
+		/// without malfunctioning.
+		/// </remarks>
+		void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(IAuthenticationRequest request) {
+			Contract.Requires<ArgumentNullException>(request != null);
+		}
+
+		/// <summary>
+		/// Called when an incoming positive assertion is received.
+		/// </summary>
+		/// <param name="assertion">The positive assertion.</param>
+		void IRelyingPartyBehavior.OnIncomingPositiveAssertion(IAuthenticationResponse assertion) {
+			Contract.Requires<ArgumentNullException>(assertion != null);
+		}
+
+		#endregion
+	}
 }