public void DiscoveryRequiresSslIgnoresInsecureEndpointsInXrds()
 {
     var insecureEndpoint = GetServiceEndpoint(0, ProtocolVersion.V20, 10, false);
     var secureEndpoint = GetServiceEndpoint(1, ProtocolVersion.V20, 20, true);
     UriIdentifier secureClaimedId = new UriIdentifier(VanityUriSsl, true);
     this.MockResponder.RegisterMockXrdsResponse(secureClaimedId, new ServiceEndpoint[] { insecureEndpoint, secureEndpoint });
     Assert.AreEqual(secureEndpoint.ProviderLocalIdentifier, secureClaimedId.Discover(this.RequestHandler).Single().ProviderLocalIdentifier);
 }
        public void DiscoveryWithRedirects()
        {
            Identifier claimedId = this.GetMockIdentifier(ProtocolVersion.V20, false);

            // Add a couple of chained redirect pages that lead to the claimedId.
            Uri userSuppliedUri = new Uri("https://localhost/someSecurePage");
            Uri insecureMidpointUri = new Uri("http://localhost/insecureStop");
            this.MockResponder.RegisterMockRedirect(userSuppliedUri, insecureMidpointUri);
            this.MockResponder.RegisterMockRedirect(insecureMidpointUri, new Uri(claimedId.ToString()));

            // don't require secure SSL discovery for this test.
            Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, false);
            Assert.AreEqual(1, userSuppliedIdentifier.Discover(this.RequestHandler).Count());
        }
        public void DiscoveryRequireSslWithInsecureXrdsInSecureHttpHeader()
        {
            var insecureXrdsSource = this.GetMockIdentifier(ProtocolVersion.V20, false);

            string html = "<html><head></head><body></body></html>";
            WebHeaderCollection headers = new WebHeaderCollection {
                { "X-XRDS-Location", insecureXrdsSource }
            };
            this.MockResponder.RegisterMockResponse(VanityUriSsl, VanityUriSsl, "text/html", headers, html);

            Identifier userSuppliedIdentifier = new UriIdentifier(VanityUriSsl, true);
            Assert.AreEqual(0, userSuppliedIdentifier.Discover(this.RequestHandler).Count());
        }
        public void DiscoveryRequireSslWithInsecureXrdsInSecureHtmlHead()
        {
            var insecureXrdsSource = this.GetMockIdentifier(ProtocolVersion.V20, false);
            Uri secureClaimedUri = new Uri("https://localhost/secureId");

            string html = string.Format("<html><head><meta http-equiv='X-XRDS-Location' content='{0}'/></head><body></body></html>", insecureXrdsSource);
            this.MockResponder.RegisterMockResponse(secureClaimedUri, "text/html", html);

            Identifier userSuppliedIdentifier = new UriIdentifier(secureClaimedUri, true);
            Assert.AreEqual(0, userSuppliedIdentifier.Discover(this.RequestHandler).Count());
        }
        public void DiscoveryRequireSslWithInsecureXrdsButSecureLinkTags()
        {
            var insecureXrdsSource = this.GetMockIdentifier(ProtocolVersion.V20, false);
            string html = string.Format(
                @"
            <html><head>
            <meta http-equiv='X-XRDS-Location' content='{0}'/> <!-- this one will be insecure and ignored -->
            <link rel='openid2.provider' href='{1}' />
            <link rel='openid2.local_id' href='{2}' />
            </head><body></body></html>",
                HttpUtility.HtmlEncode(insecureXrdsSource),
                HttpUtility.HtmlEncode(OPUriSsl.AbsoluteUri),
                HttpUtility.HtmlEncode(OPLocalIdentifiersSsl[1].AbsoluteUri));
            this.MockResponder.RegisterMockResponse(VanityUriSsl, "text/html", html);

            Identifier userSuppliedIdentifier = new UriIdentifier(VanityUriSsl, true);

            // We verify that the XRDS was ignored and the LINK tags were used
            // because the XRDS OP-LocalIdentifier uses different local identifiers.
            Assert.AreEqual(OPLocalIdentifiersSsl[1], userSuppliedIdentifier.Discover(this.RequestHandler).Single().ProviderLocalIdentifier);
        }
        public void DiscoverRequireSslWithSecureRedirects()
        {
            Identifier claimedId = this.GetMockIdentifier(ProtocolVersion.V20, true);

            // Add a couple of chained redirect pages that lead to the claimedId.
            // All redirects should be secure.
            Uri userSuppliedUri = new Uri("https://localhost/someSecurePage");
            Uri secureMidpointUri = new Uri("https://localhost/secureStop");
            this.MockResponder.RegisterMockRedirect(userSuppliedUri, secureMidpointUri);
            this.MockResponder.RegisterMockRedirect(secureMidpointUri, new Uri(claimedId.ToString()));

            Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, true);
            Assert.AreEqual(1, userSuppliedIdentifier.Discover(this.RequestHandler).Count());
        }
        public void DiscoverRequireSslWithInsecureRedirect()
        {
            Identifier claimedId = this.GetMockIdentifier(ProtocolVersion.V20, true);

            // Add a couple of chained redirect pages that lead to the claimedId.
            // Include an insecure HTTP jump in those redirects to verify that
            // the ultimate endpoint is never found as a result of high security profile.
            Uri userSuppliedUri = new Uri("https://localhost/someSecurePage");
            Uri insecureMidpointUri = new Uri("http://localhost/insecureStop");
            this.MockResponder.RegisterMockRedirect(userSuppliedUri, insecureMidpointUri);
            this.MockResponder.RegisterMockRedirect(insecureMidpointUri, new Uri(claimedId.ToString()));

            Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, true);
            userSuppliedIdentifier.Discover(this.RequestHandler);
        }