From bfa63765c562c0e114d3d1b88e9318746ab9dd50 Mon Sep 17 00:00:00 2001
From: Andrew Arnott <andrewarnott@gmail.com>
Date: Thu, 15 Jan 2009 22:56:00 -0800
Subject: [PATCH] Refactored the entire .config file supporting classes, and
 added a .config element for maximum user agent authentication time.

---
 src/DotNetOpenAuth.Test/App.config                 | 42 +++++++++++++++
 .../Configuration/SectionTests.cs                  | 62 +++++++++++++++++++++
 src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj |  4 ++
 .../Messaging/CollectionAssert.cs                  | 16 ++++++
 src/DotNetOpenAuth.Test/OpenId/OpenIdTestBase.cs   |  4 +-
 .../Configuration/AssociationTypeCollection.cs     |  7 ++-
 .../Configuration/DotNetOpenAuthSection.cs         | 62 +++++++++++++++++++++
 .../Configuration/MessagingElement.cs              | 30 +++++++++++
 src/DotNetOpenAuth/Configuration/OpenIdElement.cs  | 63 ++++++++++++++++++++++
 ...ProviderSection.cs => OpenIdProviderElement.cs} | 20 ++-----
 ...artySection.cs => OpenIdRelyingPartyElement.cs} | 20 ++-----
 ...estSection.cs => UntrustedWebRequestElement.cs} | 23 +-------
 src/DotNetOpenAuth/DotNetOpenAuth.csproj           | 10 ++--
 .../Messaging/UntrustedWebRequestHandler.cs        |  4 +-
 src/DotNetOpenAuth/OpenId/Association.cs           |  5 +-
 src/DotNetOpenAuth/OpenId/Configuration.cs         | 34 ------------
 .../OpenId/Provider/OpenIdProvider.cs              |  4 +-
 .../Provider/StandardProviderApplicationStore.cs   |  3 +-
 .../OpenId/RelyingParty/OpenIdRelyingParty.cs      |  4 +-
 .../StandardRelyingPartyApplicationStore.cs        |  3 +-
 20 files changed, 313 insertions(+), 107 deletions(-)
 create mode 100644 src/DotNetOpenAuth.Test/App.config
 create mode 100644 src/DotNetOpenAuth.Test/Configuration/SectionTests.cs
 create mode 100644 src/DotNetOpenAuth/Configuration/DotNetOpenAuthSection.cs
 create mode 100644 src/DotNetOpenAuth/Configuration/MessagingElement.cs
 create mode 100644 src/DotNetOpenAuth/Configuration/OpenIdElement.cs
 rename src/DotNetOpenAuth/Configuration/{ProviderSection.cs => OpenIdProviderElement.cs} (70%)
 rename src/DotNetOpenAuth/Configuration/{RelyingPartySection.cs => OpenIdRelyingPartyElement.cs} (69%)
 rename src/DotNetOpenAuth/Configuration/{UntrustedWebRequestSection.cs => UntrustedWebRequestElement.cs} (86%)
 delete mode 100644 src/DotNetOpenAuth/OpenId/Configuration.cs

diff --git a/src/DotNetOpenAuth.Test/App.config b/src/DotNetOpenAuth.Test/App.config
new file mode 100644
index 0000000..68d05e5
--- /dev/null
+++ b/src/DotNetOpenAuth.Test/App.config
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+	<configSections>
+		<section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth"/>
+	</configSections>
+	<dotNetOpenAuth>
+		<!-- The values here are carefully chosen to be somewhat weird so that tests can be 
+		     reasonably confident that if the values are the weird ones here that they did
+		     indeed come from the config file and not from a programmatic default. -->
+		<messaging>
+			<untrustedWebRequest timeout="01:23:45" readWriteTimeout="01:23:56" maximumBytesToRead="500001" maximumRedirections="9">
+				<whitelistHosts>
+					<add name="evilButTrusted"/>
+				</whitelistHosts>
+				<whitelistHostsRegex>
+					<add name=".+trusted.+"/>
+				</whitelistHostsRegex>
+				<blacklistHosts>
+					<add name="positivelyevil"/>
+				</blacklistHosts>
+				<blacklistHostsRegex>
+					<add name=".+veryevil.+"/>
+				</blacklistHostsRegex>
+			</untrustedWebRequest>
+		</messaging>
+		<openid maxAuthenticationTime="8:17">
+			<relyingParty>
+				<!--<store type=""/>-->
+				<security minimumRequiredOpenIdVersion="V10" minimumHashBitLength="6" maximumHashBitLength="301" requireSsl="false"/>
+			</relyingParty>
+			<provider>
+				<!--<store type=""/>-->
+				<security protectDownlevelReplayAttacks="false" minimumHashBitLength="7" maximumHashBitLength="302">
+					<associations>
+						<add type="HMAC-SHA1" lifetime="2.00:00:02" />
+						<add type="HMAC-SHA256" lifetime="14.00:00:14" />
+					</associations>
+				</security>
+			</provider>
+		</openid>
+	</dotNetOpenAuth>
+</configuration>
\ No newline at end of file
diff --git a/src/DotNetOpenAuth.Test/Configuration/SectionTests.cs b/src/DotNetOpenAuth.Test/Configuration/SectionTests.cs
new file mode 100644
index 0000000..d2f6f04
--- /dev/null
+++ b/src/DotNetOpenAuth.Test/Configuration/SectionTests.cs
@@ -0,0 +1,62 @@
+//-----------------------------------------------------------------------
+// <copyright file="SectionTests.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Test.Configuration {
+	using System;
+	using System.Linq;
+	using DotNetOpenAuth.Configuration;
+	using DotNetOpenAuth.OpenId;
+	using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+	[TestClass]
+	public class SectionTests {
+		[TestMethod]
+		public void UntrustedWebRequest() {
+			var uwr = DotNetOpenAuthSection.Configuration.Messaging.UntrustedWebRequest;
+
+			Assert.AreEqual(TimeSpan.Parse("01:23:45"), uwr.Timeout);
+			Assert.AreEqual(TimeSpan.Parse("01:23:56"), uwr.ReadWriteTimeout);
+			Assert.AreEqual(500001, uwr.MaximumBytesToRead);
+			Assert.AreEqual(9, uwr.MaximumRedirections);
+
+			// Verify whitelists and blacklists
+			Assert.AreEqual("positivelyevil", uwr.BlacklistHosts.KeysAsStrings.Single());
+			Assert.AreEqual(".+veryevil.+", uwr.BlacklistHostsRegex.KeysAsStrings.Single());
+			Assert.AreEqual("evilButTrusted", uwr.WhitelistHosts.KeysAsStrings.Single());
+			Assert.AreEqual(".+trusted.+", uwr.WhitelistHostsRegex.KeysAsStrings.Single());
+		}
+
+		[TestMethod]
+		public void OpenIdMaxAuthenticationTime() {
+			Assert.AreEqual(TimeSpan.Parse("8:17"), DotNetOpenAuthSection.Configuration.OpenId.MaxAuthenticationTime);
+		}
+
+		[TestMethod]
+		public void OpenIdRelyingParty() {
+			var rp = DotNetOpenAuthSection.Configuration.OpenId.RelyingParty;
+			Assert.IsNull(rp.ApplicationStore.CustomType);
+
+			Assert.AreEqual(ProtocolVersion.V10, rp.SecuritySettings.MinimumRequiredOpenIdVersion);
+			Assert.AreEqual(6, rp.SecuritySettings.MinimumHashBitLength);
+			Assert.AreEqual(301, rp.SecuritySettings.MaximumHashBitLength);
+			Assert.IsFalse(rp.SecuritySettings.RequireSsl);
+		}
+
+		[TestMethod]
+		public void OpenIdProvider() {
+			var op = DotNetOpenAuthSection.Configuration.OpenId.Provider;
+			Assert.IsNull(op.ApplicationStore.CustomType);
+
+			Assert.IsFalse(op.SecuritySettings.ProtectDownlevelReplayAttacks);
+			Assert.AreEqual(7, op.SecuritySettings.MinimumHashBitLength);
+			Assert.AreEqual(302, op.SecuritySettings.MaximumHashBitLength);
+
+			Assert.AreEqual(2, op.SecuritySettings.AssociationLifetimes.Count);
+			Assert.AreEqual(TimeSpan.Parse("2.00:00:02"), op.SecuritySettings.AssociationLifetimes.Single(a => a.AssociationType == "HMAC-SHA1").MaximumLifetime);
+			Assert.AreEqual(TimeSpan.Parse("14.00:00:14"), op.SecuritySettings.AssociationLifetimes.Single(a => a.AssociationType == "HMAC-SHA256").MaximumLifetime);
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
index 75aec44..67324e6 100644
--- a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
+++ b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
@@ -59,6 +59,7 @@
     </Reference>
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="Configuration\SectionTests.cs" />
     <Compile Include="CoordinatorBase.cs" />
     <Compile Include="Hosting\AspNetHost.cs" />
     <Compile Include="Hosting\HttpHost.cs" />
@@ -192,6 +193,9 @@
   <ItemGroup>
     <EmbeddedResource Include="OpenId\dhpriv.txt" />
   </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
   <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
   <Import Project="..\..\tools\DotNetOpenAuth.Versioning.targets" />
 </Project>
\ No newline at end of file
diff --git a/src/DotNetOpenAuth.Test/Messaging/CollectionAssert.cs b/src/DotNetOpenAuth.Test/Messaging/CollectionAssert.cs
index c3273e8..f9e569a 100644
--- a/src/DotNetOpenAuth.Test/Messaging/CollectionAssert.cs
+++ b/src/DotNetOpenAuth.Test/Messaging/CollectionAssert.cs
@@ -7,20 +7,36 @@
 namespace DotNetOpenAuth.Test.Messaging {
 	using System.Collections;
 	using System.Collections.Generic;
+	using System.Linq;
+	using DotNetOpenAuth.Messaging;
 	using Microsoft.VisualStudio.TestTools.UnitTesting;
 
 	internal class CollectionAssert<T> {
 		internal static void AreEquivalent(ICollection<T> expected, ICollection<T> actual) {
+			ErrorUtilities.VerifyArgumentNotNull(expected, "expected");
+			ErrorUtilities.VerifyArgumentNotNull(actual, "actual");
+
 			ICollection expectedNonGeneric = new List<T>(expected);
 			ICollection actualNonGeneric = new List<T>(actual);
 			CollectionAssert.AreEquivalent(expectedNonGeneric, actualNonGeneric);
 		}
 
 		internal static void AreEquivalentByEquality(ICollection<T> expected, ICollection<T> actual) {
+			ErrorUtilities.VerifyArgumentNotNull(expected, "expected");
+			ErrorUtilities.VerifyArgumentNotNull(actual, "actual");
+
 			Assert.AreEqual(expected.Count, actual.Count);
 			foreach (T value in expected) {
 				Assert.IsTrue(actual.Contains(value));
 			}
 		}
+
+		internal static void Contains(IEnumerable<T> sequence, T element) {
+			ErrorUtilities.VerifyArgumentNotNull(sequence, "sequence");
+
+			if (!sequence.Contains(element)) {
+				Assert.Fail("Sequence did not include expected element '{0}'.", element);
+			}
+		}
 	}
 }
diff --git a/src/DotNetOpenAuth.Test/OpenId/OpenIdTestBase.cs b/src/DotNetOpenAuth.Test/OpenId/OpenIdTestBase.cs
index 9d15215..273b150 100644
--- a/src/DotNetOpenAuth.Test/OpenId/OpenIdTestBase.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/OpenIdTestBase.cs
@@ -32,8 +32,8 @@ namespace DotNetOpenAuth.Test.OpenId {
 		public override void SetUp() {
 			base.SetUp();
 
-			this.RelyingPartySecuritySettings = RelyingPartySection.Configuration.SecuritySettings.CreateSecuritySettings();
-			this.ProviderSecuritySettings = ProviderSection.Configuration.SecuritySettings.CreateSecuritySettings();
+			this.RelyingPartySecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.SecuritySettings.CreateSecuritySettings();
+			this.ProviderSecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.Provider.SecuritySettings.CreateSecuritySettings();
 
 			this.MockResponder = MockHttpRequest.CreateUntrustedMockHttpHandler();
 			this.RequestHandler = this.MockResponder.MockWebRequestHandler;
diff --git a/src/DotNetOpenAuth/Configuration/AssociationTypeCollection.cs b/src/DotNetOpenAuth/Configuration/AssociationTypeCollection.cs
index 454168c..c75ceb6 100644
--- a/src/DotNetOpenAuth/Configuration/AssociationTypeCollection.cs
+++ b/src/DotNetOpenAuth/Configuration/AssociationTypeCollection.cs
@@ -5,11 +5,8 @@
 //-----------------------------------------------------------------------
 
 namespace DotNetOpenAuth.Configuration {
-	using System;
 	using System.Collections.Generic;
 	using System.Configuration;
-	using System.Linq;
-	using System.Text;
 
 	/// <summary>
 	/// Describes a collection of association type sub-elements in a .config file.
@@ -30,7 +27,9 @@ namespace DotNetOpenAuth.Configuration {
 		/// A <see cref="T:System.Collections.Generic.IEnumerator`1"/> that can be used to iterate through the collection.
 		/// </returns>
 		public new IEnumerator<AssociationTypeElement> GetEnumerator() {
-			return this.Cast<AssociationTypeElement>().GetEnumerator();
+			for (int i = 0; i < Count; i++) {
+				yield return (AssociationTypeElement)BaseGet(i);
+			}
 		}
 
 		#endregion
diff --git a/src/DotNetOpenAuth/Configuration/DotNetOpenAuthSection.cs b/src/DotNetOpenAuth/Configuration/DotNetOpenAuthSection.cs
new file mode 100644
index 0000000..68b663c
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/DotNetOpenAuthSection.cs
@@ -0,0 +1,62 @@
+//-----------------------------------------------------------------------
+// <copyright file="DotNetOpenAuthSection.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+	using System.Configuration;
+
+	/// <summary>
+	/// Represents the section in the host's .config file that configures
+	/// this library's settings.
+	/// </summary>
+	internal class DotNetOpenAuthSection : ConfigurationSection {
+		/// <summary>
+		/// The name of the section under which this library's settings must be found.
+		/// </summary>
+		private const string SectionName = "dotNetOpenAuth";
+
+		/// <summary>
+		/// The name of the &lt;messaging&gt; sub-element.
+		/// </summary>
+		private const string MessagingElementName = "messaging";
+
+		/// <summary>
+		/// The name of the &lt;openid&gt; sub-element.
+		/// </summary>
+		private const string OpenIdElementName = "openid";
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="DotNetOpenAuthSection"/> class.
+		/// </summary>
+		internal DotNetOpenAuthSection() {
+			SectionInformation.AllowLocation = false;
+		}
+
+		/// <summary>
+		/// Gets the configuration section from the .config file.
+		/// </summary>
+		internal static DotNetOpenAuthSection Configuration {
+			get { return (DotNetOpenAuthSection)ConfigurationManager.GetSection(SectionName); }
+		}
+
+		/// <summary>
+		/// Gets or sets the configuration for the messaging framework.
+		/// </summary>
+		[ConfigurationProperty(MessagingElementName)]
+		internal MessagingElement Messaging {
+			get { return (MessagingElement)this[MessagingElementName] ?? new MessagingElement(); }
+			set { this[MessagingElementName] = value; }
+		}
+
+		/// <summary>
+		/// Gets or sets the configuration for OpenID.
+		/// </summary>
+		[ConfigurationProperty(OpenIdElementName)]
+		internal OpenIdElement OpenId {
+			get { return (OpenIdElement)this[OpenIdElementName] ?? new OpenIdElement(); }
+			set { this[OpenIdElementName] = value; }
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth/Configuration/MessagingElement.cs b/src/DotNetOpenAuth/Configuration/MessagingElement.cs
new file mode 100644
index 0000000..43aadfc
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/MessagingElement.cs
@@ -0,0 +1,30 @@
+//-----------------------------------------------------------------------
+// <copyright file="MessagingElement.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+	using System.Configuration;
+	using DotNetOpenAuth.Messaging;
+
+	/// <summary>
+	/// Represents the &lt;messaging&gt; element in the host's .config file.
+	/// </summary>
+	internal class MessagingElement : ConfigurationElement {
+		/// <summary>
+		/// The name of the &lt;untrustedWebRequest&gt; sub-element.
+		/// </summary>
+		private const string UntrustedWebRequestElementName = "untrustedWebRequest";
+
+		/// <summary>
+		/// Gets or sets the configuration for the <see cref="UntrustedWebRequestHandler"/> class.
+		/// </summary>
+		/// <value>The untrusted web request.</value>
+		[ConfigurationProperty(UntrustedWebRequestElementName)]
+		internal UntrustedWebRequestElement UntrustedWebRequest {
+			get { return (UntrustedWebRequestElement)this[UntrustedWebRequestElementName] ?? new UntrustedWebRequestElement(); }
+			set { this[UntrustedWebRequestElementName] = value; }
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth/Configuration/OpenIdElement.cs b/src/DotNetOpenAuth/Configuration/OpenIdElement.cs
new file mode 100644
index 0000000..bdc6ca3
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/OpenIdElement.cs
@@ -0,0 +1,63 @@
+//-----------------------------------------------------------------------
+// <copyright file="OpenIdElement.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+	using System;
+	using System.Configuration;
+
+	/// <summary>
+	/// Represents the &lt;openid&gt; element in the host's .config file.
+	/// </summary>
+	internal class OpenIdElement : ConfigurationElement {
+		/// <summary>
+		/// Gets the name of the &lt;relyingParty&gt; sub-element.
+		/// </summary>
+		private const string RelyingPartyElementName = "relyingParty";
+
+		/// <summary>
+		/// Gets the name of the &lt;provider&gt; sub-element.
+		/// </summary>
+		private const string ProviderElementName = "provider";
+
+		/// <summary>
+		/// Gets the name of the @maxAuthenticationTime attribute.
+		/// </summary>
+		private const string MaxAuthenticationTimePropertyName = "maxAuthenticationTime";
+
+		/// <summary>
+		/// Gets or sets the maximum time a user can take to complete authentication.
+		/// </summary>
+		/// <remarks>
+		/// This time limit allows the library to decide how long to cache certain values
+		/// necessary to complete authentication.  The lower the time, the less demand on
+		/// the server.  But too short a time can frustrate the user.
+		/// </remarks>
+		[ConfigurationProperty(MaxAuthenticationTimePropertyName, DefaultValue = "5:00")]
+		[PositiveTimeSpanValidator]
+		internal TimeSpan MaxAuthenticationTime {
+			get { return (TimeSpan)this[MaxAuthenticationTimePropertyName]; }
+			set { this[MaxAuthenticationTimePropertyName] = value; }
+		}
+
+		/// <summary>
+		/// Gets or sets the configuration specific for Relying Parties.
+		/// </summary>
+		[ConfigurationProperty(RelyingPartyElementName)]
+		internal OpenIdRelyingPartyElement RelyingParty {
+			get { return (OpenIdRelyingPartyElement)this[RelyingPartyElementName] ?? new OpenIdRelyingPartyElement(); }
+			set { this[RelyingPartyElementName] = value; }
+		}
+
+		/// <summary>
+		/// Gets or sets the configuration specific for Providers.
+		/// </summary>
+		[ConfigurationProperty(ProviderElementName)]
+		internal OpenIdProviderElement Provider {
+			get { return (OpenIdProviderElement)this[ProviderElementName] ?? new OpenIdProviderElement(); }
+			set { this[ProviderElementName] = value; }
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth/Configuration/ProviderSection.cs b/src/DotNetOpenAuth/Configuration/OpenIdProviderElement.cs
similarity index 70%
rename from src/DotNetOpenAuth/Configuration/ProviderSection.cs
rename to src/DotNetOpenAuth/Configuration/OpenIdProviderElement.cs
index 12b88ac..5b51907 100644
--- a/src/DotNetOpenAuth/Configuration/ProviderSection.cs
+++ b/src/DotNetOpenAuth/Configuration/OpenIdProviderElement.cs
@@ -1,5 +1,5 @@
 //-----------------------------------------------------------------------
-// <copyright file="ProviderSection.cs" company="Andrew Arnott">
+// <copyright file="OpenIdProviderElement.cs" company="Andrew Arnott">
 //     Copyright (c) Andrew Arnott. All rights reserved.
 // </copyright>
 //-----------------------------------------------------------------------
@@ -11,12 +11,7 @@ namespace DotNetOpenAuth.Configuration {
 	/// <summary>
 	/// The section in the .config file that allows customization of OpenID Provider behaviors.
 	/// </summary>
-	internal class ProviderSection : ConfigurationSection {
-		/// <summary>
-		/// The path to the section in a .config file where these settings can be given.
-		/// </summary>
-		private const string SectionName = "dotNetOpenAuth/openid/provider";
-
+	internal class OpenIdProviderElement : ConfigurationElement {
 		/// <summary>
 		/// The name of the security sub-element.
 		/// </summary>
@@ -28,9 +23,9 @@ namespace DotNetOpenAuth.Configuration {
 		private const string StoreConfigName = "store";
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="ProviderSection"/> class.
+		/// Initializes a new instance of the <see cref="OpenIdProviderElement"/> class.
 		/// </summary>
-		public ProviderSection() {
+		public OpenIdProviderElement() {
 		}
 
 		/// <summary>
@@ -50,12 +45,5 @@ namespace DotNetOpenAuth.Configuration {
 			get { return (TypeConfigurationElement<IProviderApplicationStore>)this[StoreConfigName] ?? new TypeConfigurationElement<IProviderApplicationStore>(); }
 			set { this[StoreConfigName] = value; }
 		}
-
-		/// <summary>
-		/// Gets the configuration element from the .config file.
-		/// </summary>
-		internal static ProviderSection Configuration {
-			get { return (ProviderSection)ConfigurationManager.GetSection(SectionName) ?? new ProviderSection(); }
-		}
 	}
 }
diff --git a/src/DotNetOpenAuth/Configuration/RelyingPartySection.cs b/src/DotNetOpenAuth/Configuration/OpenIdRelyingPartyElement.cs
similarity index 69%
rename from src/DotNetOpenAuth/Configuration/RelyingPartySection.cs
rename to src/DotNetOpenAuth/Configuration/OpenIdRelyingPartyElement.cs
index 69b2af4..cb20c19 100644
--- a/src/DotNetOpenAuth/Configuration/RelyingPartySection.cs
+++ b/src/DotNetOpenAuth/Configuration/OpenIdRelyingPartyElement.cs
@@ -1,5 +1,5 @@
 //-----------------------------------------------------------------------
-// <copyright file="RelyingPartySection.cs" company="Andrew Arnott">
+// <copyright file="OpenIdRelyingPartyElement.cs" company="Andrew Arnott">
 //     Copyright (c) Andrew Arnott. All rights reserved.
 // </copyright>
 //-----------------------------------------------------------------------
@@ -11,12 +11,7 @@ namespace DotNetOpenAuth.Configuration {
 	/// <summary>
 	/// The section in the .config file that allows customization of OpenID Relying Party behaviors.
 	/// </summary>
-	internal class RelyingPartySection : ConfigurationSection {
-		/// <summary>
-		/// The path to the section in a .config file where these settings can be given.
-		/// </summary>
-		private const string SectionName = "dotNetOpenAuth/openid/relyingParty";
-
+	internal class OpenIdRelyingPartyElement : ConfigurationElement {
 		/// <summary>
 		/// The name of the custom store sub-element.
 		/// </summary>
@@ -28,9 +23,9 @@ namespace DotNetOpenAuth.Configuration {
 		private const string SecuritySettingsConfigName = "security";
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="RelyingPartySection"/> class.
+		/// Initializes a new instance of the <see cref="OpenIdRelyingPartyElement"/> class.
 		/// </summary>
-		public RelyingPartySection() {
+		public OpenIdRelyingPartyElement() {
 		}
 
 		/// <summary>
@@ -50,12 +45,5 @@ namespace DotNetOpenAuth.Configuration {
 			get { return (TypeConfigurationElement<IRelyingPartyApplicationStore>)this[StoreConfigName] ?? new TypeConfigurationElement<IRelyingPartyApplicationStore>(); }
 			set { this[StoreConfigName] = value; }
 		}
-
-		/// <summary>
-		/// Gets the configuration element from the .config file.
-		/// </summary>
-		internal static RelyingPartySection Configuration {
-			get { return (RelyingPartySection)ConfigurationManager.GetSection(SectionName) ?? new RelyingPartySection(); }
-		}
 	}
 }
diff --git a/src/DotNetOpenAuth/Configuration/UntrustedWebRequestSection.cs b/src/DotNetOpenAuth/Configuration/UntrustedWebRequestElement.cs
similarity index 86%
rename from src/DotNetOpenAuth/Configuration/UntrustedWebRequestSection.cs
rename to src/DotNetOpenAuth/Configuration/UntrustedWebRequestElement.cs
index f819f11..461b8a8 100644
--- a/src/DotNetOpenAuth/Configuration/UntrustedWebRequestSection.cs
+++ b/src/DotNetOpenAuth/Configuration/UntrustedWebRequestElement.cs
@@ -1,5 +1,5 @@
 //-----------------------------------------------------------------------
-// <copyright file="UntrustedWebRequestSection.cs" company="Andrew Arnott">
+// <copyright file="UntrustedWebRequestElement.cs" company="Andrew Arnott">
 //     Copyright (c) Andrew Arnott. All rights reserved.
 // </copyright>
 //-----------------------------------------------------------------------
@@ -12,12 +12,7 @@ namespace DotNetOpenAuth.Configuration {
 	/// Represents the section of a .config file where security policies regarding web requests
 	/// to user-provided, untrusted servers is controlled.
 	/// </summary>
-	internal class UntrustedWebRequestSection : ConfigurationSection {
-		/// <summary>
-		/// The path to the section in a .config file where these settings can be given.
-		/// </summary>
-		private const string SectionName = "dotNetOpenAuth/messaging/untrustedWebRequest";
-
+	internal class UntrustedWebRequestElement : ConfigurationElement {
 		#region Attribute names
 
 		/// <summary>
@@ -63,13 +58,6 @@ namespace DotNetOpenAuth.Configuration {
 		#endregion
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="UntrustedWebRequestSection"/> class.
-		/// </summary>
-		public UntrustedWebRequestSection() {
-			SectionInformation.AllowLocation = false;
-		}
-
-		/// <summary>
 		/// Gets or sets the read/write timeout after which an HTTP request will fail.
 		/// </summary>
 		[ConfigurationProperty(ReadWriteTimeoutConfigName, DefaultValue = "00:00:00.800")]
@@ -148,12 +136,5 @@ namespace DotNetOpenAuth.Configuration {
 			get { return (HostNameOrRegexCollection)this[BlacklistHostsRegexConfigName] ?? new HostNameOrRegexCollection(); }
 			set { this[BlacklistHostsRegexConfigName] = value; }
 		}
-
-		/// <summary>
-		/// Gets the configuration element from the .config file.
-		/// </summary>
-		internal static UntrustedWebRequestSection Configuration {
-			get { return (UntrustedWebRequestSection)ConfigurationManager.GetSection(SectionName) ?? new UntrustedWebRequestSection(); }
-		}
 	}
 }
diff --git a/src/DotNetOpenAuth/DotNetOpenAuth.csproj b/src/DotNetOpenAuth/DotNetOpenAuth.csproj
index fcb9226..43a527e 100644
--- a/src/DotNetOpenAuth/DotNetOpenAuth.csproj
+++ b/src/DotNetOpenAuth/DotNetOpenAuth.csproj
@@ -66,12 +66,15 @@
   <ItemGroup>
     <Compile Include="Configuration\AssociationTypeCollection.cs" />
     <Compile Include="Configuration\AssociationTypeElement.cs" />
-    <Compile Include="Configuration\ProviderSection.cs" />
+    <Compile Include="Configuration\DotNetOpenAuthSection.cs" />
+    <Compile Include="Configuration\MessagingElement.cs" />
+    <Compile Include="Configuration\OpenIdElement.cs" />
+    <Compile Include="Configuration\OpenIdProviderElement.cs" />
     <Compile Include="Configuration\ProviderSecuritySettingsElement.cs" />
-    <Compile Include="Configuration\RelyingPartySection.cs" />
+    <Compile Include="Configuration\OpenIdRelyingPartyElement.cs" />
     <Compile Include="Configuration\RelyingPartySecuritySettingsElement.cs" />
     <Compile Include="Configuration\TypeConfigurationElement.cs" />
-    <Compile Include="Configuration\UntrustedWebRequestSection.cs" />
+    <Compile Include="Configuration\UntrustedWebRequestElement.cs" />
     <Compile Include="Configuration\HostNameOrRegexCollection.cs" />
     <Compile Include="Configuration\HostNameElement.cs" />
     <Compile Include="Messaging\CachedDirectWebResponse.cs" />
@@ -179,7 +182,6 @@
     <Compile Include="OpenId\ChannelElements\OpenIdChannel.cs" />
     <Compile Include="OpenId\ChannelElements\OpenIdMessageFactory.cs" />
     <Compile Include="OpenId\ChannelElements\ReturnToSignatureBindingElement.cs" />
-    <Compile Include="OpenId\Configuration.cs" />
     <Compile Include="OpenId\Extensions\AliasManager.cs" />
     <Compile Include="OpenId\Extensions\ExtensionBase.cs" />
     <Compile Include="OpenId\Extensions\ExtensionArgumentsManager.cs" />
diff --git a/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs b/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs
index bc2b34a..f2a72a3 100644
--- a/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs
+++ b/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs
@@ -175,8 +175,8 @@ namespace DotNetOpenAuth.Messaging {
 		/// <summary>
 		/// Gets the configuration for this class that is specified in the host's .config file.
 		/// </summary>
-		private static UntrustedWebRequestSection Configuration {
-			get { return UntrustedWebRequestSection.Configuration; }
+		private static UntrustedWebRequestElement Configuration {
+			get { return DotNetOpenAuthSection.Configuration.Messaging.UntrustedWebRequest; }
 		}
 
 		#region IDirectSslWebRequestHandler Members
diff --git a/src/DotNetOpenAuth/OpenId/Association.cs b/src/DotNetOpenAuth/OpenId/Association.cs
index 29183da..de25c88 100644
--- a/src/DotNetOpenAuth/OpenId/Association.cs
+++ b/src/DotNetOpenAuth/OpenId/Association.cs
@@ -16,6 +16,7 @@ namespace DotNetOpenAuth.OpenId {
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OpenId.ChannelElements;
 	using DotNetOpenAuth.OpenId.Messages;
+	using DotNetOpenAuth.Configuration;
 
 	/// <summary>
 	/// Stores a secret used in signing and verifying messages.
@@ -96,7 +97,7 @@ namespace DotNetOpenAuth.OpenId {
 		/// Gets the duration a secret key used for signing dumb client requests will be good for.
 		/// </summary>
 		protected static TimeSpan DumbSecretLifetime {
-			get { return Configuration.MaximumUserAgentAuthenticationTime; }
+			get { return DotNetOpenAuthSection.Configuration.OpenId.MaxAuthenticationTime; }
 		}
 
 		/// <summary>
@@ -111,7 +112,7 @@ namespace DotNetOpenAuth.OpenId {
 		/// Associations that are not likely to last the duration of a user login are not worth using at all.
 		/// </remarks>
 		private static TimeSpan MinimumUsefulAssociationLifetime {
-			get { return Configuration.MaximumUserAgentAuthenticationTime; }
+			get { return DotNetOpenAuthSection.Configuration.OpenId.MaxAuthenticationTime; }
 		}
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth/OpenId/Configuration.cs b/src/DotNetOpenAuth/OpenId/Configuration.cs
deleted file mode 100644
index b3cbb35..0000000
--- a/src/DotNetOpenAuth/OpenId/Configuration.cs
+++ /dev/null
@@ -1,34 +0,0 @@
-//-----------------------------------------------------------------------
-// <copyright file="Configuration.cs" company="Andrew Arnott">
-//     Copyright (c) Andrew Arnott. All rights reserved.
-// </copyright>
-//-----------------------------------------------------------------------
-
-namespace DotNetOpenAuth.OpenId {
-	using System;
-	using System.Collections.Generic;
-	using System.Linq;
-	using System.Text;
-
-	/// <summary>
-	/// A set of adjustable properties that control various aspects of OpenID behavior.
-	/// </summary>
-	internal static class Configuration {
-		/// <summary>
-		/// Initializes static members of the <see cref="Configuration"/> class.
-		/// </summary>
-		static Configuration() {
-			MaximumUserAgentAuthenticationTime = TimeSpan.FromMinutes(5);
-		}
-
-		/// <summary>
-		/// Gets the maximum time a user can be allowed to take to complete authentication.
-		/// </summary>
-		/// <remarks>
-		/// This is used to calculate the length of time that nonces are stored.
-		/// This is internal until we can decide whether to leave this static, or make
-		/// it an instance member, or put it inside the IConsumerApplicationStore interface.
-		/// </remarks>
-		internal static TimeSpan MaximumUserAgentAuthenticationTime { get; private set; }
-	}
-}
diff --git a/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs b/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs
index 694d986..2ebf6d2 100644
--- a/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs
+++ b/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs
@@ -33,7 +33,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// Initializes a new instance of the <see cref="OpenIdProvider"/> class.
 		/// </summary>
 		public OpenIdProvider()
-			: this(DotNetOpenAuth.Configuration.ProviderSection.Configuration.ApplicationStore.CreateInstance(HttpApplicationStore)) {
+			: this(DotNetOpenAuthSection.Configuration.OpenId.Provider.ApplicationStore.CreateInstance(HttpApplicationStore)) {
 		}
 
 		/// <summary>
@@ -54,7 +54,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 			ErrorUtilities.VerifyArgumentNotNull(nonceStore, "nonceStore");
 
 			this.AssociationStore = associationStore;
-			this.SecuritySettings = ProviderSection.Configuration.SecuritySettings.CreateSecuritySettings();
+			this.SecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.Provider.SecuritySettings.CreateSecuritySettings();
 			this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings);
 		}
 
diff --git a/src/DotNetOpenAuth/OpenId/Provider/StandardProviderApplicationStore.cs b/src/DotNetOpenAuth/OpenId/Provider/StandardProviderApplicationStore.cs
index ac3eaeb..1763782 100644
--- a/src/DotNetOpenAuth/OpenId/Provider/StandardProviderApplicationStore.cs
+++ b/src/DotNetOpenAuth/OpenId/Provider/StandardProviderApplicationStore.cs
@@ -10,6 +10,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 	using System.Linq;
 	using System.Text;
 	using DotNetOpenAuth.Messaging.Bindings;
+	using DotNetOpenAuth.Configuration;
 
 	/// <summary>
 	/// An in-memory store for Providers, suitable for single server, single process
@@ -38,7 +39,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// Initializes a new instance of the <see cref="StandardProviderApplicationStore"/> class.
 		/// </summary>
 		public StandardProviderApplicationStore() {
-			this.nonceStore = new NonceMemoryStore(Configuration.MaximumUserAgentAuthenticationTime);
+			this.nonceStore = new NonceMemoryStore(DotNetOpenAuthSection.Configuration.OpenId.MaxAuthenticationTime);
 			this.associationStore = new AssociationMemoryStore<AssociationRelyingPartyType>();
 		}
 
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
index 351090f..0c29301 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
@@ -52,7 +52,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Initializes a new instance of the <see cref="OpenIdRelyingParty"/> class.
 		/// </summary>
 		public OpenIdRelyingParty()
-			: this(DotNetOpenAuth.Configuration.RelyingPartySection.Configuration.ApplicationStore.CreateInstance(HttpApplicationStore)) {
+			: this(DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.ApplicationStore.CreateInstance(HttpApplicationStore)) {
 		}
 
 		/// <summary>
@@ -76,7 +76,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 			ErrorUtilities.VerifyArgument(associationStore == null || nonceStore != null, OpenIdStrings.AssociationStoreRequiresNonceStore);
 
 			this.AssociationStore = associationStore;
-			this.SecuritySettings = RelyingPartySection.Configuration.SecuritySettings.CreateSecuritySettings();
+			this.SecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.SecuritySettings.CreateSecuritySettings();
 
 			// Without a nonce store, we must rely on the Provider to protect against
 			// replay attacks.  But only 2.0+ Providers can be expected to provide 
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/StandardRelyingPartyApplicationStore.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/StandardRelyingPartyApplicationStore.cs
index 542b5e1..682568c 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/StandardRelyingPartyApplicationStore.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/StandardRelyingPartyApplicationStore.cs
@@ -11,6 +11,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 	using System.Text;
 	using DotNetOpenAuth.Messaging.Bindings;
 	using DotNetOpenAuth.OpenId.ChannelElements;
+	using DotNetOpenAuth.Configuration;
 
 	/// <summary>
 	/// An in-memory store for Relying Parties, suitable for single server, single process
@@ -36,7 +37,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Initializes a new instance of the <see cref="StandardRelyingPartyApplicationStore"/> class.
 		/// </summary>
 		internal StandardRelyingPartyApplicationStore() {
-			this.nonceStore = new NonceMemoryStore(Configuration.MaximumUserAgentAuthenticationTime);
+			this.nonceStore = new NonceMemoryStore(DotNetOpenAuthSection.Configuration.OpenId.MaxAuthenticationTime);
 			this.associationStore = new AssociationMemoryStore<Uri>();
 			this.privateSecretStore = new PrivateSecretMemoryStore();
 		}
-- 
2.11.4.GIT