From 8ccee2f53c1503e82fcb100213d2ed07cfc60127 Mon Sep 17 00:00:00 2001 From: George Krechar Date: Mon, 13 Aug 2018 12:23:16 -0700 Subject: [PATCH] SAML2 EncryptedAssertion --- .../baseline/ApiCompatBaseline.net45.txt | 3 +- .../baseline/ApiCompatBaseline.net451.txt | 4 +- .../baseline/ApiCompatBaseline.net452.txt | 4 +- .../baseline/ApiCompatBaseline.net461.txt | 4 +- .../ApiCompatBaseline.netstandard1.4.txt | 4 +- .../ApiCompatBaseline.netstandard2.0.txt | 4 +- build/commonTest.props | 6 +- build/targets.props | 2 +- build/targetsTest.props | 4 +- .../AsyncTokenSample/common/KeyingMaterial.cs | 898 +++++++++++++++++ .../OpenIdConnectMessage.cs | 2 + ...dentityModel.Protocols.WsFederation.csproj | 2 +- .../Properties/AssemblyInfo.cs | 1 + .../Saml/SamlSecurityTokenHandler.cs | 8 +- .../Saml2/EncryptedAssertionHandler.cs | 430 ++++++++ ...enEncryptedAssertionDecryptionException.cs | 61 ++ ...enEncryptedAssertionEncryptionException.cs | 61 ++ ...ecurityTokenEncryptedAssertionException.cs | 61 ++ .../Saml2/IEncryptedAssertionHandler.cs | 69 ++ .../Saml2/InternalsVisibleTo.cs | 29 + .../Saml2/LogMessages.cs | 30 +- .../Saml2/Saml2Assertion.cs | 150 ++- .../Saml2/Saml2EncryptedAssertion.cs | 99 ++ .../Saml2/Saml2SecurityTokenHandler.cs | 60 +- .../Saml2/Saml2Serializer.cs | 111 ++- .../AsymmetricAdapter.cs | 23 +- .../AsymmetricSignatureProvider.cs | 2 +- .../CryptoProviderFactory.cs | 2 +- .../ECDsaAdapter.cs | 4 +- .../ECDsaSecurityKey.cs | 4 +- .../AuthenticatedEncryptionProvider.cs | 139 ++- .../InternalsVisibleTo.cs | 2 + .../JsonWebKeyConverter.cs | 4 +- .../LogMessages.cs | 3 + .../Microsoft.IdentityModel.Tokens.csproj | 4 +- .../RsaSecurityKey.cs | 2 +- .../SecurityAlgorithms.cs | 22 +- .../SupportedAlgorithms.cs | 2 +- src/Microsoft.IdentityModel.Tokens/Utility.cs | 19 + .../X509SecurityKey.cs | 4 +- .../Serialization/DefaultContractResolver.cs | 2 +- .../json/Serialization/JsonTypeReflector.cs | 2 +- src/Microsoft.IdentityModel.Xml/CipherData.cs | 110 +++ .../DataReference.cs | 68 ++ .../EncryptedData.cs | 70 ++ .../EncryptedKey.cs | 144 +++ .../EncryptedReference.cs | 74 ++ .../EncryptedType.cs | 175 ++++ .../EncryptionMethod.cs | 122 +++ src/Microsoft.IdentityModel.Xml/KeyInfo.cs | 149 +++ .../KeyReference.cs | 68 ++ .../LogMessages.cs | 4 + .../XMLEncryptionConstants.cs | 57 ++ .../XmlSignatureConstants.cs | 1 + src/Microsoft.IdentityModel.Xml/XmlUtil.cs | 30 + .../Saml2CrossVersionTokenValidationTests.cs | 2 + .../JsonWebTokenHandlerTests.cs | 36 + .../Default.cs | 2 + .../ExpectedException.cs | 16 + .../KeyingMaterial.cs | 4 + .../ReferenceTokens.cs | 114 ++- .../TheoryDataBase.cs | 8 + .../Helpers/AESGCMProviderFactory.cs | 46 + .../AesGcmAuthenticatedEncryptionProvider.cs | 163 +++ .../Saml2EncryptionTests.cs | 927 ++++++++++++++++++ .../Saml2SerializerTests.cs | 5 + .../Saml2TheoryData.cs | 2 +- .../EncryptingCredentialsTests.cs | 15 +- .../X509EncryptingCredentialsTests.cs | 16 +- .../CipherDataTests.cs | 110 +++ .../DataReferenceTests.cs | 109 ++ .../EncryptedDataTests.cs | 120 +++ .../EncryptedKeyTests.cs | 170 ++++ .../EncryptionMethodTests.cs | 109 ++ .../EnvelopedSignatureWriterTests.cs | 2 +- .../KeyInfoTests.cs | 3 +- .../KeyReferenceTests.cs | 108 ++ .../Microsoft.IdentityModel.Xml.Tests.csproj | 4 + .../CreateAndValidateTokens.cs | 48 +- 79 files changed, 5406 insertions(+), 152 deletions(-) create mode 100644 prototypes/AsyncTokenSample/common/KeyingMaterial.cs create mode 100644 src/Microsoft.IdentityModel.Tokens.Saml/Saml2/EncryptedAssertionHandler.cs create mode 100644 src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionDecryptionException.cs create mode 100644 src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionEncryptionException.cs create mode 100644 src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionException.cs create mode 100644 src/Microsoft.IdentityModel.Tokens.Saml/Saml2/IEncryptedAssertionHandler.cs create mode 100644 src/Microsoft.IdentityModel.Tokens.Saml/Saml2/InternalsVisibleTo.cs create mode 100644 src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2EncryptedAssertion.cs create mode 100644 src/Microsoft.IdentityModel.Xml/CipherData.cs create mode 100644 src/Microsoft.IdentityModel.Xml/DataReference.cs create mode 100644 src/Microsoft.IdentityModel.Xml/EncryptedData.cs create mode 100644 src/Microsoft.IdentityModel.Xml/EncryptedKey.cs create mode 100644 src/Microsoft.IdentityModel.Xml/EncryptedReference.cs create mode 100644 src/Microsoft.IdentityModel.Xml/EncryptedType.cs create mode 100644 src/Microsoft.IdentityModel.Xml/EncryptionMethod.cs create mode 100644 src/Microsoft.IdentityModel.Xml/KeyReference.cs create mode 100644 src/Microsoft.IdentityModel.Xml/XMLEncryptionConstants.cs create mode 100644 test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AESGCMProviderFactory.cs create mode 100644 test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AesGcmAuthenticatedEncryptionProvider.cs create mode 100644 test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2EncryptionTests.cs create mode 100644 test/Microsoft.IdentityModel.Xml.Tests/CipherDataTests.cs create mode 100644 test/Microsoft.IdentityModel.Xml.Tests/DataReferenceTests.cs create mode 100644 test/Microsoft.IdentityModel.Xml.Tests/EncryptedDataTests.cs create mode 100644 test/Microsoft.IdentityModel.Xml.Tests/EncryptedKeyTests.cs create mode 100644 test/Microsoft.IdentityModel.Xml.Tests/EncryptionMethodTests.cs create mode 100644 test/Microsoft.IdentityModel.Xml.Tests/KeyReferenceTests.cs diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.net45.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.net45.txt index 193c1d32ef..bfc71769c5 100644 --- a/Tools/apiCompat/baseline/ApiCompatBaseline.net45.txt +++ b/Tools/apiCompat/baseline/ApiCompatBaseline.net45.txt @@ -5,4 +5,5 @@ MembersMustExist : Member 'Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenI MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.JsonWebKeySet..ctor(System.String, Newtonsoft.Json.JsonSerializerSettings)' does not exist in the implementation but it does exist in the contract. TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract. MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract. -TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. \ No newline at end of file +TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. +MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract. diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.net451.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.net451.txt index e5728f13c5..f3975a0d02 100644 --- a/Tools/apiCompat/baseline/ApiCompatBaseline.net451.txt +++ b/Tools/apiCompat/baseline/ApiCompatBaseline.net451.txt @@ -4,4 +4,6 @@ CannotRemoveAttribute : Attribute 'Newtonsoft.Json.JsonObjectAttribute' exists o MembersMustExist : Member 'Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage..ctor(Newtonsoft.Json.Linq.JObject)' does not exist in the implementation but it does exist in the contract. TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract. MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract. -TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. \ No newline at end of file +TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. +MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract. + diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.net452.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.net452.txt index 527f810622..424e65aac9 100644 --- a/Tools/apiCompat/baseline/ApiCompatBaseline.net452.txt +++ b/Tools/apiCompat/baseline/ApiCompatBaseline.net452.txt @@ -1,3 +1,5 @@ TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract. MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract. -TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. \ No newline at end of file +TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. +MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract. + diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.net461.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.net461.txt index 193c1d32ef..84f0aaed02 100644 --- a/Tools/apiCompat/baseline/ApiCompatBaseline.net461.txt +++ b/Tools/apiCompat/baseline/ApiCompatBaseline.net461.txt @@ -5,4 +5,6 @@ MembersMustExist : Member 'Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenI MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.JsonWebKeySet..ctor(System.String, Newtonsoft.Json.JsonSerializerSettings)' does not exist in the implementation but it does exist in the contract. TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract. MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract. -TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. \ No newline at end of file +TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. +MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract. + diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard1.4.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard1.4.txt index 6fb183456e..54c35073a5 100644 --- a/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard1.4.txt +++ b/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard1.4.txt @@ -5,4 +5,6 @@ MembersMustExist : Member 'Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenI MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.JsonWebKeySet..ctor(System.String, Newtonsoft.Json.JsonSerializerSettings)' does not exist in the implementation but it does exist in the contract. TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract. MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract. -TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. \ No newline at end of file +TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. +MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract. + diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard2.0.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard2.0.txt index 48f12cbc90..23e4892dd7 100644 --- a/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard2.0.txt +++ b/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard2.0.txt @@ -7,4 +7,6 @@ MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.JsonWebKeySet..ctor(Sy TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy' does not exist in the implementation but it does exist in the contract. TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract. MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract. -TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. \ No newline at end of file +TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract. +MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract. + diff --git a/build/commonTest.props b/build/commonTest.props index 5c7dcb76f1..39a17144f9 100644 --- a/build/commonTest.props +++ b/build/commonTest.props @@ -22,7 +22,11 @@ $(DefineConstants);NET_CORE - + + $(DefineConstants);NET_CORE;NET_CORE_3_0 + + + diff --git a/build/targets.props b/build/targets.props index 46fbbf0f2e..1bb4d170ef 100644 --- a/build/targets.props +++ b/build/targets.props @@ -1,6 +1,6 @@ - net45;net461;netstandard2.0 + net45;net461;netstandard2.0;netstandard2.1 netstandard2.0 diff --git a/build/targetsTest.props b/build/targetsTest.props index 7d42b4333a..7d8d215101 100644 --- a/build/targetsTest.props +++ b/build/targetsTest.props @@ -1,6 +1,6 @@ - net452;net461;netcoreapp2.2 - netcoreapp2.2 + net452;net461;netcoreapp2.2;netcoreapp3.0 + netcoreapp2.2;netcoreapp3.0 diff --git a/prototypes/AsyncTokenSample/common/KeyingMaterial.cs b/prototypes/AsyncTokenSample/common/KeyingMaterial.cs new file mode 100644 index 0000000000..68e48e6116 --- /dev/null +++ b/prototypes/AsyncTokenSample/common/KeyingMaterial.cs @@ -0,0 +1,898 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using Microsoft.IdentityModel.Tokens; +using System; +using System.Security.Cryptography; +using System.Security.Cryptography.X509Certificates; + +namespace AsyncCommon +{ + static public class KeyingMaterial + { + public static string AADJWKS { get => @"{""keys"":[{""kty"":""RSA"",""use"":""sig"",""kid"":""a3QN0BZS7s4nN-BdrjbF0Y_LdMM"",""x5t"":""a3QN0BZS7s4nN-BdrjbF0Y_LdMM"",""n"":""wESLNTU4mazfVL-vLuJq_8ggJhW1DYxE-EeFiSccia1TTeyBWTVfG5vgYPtHXmL1RYgZvNhIYppS0ZT2U_nnCt8ukONCMSBpeLh8TqZxkHBr2pzbaKzbcHpHrsoxxXLHINZ6L4g_ewqYJwxfshuyD65tlSm8obFdnbtiCoVM-oJPbOcPsrzVgp_L5JWDe5bp6lbXXjJnMKVNCVqum1i4Taa6PGNm3HtlSXBz0CFWLwJ6IvAY7XDNOal3-5y2md6vqhzffmu90mKQ2ZzVwUoIr7aKt7DVuBQke434skDTLmJVcq-iOIpnYiLtApefX1KyDUWgnfHY1YDTrBzQKeu4uw"",""e"":""AQAB"",""x5c"":[""MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD""]},{""kty"":""RSA"",""use"":""sig"",""kid"":""2S4SCVGs8Sg9LS6AqLIq6DpW-g8"",""x5t"":""2S4SCVGs8Sg9LS6AqLIq6DpW-g8"",""n"":""oZ-QQrNuB4ei9ATYrT61ebPtvwwYWnsrTpp4ISSp6niZYb92XM0oUTNgqd_C1vGN8J-y9wCbaJWkpBf46CjdZehrqczPhzhHau8WcRXocSB1u_tuZhv1ooAZ4bAcy79UkeLiG60HkuTNJJC8CfaTp1R97szBhuk0Vz5yt4r5SpfewIlBCnZUYwkDS172H9WapQu-3P2Qjh0l-JLyCkdrhvizZUk0atq5_AIDKRU-A0pRGc-EZhUL0LqUMz6c6M2s_4GnQaScv44A5iZUDD15B6e8Apb2yARohkWmOnmRcTVfes8EkfxjzZEzm3cNkvP0ogILyISHKlkzy2OmlU6iXw"",""e"":""AQAB"",""x5c"":[""MIIDKDCCAhCgAwIBAgIQBHJvVNxP1oZO4HYKh+rypDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMTYxMTE2MDgwMDAwWhcNMTgxMTE2MDgwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChn5BCs24Hh6L0BNitPrV5s+2/DBhaeytOmnghJKnqeJlhv3ZczShRM2Cp38LW8Y3wn7L3AJtolaSkF/joKN1l6GupzM+HOEdq7xZxFehxIHW7+25mG/WigBnhsBzLv1SR4uIbrQeS5M0kkLwJ9pOnVH3uzMGG6TRXPnK3ivlKl97AiUEKdlRjCQNLXvYf1ZqlC77c/ZCOHSX4kvIKR2uG+LNlSTRq2rn8AgMpFT4DSlEZz4RmFQvQupQzPpzozaz/gadBpJy/jgDmJlQMPXkHp7wClvbIBGiGRaY6eZFxNV96zwSR/GPNkTObdw2S8/SiAgvIhIcqWTPLY6aVTqJfAgMBAAGjWDBWMFQGA1UdAQRNMEuAEDUj0BrjP0RTbmoRPTRMY3WhJTAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXOCEARyb1TcT9aGTuB2Cofq8qQwDQYJKoZIhvcNAQELBQADggEBAGnLhDHVz2gLDiu9L34V3ro/6xZDiSWhGyHcGqky7UlzQH3pT5so8iF5P0WzYqVtogPsyC2LPJYSTt2vmQugD4xlu/wbvMFLcV0hmNoTKCF1QTVtEQiAiy0Aq+eoF7Al5fV1S3Sune0uQHimuUFHCmUuF190MLcHcdWnPAmzIc8fv7quRUUsExXmxSX2ktUYQXzqFyIOSnDCuWFm6tpfK5JXS8fW5bpqTlrysXXz/OW/8NFGq/alfjrya4ojrOYLpunGriEtNPwK7hxj1AlCYEWaRHRXaUIW1ByoSff/6Y6+ZhXPUe0cDlNRt/qIz5aflwO7+W8baTS4O8m/icu7ItE=""]}]}"; } + public static JsonWebKeySet AADJsonWebKeySet { get => new JsonWebKeySet(AADJWKS); } + public static string AADCertData { get => "MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD"; } + public static X509Certificate2 AADSigningCert { get => new X509Certificate2(Convert.FromBase64String(AADCertData)); } + + // .../Certs/SelfSigned1024_SHA256.pfx + // password: SelfSigned1024_SHA256 + public static string SelfSigned1024_SHA256 = @"MIIHBwIBAzCCBscGCSqGSIb3DQEHAaCCBrgEgga0MIIGsDCCA7kGCSqGSIb3DQEHAaCCA6oEggOmMIIDojCCA54GCyqGSIb3DQEMCgECoIICrjCCAqowHAYKKoZIhvcNAQwBAzAOBAiX6QpBO4EGpAICB9AEggKIVVwwasu5VeKCiUPjNbpGaj4r//RbNOUcGhZLlZICCxEwT4S7SvrNIEtw4vP3w2NfEcBaQtL6uu+eSF+xPp8eaVIVaEsysAMpmg3kP2Jt8xT6bTNvaR/5FjKvD/vSAsjDSdm3F3cugjBAq4xw/SdjO0gH8xOtx0vhYvD5ga0SN2JKkFW1xydw0b/pf7qD8t297OSLC+vaCwG4HCPj3t4XzV4SgFp0kWqJ0geAfddwC0EPCgpWEp2y+0Eh29xUVeRn8NHl4bdjv0OyLEyID94j6WQPr1ObmhMu1the7Rt3geWMdqzHQ6QWjCMVElUOGs8lXZU3Riz8AGM8QIuE4jqk20kBe2R59DUHdy7eYRnTHKsUcxjvHbq/jG7M9GB/m6eGk/smToupQEMYqzftydzICI2VAgcUB8YEf6M4ZjQxvjpn1rkTyMj8TcqyhA1fNcWxPAxbLMQEyFt25BvDyUaR0DlRiQN7GVOpXR1WEI25jIYrSFcnm830iyUKLwTxncRH57r+I7uwL65x0ZttvhFqaDAXofZKMw7uB8vy05hc/GvDVF6CVMr19fRCsjSgMH57dwzJTi6UZ6YVLu7ubigo2YM264Shq3aOno6BTgalhh1kkdl8EtPbHI4unvMg4v55B3lQVjL4o5H6vditvDFSyNoM0HazmiyzMrFzkEkj3zy1Es2b/alY5RuJceb8uyZxUhpigrg/B7ZwNIQTc+ZBEZDFWFgf18SjxQfMHq6JItwK9k65RpuC205T8cqwyZy6iY8j85Tt90Hw7OUaCbs/pznKcckktpnDW3Ca7bCstb8nWRFj403za34RREn7WL2ezvJqDt0tanCKVX/zrdjE1x4ADF/MkoTUMYHcMA0GCSsGAQQBgjcRAjEAMBMGCSqGSIb3DQEJFTEGBAQBAAAAMFcGCSqGSIb3DQEJFDFKHkgANwA1ADUAMQBlADAAMgBmAC0AYwBmADIAMQAtADQAOQBmADUALQA5AGUANgA4AC0AYgAzADIAZQBjAGYAYgBjADkAMABmADMwXQYJKwYBBAGCNxEBMVAeTgBNAGkAYwByAG8AcwBvAGYAdAAgAFMAdAByAG8AbgBnACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcjCCAu8GCSqGSIb3DQEHBqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIlEr6OswpVr0CAgfQgIICqJd2Kcz+gOZRXE3j/8XbPBPJq3VKzsLRnCbvOhXLFwqiJAXzQjRpfAebtYhn9FuswQjMDQfYdim2Lg3rYb6VDjt61YDcPc2KTW4LkmPhFaKPMPtCDko3zflcnVODrt4A3/7Ku03WjFQs15n4SHA/rDtv725TwHx3isuUmky/cYfPscgiKv2AI2DLwe9D2BCJuAp4ZmTJ8o8i+XDix7ox8KXngWguIs1B4nomr62uio3u3OKJn0gUlVg2BgIzb4SSgddhCwxyWPF2oAW+pxI51o6QORwRI2yWNGcgnXojmsVG0urZ5pez2l3BE7w5qqT6QQSfktkmRQwi1ofHOIFLB1jhmxo8ANvXDEtB8YOixZ6XZURKyoZz9nqm+JPCBbHGLd62QFTUu+w8xz1eKvM2tAjj2GL9sK0JaZbUke9ijKhyINnB6pfYsmE3ja1VQ4epPRif8fZz8OKqLy+j0D94Opxq9FQgu1+qa5gvSzQ8skBPfeAlfoYlbEd/9QmIpFc5HHYn1puMz+pp46ilBal77FdKTunCRXQPFpfvUJYweJ4mTCJeHDktZb7xj8dl+lHZl5KJWRNEusasSRwzeNW4vZo466zSTUX8gSuU0OJsPo8q7znwKyVYh2dh813IQDd/1aFTKjPzjU5Wt7t5a2GwTr1wkMH4BP7UPlsryi0pv/EOLIEuMBBNDRDpAGEzkwCD/AECwv49SzFz3oGt3pzMReRB+NuRoIpJ6mw6aLmgJ9UoYAmMSRUL5VDTlLt2xP+ex3CRIpTa0NXhSYBPa37yTNP3ID7PWqXpECoY5w+QlYLTr+BMpp0L1F1D74punzjZc2pFnOgH+TPsTrVtrkWsk1iA+RHQ/AlC2JLnR+FVJSzktyrVC34j70cMYSqY4ev5A+fs2zgGp/4cMDcwHzAHBgUrDgMCGgQUUG+ZhmoN/MaNkyP3EWNX81zZoQQEFAuZPgiZ8hZN0m3+o4CLhQk4Uu6R"; + public static string SelfSigned1024_SHA256_Public = "MIICWTCCAcKgAwIBAgIQPq8RWqoOL51G/qUxq7tBizANBgkqhkiG9w0BAQsFADA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAxADAAMgA0AF8AUwBIAEEAMgA1ADYwHhcNMTQxMjI2MTUyNzAwWhcNMzkxMjMxMjM1OTU5WjA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAxADAAMgA0AF8AUwBIAEEAMgA1ADYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMl0ubbO3e3FpeMN2/gjz0YElurF0UCT25777CmNfzpvxtuvziUxa/ALMxmz+sVLzKb6kMuLNagU12cYZS3ksgntqxz8R/VyZO33hysNAMeMcdeOMhMm6ubTXEqqdHAb4TUPhme6o7Bvpcx3yPlxECoy6XE5A0VlYBgWzqMJN6F5AgMBAAGjajBoMGYGA1UdAQRfMF2AEKiIeaB2ShCC/Mrhyxg2Lf+hNzA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAxADAAMgA0AF8AUwBIAEEAMgA1ADaCED6vEVqqDi+dRv6lMau7QYswDQYJKoZIhvcNAQELBQADgYEAaqChtfN/l6xTcMItwFG9jhDPuWeLDXAplM0vSwbia1fIaAXdcFRSaH+5QwqoQSDROcfiWRbPNWhFXfzOj7FEBmtbGifiqDvHislRHYrqnz9FRKiay0KYn0tJ2RUsTlKxZNz0WVu9M05wJjYH4TB04ad5FhgxJZ2h/y1X+An4a/o="; + public static X509Certificate2 CertSelfSigned1024_SHA256 = new X509Certificate2(Convert.FromBase64String(SelfSigned1024_SHA256), "SelfSigned1024_SHA256", X509KeyStorageFlags.PersistKeySet); + public static X509SecurityKey X509SecurityKeySelfSigned1024_SHA256 = new X509SecurityKey(CertSelfSigned1024_SHA256); + public static X509Certificate2 CertSelfSigned1024_SHA256_Public = new X509Certificate2(Convert.FromBase64String(SelfSigned1024_SHA256_Public), "SelfSigned1024_SHA256"); + public static X509SecurityKey X509SecurityKeySelfSigned1024_SHA256_Public = new X509SecurityKey(CertSelfSigned1024_SHA256); + + // .../Certs/SelfSigned2048_SHA256.pfx + // password: SelfSigned2048_SHA256 + public static string SelfSigned2048_SHA256 = @"MIIKYwIBAzCCCiMGCSqGSIb3DQEHAaCCChQEggoQMIIKDDCCBg0GCSqGSIb3DQEHAaCCBf4EggX6MIIF9jCCBfIGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAhxE338m1L6/AICB9AEggTYMrXEnAoqfJTuvlpJieTu8LlJLL74PWG3GJmm+Rv45yMFjm332rVZKdLEOFmigUGGMfjk7uFBBLSpm3L/73g2LdNBFhMFnmdWlw0Nzs/Q4pxmHN+b9YPWv8KpiFc/CIUl30Nqf7NHk1CdM026iuY/eJlIO6eM8jWz/NP4pK+kZav5kvQIrZ6n1XYstw7Fw8Ils4pCGUsiFwNGFuSVLCRwxHqvEUgVmV3npUbCwKATSRNcs23LGHo4oZO1sj4u7cT66ke5Va/cGLrIPz4d+VelRkrPCcbgFi4bo24aA9b8dayMV7olDF+hbHTH9pYfPV5xUejsfGeX4BM7cH6Kp7jKKXJQq9MD26uEsrK9Bt4eoO1n4fK59+u0qSI7329ExsPA76uL9E5Xd+aDUpOUyJRCtnjY/Nz9IO/6zR5wdL72ux8dEzJAYqRgpmwIgyaXE7CYqmc9VHE65zddcpOFicVIafXfftAmWAPuyvVxkij04uAlSH2x0z+YbHG3gSl8KXpzfRmLeTgI1FxX6JyIV5OV8sxmvd99pjnosT7Y4mtNooDhx3wZVuPSPb7RjIqFuWibEyFLeWbCZ418GNuTS1CjpVG9M+i1n3P4WACchPkiSSYD5U9bi/UiFIM2yrAzPHpfuaXshhorbut3n/WBXLHbW/RAqOWMeAHHiJNtyq2okTM6pqp09HGjc3TbDVzyiA5EgfEdMPdXMNDZP7/uVFk+HQAm35Mrz+enMHjnLh4d8fy2yRuMs1CTLrQrS3Xh1ZbUn6EJ5EaZCMjoGd4siBIOuQvrxRwYfpnRB+OYMetkpUtMFCceMTS809zAS+rXxZ9Nfnk1q5c73+f0p9UZTLzajwNhPMhtQL1xYA2tVobVA+6hSxb7bgiH7+2qhoTBkmwzEkfXg7ALL2erBWHJJn5Hr8e4C3OdDFo/qCfA1E9IK3qIyLTzbhQnNRD+6KKTPP2ynGCJz2oIn6gmh29jKLwZc69FHMHdikevk58EXzKmHK9sy6YAFXQ4pBRKpaNwiQiNbUJsO/WYQ9CSoKRQjBOs7l1UbB2roYRXuUyZ+pLjOXnzaHOjF4nrNL8PP6XnCfJUXfmpQpaY/Q0zT4R1Zw+lXjfKoVd5JFPoWjoHGNQyFnvlyyUldB3jHQptbtUjV4fkeKXPhqcjn3QMSwN9nbwqiig88fiItVJFmDHemywfyiEtsDwc5yann0vNquegT/W9G0dq/7+z3e8V9e8040RpdepKiHH4o9cmyIT8gUNkXkJXsN9ZNaekUCGuhTqpzM2K3+zW1K7lTLq9/w3malhfIYw0mdHx2bz6nkyf6XezCQt7Fwc263r+YbAV16hjJJaTZcIqggoe5Al8B48mcCmGwNBF+Le/4/yoArzxlLbbljG3xIODJa+Vh01lWqK09mRbNpUjUtHswLuve48vabA2aZZmoxlsN3e7wLywrZ+Tvg4zg8R2ZzjjCXHkBI7qtZZZxMe+x2w3NbTnN54Gk1U/Pg3nVj242qCWR43A1Cp6QRrhi2fsVoNZCuHSUkykhH6q3Y/06OdgVyCyboXh0XnttlLbNLp3Wd8E0Hzr0WEm/Tdv1VDNu5R3S73VX1WIJ6z3jyTvm9JkzJFAxrk0mwAzBOSS34eYRQnhWFCT8tqHWIAzHyH+YJ9RmTGB4DANBgkrBgEEAYI3EQIxADATBgkqhkiG9w0BCRUxBgQEAQAAADBbBgkqhkiG9w0BCRQxTh5MAHsANwBBADIAMABDAEMAOQAzAC0AOABFAEEAMQAtADQAQQA2ADYALQA4AEEAMwA4AC0AQQA2ADAAQwAyADUANAA2ADEANwA3ADAAfTBdBgkrBgEEAYI3EQExUB5OAE0AaQBjAHIAbwBzAG8AZgB0ACAAUwB0AHIAbwBuAGcAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByMIID9wYJKoZIhvcNAQcGoIID6DCCA+QCAQAwggPdBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBBjAOBAhbuVGIv2XFPQICB9CAggOwUo/TgmdO5qDdDqOguXP1p5/tdAu8BlOnMbLQCB4NJ+VU3cnmzYAJ64TlkLqXGCww+z6aKVqtEODud5KMwVuUkX1Eu9Q+kLpMF1y6chkCVmfmMOzU0PsfMWghYSp4FEtWuYNzVQ869qrMCpVDoX8jUroUVkX3BV8sVUV7ufFYdFbwo++c/yCtrHxw4/oagjkXZXV9QBns+fLraJU/mO7isZJwHjscAZhckTdHGEr7hOqD/sHLPXYAgYCmkplH6aSNdyc6VmFXxmpKYFwlGnSA+xlJNcwrfyrljg5iUjpFMCcUuuOhjDCkIgTYsyT48uOgkoBLQzuQ8Oua3tpG1DQ6x2HJSHhQaILpNMZ6nWUrt9YRjdJHdCtdZGN/FPrASd8Vi68XIHu4dAy9zXKSL7GxsBCXXTE/XYca0v3rOnpvye1yt3zxssKPoMlgSUxsoUj9Moqyt+bjYJqV8tJwGt1xpB3k+QgpkmJnMY2i18r9sm59q2t+mWFfFwq/bIozNbzPBNzqq1q4fl80/7qEX046+KybgjaUrIAPiBYsTlAGNMfUAPuO/vb/FTq5Pk9SXepEqc+NkXrkOGzskOALefD9+DWDOy4j1loCvIXjLb1B9e4C5AIqzU4Sxq9YaDgVIVSK9GoVriaq8WQUSBktPruQD1rgPiHr94LZ0RgEBAReO9x3ljCXon6/sJEFUR024zbmEKol+HuY7HMPRzY5113nodOMYsYMFK5G+g4x5WtANN/qnoV16laBqJvQJ0iCj3LH8j0ljCPEMFUl87/Yp1I6SYrD9CycVNo3GuXdNFxKlKCUlf5CVjPWEhfM1vEvUSqwQuPEJ8gj9zK2pK9RpCV3E3Jo+47uNKYQQlh/fJd5ONAkpMchs303ojw7wppwQPqXavaHWX3emiZmR/fMHpVH812p8pZDdKTMmlk2gHjN7ysY3eBkWQTRTNgbrR2cJ+NIZjU85RA7/5Nu8630y1zBEe24RShio7yQjFawF1sdzySyWAl+qOMm7/x488qpfMQet7BzSuFPXqt3HCcH2vH2h2QFLgSA6/6Wx5XVeSQJ0R0rmS0cqAKlh9kqsX2EriG/dz2BxXv3XRymN2vMC9UOWWwwaxRh6DJv/UTHLL+4p6rLDC1GXZ/O4TVqKxNe9ShpzJx2JGwBl5VW4Rqo4UNTZTMn/L6xpfcdtVjpV+u5dD6QGBL57duQg9zqlJgMRbm/zjbC80fMjHpjbEUkf9qkl3mqEFp/vtrFiMCH4wH7bKswNzAfMAcGBSsOAwIaBBTjZISkPzPwKqSDK4fPHZMa83IUXgQUt9xlRgPPpTLoO5CUzqtQAjPN124="; + public static string SelfSigned2048_SHA256_Public = @"MIIDXjCCAkagAwIBAgIQY9+BvEWchJpAX/tDKzHwFDANBgkqhkiG9w0BAQsFADA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMgA1ADYwHhcNMTQxMjI2MTUyNzM2WhcNMzkxMjMxMjM1OTU5WjA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMgA1ADYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWE7VB3zRniE3CsYLy9sCLAdFB7AsGKMkZsJxiwKD1uv+OKshPN9Epm7ZJQWjm6YGeQYKGQUaNs5Z1NaapKLaT52jqcTLRbOC5g331GkXTPICkjDHsR+NPyd7J4O4Hl2ls8q1+mcYhHSJOoamWOGZqtpCfpqqOhHhG75Rn282kA90Ybc6xY+rTgBIYgSt+/l3/muI3XTU6wghifYwZfID1IngBEb+MD346QgpiJcWObL+WIXPGpLNmDjwJZ8IlXvgO5JPSz1wxCyb8EJHUp4hQUc778RtKB82UXbckhL3eW49v1jpuJoqeNm924vlMX3IYAwYDBF93K6F8yu2otpwvAgMBAAGjajBoMGYGA1UdAQRfMF2AEM2V/dQqCNOhP9VPwFcAubuhNzA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMgA1ADaCEGPfgbxFnISaQF/7Qysx8BQwDQYJKoZIhvcNAQELBQADggEBAKSksE7/5TOc5ngnD54poNnaPWrw4kolFzqYdw1/s/evScT4tgFYR1FrmPB50KYoZ0c8FzDY7PK4SkB7x7xFbjPYZwcEzeHqZ+WsHO3UxI2nU94CUsBmNR09CMMIwt/1A1yfzSNTJE452YtycdLVJUC6NBR30Di5YOFWPwIEO5XE0J7Os1xuhZc6AEKy2STp0I3FL27gHu3R+3Xhqru6fQIOw52Pcp1axXsuE9cQ/HKyeNTvM02FZmjlx/Vy3lC5I/2xiUJrhqzczOMRRB8clpsAp2uNWfrzJ0aLCprQO62pN9L/51PWbSMsNfnfuUo4eZHv2noQ3mGzJPXyK43Omn0="; + public static X509Certificate2 CertSelfSigned2048_SHA256 = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA256), "SelfSigned2048_SHA256", X509KeyStorageFlags.PersistKeySet); + public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA256 = new X509SecurityKey(CertSelfSigned2048_SHA256); + public static X509Certificate2 CertSelfSigned2048_SHA256_Public = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA256_Public), "SelfSigned2048_SHA256"); + public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA256_Public = new X509SecurityKey(CertSelfSigned2048_SHA256_Public); + + // .../Certs/SelfSigned2048_SHA384.pfx + // password: SelfSigned2048_SHA384 + public static string SelfSigned2048_SHA384 = @"MIIKVwIBAzCCChcGCSqGSIb3DQEHAaCCCggEggoEMIIKADCCBgEGCSqGSIb3DQEHAaCCBfIEggXuMIIF6jCCBeYGCyqGSIb3DQEMCgECoIIE9jCCBPIwHAYKKoZIhvcNAQwBAzAOBAimOH6XHIwwJgICB9AEggTQO7zeX7cwUppTcNJb/h85952ZPTI5nmlnTZ9AcPrmdoL7qldCZf0Vbs7J09Jk0erO5b3p21EZJdVZlTvvkdOd+OKYgFlzxgu934iNC1YL9mVp4Nb7Gd9H/kcBkwpzxB7fjx4hZtuAENA6mau9ZyNfdIJ6EoiG3KE2nC0fpKGFGiEngchmb88YPEU4g8RTPo+dl+P4WeNn5Fk7unIrn4ehtpGlqgu99cePRr1tk22gekDsEf4tD0ongqH54XJwOX+RkuCAWm+Z7s1TmAt2gf8kOyQV8gn+ydLdrHc4/TaWCHa6tshvoclaY468BRYUEnPxSmY0owHzhPPt6qfuIgsjT8ZJ0xyPW5BEDq0bM8xKq1/WWx0GE0fWFNfozU+5a17UCjmqBxltivVqXSQ4LXS+os1ryGFSODXjQmR2DnZAbPBSrZI+DHKdz53E/xjEjzov+vwxC9B5N/VOoG04Qcb9cvsilKDCuQTLF4kyUUWnXUntwL+DKppjEw3rOsumqPXkJbiAukOiVaQPxx5nLLDBqNHwumfxywXPfD+mv7Ki4+iJ3lN3oCSecQBrcr9PfnFV3f5X1fP2hg0JI2tdhKrShxBUtC3N/vBdX4fYOjANEEQYMhD7pBSU9TEz0ReVkjI7I1WMJKtCFBgK0Bcu26HyL3vhoK7tYzuiolmAKbBTQiFv4puELFM8LBsNqX01kaW9pstONaM52GvBbucGN8MEYbpVGuBVqXj8QIXeGDc3AYbJXzvUORhxxY0UTtDVLs67zsWhSe4qnCugrOiUajNE9MUlE1Wz8Ejqgqa6W+SAwDvtKCVtq0bCdzNinKJM8+vMLYmqSndY79e6mXyR09kqb3Vwr+UTdn3Q74J21tnA6Jh3Kyq27TK/muIfCu43LBdItSds0ZzPwVIYpdOKn4a6eA6G6BalsXv6qZAK5bkpybBINkHHkHxe/aXYecz22XR+krLjsp0CIG1HyNjF591dSuFFUKlKR+09Fn0eQJ0c0VJZrFvwj50UK8eJW3oi0cc1rxIzj2tZFRHO7g/p4hwhM8zVgn2/q5za7vNdvnasLLpab1i24YIqUwzjC3ezE6b/Zo65RMsrDbtFZv0aMuRmumUmQ4iOBMdat6edQnHmQ+OVRGRPeyYacNt7xHbTN1YmNKLwmjC9q31SmCuBMfe19eOybuffeFFT5RV91f/+EmYhGkqppqxIY7AW8FtuD0bknYHqziyHPzoKTiIDkpmm6UXEHDSt996otvBASS35XHBLjH1cevgo88SxVdq2ZqtDKd4fJcSHeEzggyqanWX7miZ0/bkkfOOkf3I/Shvb8J0SoqROUPvEo5cixt9E/QhDNUIVuRMVkUUkK59kKs23JhD/mKZbMQoTe75pb2JpAH0eqIWmQ4RYUBBLZjz3p38cKq2o6MjRgxXtRDnclUj59P9QIsb83lygYUBP1JKVaH8wooFM7NmMdUT9UAYA9i4uhEaLsCU3CxzUuzRcldUX99974dOqchEYx+cqwnXcZTJr2V99qBOHGn2jGDB7KRAaaBcstPAroQWlcJEAABEA2YLojY4QfD4RAFIT6HZCpQv1jVJYgdA07flv64fWRr/pgZrewJhx3cfdYaFT8A/iyLaLMWuN6T6WMXHtaqnYmfUxgdwwDQYJKwYBBAGCNxECMQAwEwYJKoZIhvcNAQkVMQYEBAEAAAAwVwYJKoZIhvcNAQkUMUoeSABkAGIAMgA2AGEAOQAwAGIALQBhADUANABjAC0ANAA3AGIAZAAtAGEAZAAxADAALQAwADIAYQBhADAAMwAwAGQAZAAwADUAZDBdBgkrBgEEAYI3EQExUB5OAE0AaQBjAHIAbwBzAG8AZgB0ACAAUwB0AHIAbwBuAGcAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByMIID9wYJKoZIhvcNAQcGoIID6DCCA+QCAQAwggPdBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBBjAOBAiJsSkTo/Zj8QICB9CAggOwP05BzfDoMDJJ4aJEPzx23cyiO2YOP/poicVIwwi5MueDb9uQoS8LlYjInaku31aCx+3722cl5RLm1EwSC6UuMmqMYXEf7iED2bNCjP5MxCCbhZi/9sbHBD4rMqPF0fq6JRTlCWJ2utNHxDPh5T41kztUezR+l44IUkxjyRjOzu2XfG2/5c4rdotpCtZGez0NSuirCpDF8sNmwW8tiIUorj1Yjp/d3XYhdw/Yj+2cJiAkDWve1UMH3Wg8NFsANm7EWAwh7tp4i0nJhtWy7Ml1VBdsstpKGIJVZKGdfZTGESO11aZkeR8qLQb8QM73woANVP073GunpC43vn/CFjdyKNIlJgXHHyYNNJ3uGyBZgRBhPXBktz32pzvWHQ5xtBnVqi+ZOR5XVb5nGQ2b7F6GDuBXqWz3Bdw5Pp7JHjDpp26QUQyxiAPRGuyN20panWiiXHuObu617JLQDUKciqtTjlPmd836H7CTofMWzGi4btUjmchnjd+s3Eg/hRa8Lqej49dQoK2dMMAzKa/wrQ1yNREQqVvjs8nXUlCRsREz79fok+P6NUxQkMOfMPOsRvjhgvRHhfIZ5h3bRlKT6yRfwzQdF6KaiChdZOjKAz8DOjk3v4digcNGpvn+a/lqF5TsizjoP/9ZEI5//1kNm3Fi2Ai3YmLpu2IEI3DiWca45kULLfUkIu3Uep7HUED+kGTPfNYzJFhmPCgGQjRrMj9iNziMG0eJ8nY3uIqYRQnNYE3W9ho1ch1sgKVVXsWggHuzx0a05IIMCnQFDMJo7SK1Kzg8fQJxqmt3I9PaONEgbMUEYojVHMKWXF4Bh3dt7lZGPIovIgO2qogXVB10gNuyO+VFZBvrfFmnAwqXs2Un3HYBoxDq6EE25IKibyIVuaGKNaZP2WlVl2PHKmN4PoeHKKHfcuIoMJivZy+HD97AC/3ww+NmXCBzfdejpmBETyacc1TmwVlPmgkIBtrrX0PBwF9g/egE7u4QV0f/wiQ4PpkkmYYG1E8+8twVa8/fgFXluE5F7/6f0Oe/X0JYcJgoB3lar/hUvQxww5yswy1Aes4w+YzO0tMhS+N4gJWAHpPnlunBOKafz9Zf2CbX/M+JPHXL11vILX4ZF59KKm80w/o4P7R07K5bEkfDitJIw2XGpV8TF7213rTSSo4xtZwsHVjG5/r25kYpA+xmGlWOSfLSAl83TUEs33xUrsrudNvk9PeMgvOF6YZqTUi5tsoYOVj87BqDM84rhOW0gecdLA0wNzAfMAcGBSsOAwIaBBSVpDdkQOc/Mg8FaDRq0NMdAIqdPgQUeCXwWCZpqd30w2f+ucNlOFAPkcg="; + public static string SelfSigned2048_SHA384_Public = "MIIDXjCCAkagAwIBAgIQmT68AQ3vPa9NmlShoEZVVjANBgkqhkiG9w0BAQwFADA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMwA4ADQwHhcNMTQxMjI2MTUyODExWhcNMzkxMjMxMjM1OTU5WjA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMwA4ADQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdtHnoaSiqQy+hBEmLnxgOy2euwvtpC0CHnzIJILsoyBdGELQ8cuPCTKT1JNBluphBtFF3oB3xoxRJWrAzNgvDqm09yS57rFXbV9jK9j8zP/QdEr9j4i1CckwNVY4PNCerF3bDpRDD00IHD+NObLLcaadFBjlzMxRjqd4D8ko8Jxl0g+gO15QwlXNQW83H058Qcd20chiifr1nILcJKEdV25fhfPIqvQny39zaydEDMnfAGo7Puj6ODjYbjZ50U8mUhtYdVtye8tP7g2C8lhwUT4N2B+sJCbInApT3ONTa9clPT23Fif/2JsNMRISt5bnDJpBCtP29l0i2Z7+5PUnfAgMBAAGjajBoMGYGA1UdAQRfMF2AEGd1geu132c0YEEInmdrMdehNzA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMwA4ADSCEJk+vAEN7z2vTZpUoaBGVVYwDQYJKoZIhvcNAQEMBQADggEBAGrxk6od8vgHb/tRoFgGcGfubMlZMRvH2Ly+4cdLpgIYKqvEWTnze0KVrd/y7qyoJc3pbAqs3XRrhAFiB6NACP5PeOFV+WvA2PF45qSO7kXwACXlYqvHQcnEo33BWfLiBpKY2zXUZzUOyZAOpNYM8SDLNH4wj0PH8F4pU18i6Q/E2t5cVUR11PpHCpKoUlMNClx8sCW4/Pamvn3BQw+NyrMpCz9NmeY5k46h8smPB2Z8hflLUc9zcJ8fv+dvun87bLa0S8Y3pM/gMrbVswsfkQ4uZY6iAKN4hGQw+SLb8KG8vYRGI726S8h99el0kRJBLZv7JD6oBbUI+92s2KN7I7A="; + public static X509Certificate2 CertSelfSigned2048_SHA384 = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA384), "SelfSigned2048_SHA384", X509KeyStorageFlags.PersistKeySet); + public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA384 = new X509SecurityKey(CertSelfSigned2048_SHA384); + public static X509Certificate2 CertSelfSigned2048_SHA384_Public = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA384_Public), "SelfSigned2048_SHA384"); + public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA384_Public = new X509SecurityKey(CertSelfSigned2048_SHA384); + + // .../Certs/SelfSigned2048_SHA512.pfx + // password: SelfSigned2048_SHA512 + public static string SelfSigned2048_SHA512 = @"MIIKXwIBAzCCCh8GCSqGSIb3DQEHAaCCChAEggoMMIIKCDCCBgkGCSqGSIb3DQEHAaCCBfoEggX2MIIF8jCCBe4GCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAj5j6Q6YCZ3pgICB9AEggTYMipPiUmsOaVV/nfJ8XtkdY3OcLyfMBYVPxur3NuPre10EZq3NkxsxbigO/kPcKJPEjZ/ekb7/h6jEPQRFNXTHVpJCxcc3JdPl0PniitQGUgFIPCgtL60GG0XjcDQPPkOwPOicYIysNu7WO3maQ3FTuht6gO0VQKKTZTBjysmWO1QrKts66vKMAFZ7zlJcBa8kk8BNkAgzRYfwaZHEOhmTi3clR5FdgZbbhlJfHDNOCVOqbHDWJ6rr5PW5brJpIKhinbfIrfya+osqM8EGcIrt3TdC4/aIte/ALigcc4+zXdwcAYTzNIm4mLLKsbm/bAR5twubXmo9qbtgO2lD23uPJ8Rf5K7JSwjbgxCWSjzWoLyTBYdTQBGtlbux2K4M7iqlf+SWGkjexlgMZLFXPljroRyXq/qdj/zGeIln0Ec0WS2Mdq5a8uzxCIqaOH1GMw61YjJbUlRtA0ZguG7oLuI8cDDuIKhxBpgbyXG9hkyPAsNlPQLqPvl8H40DQVqlw8B2QS9Q0Io8WexE6YnhuutPS14tn7a6UbUqNI8MUzjYX6lKG5R8pmUjdk8gMN2g9cY5JVEzLe+AtoYrpX+69+Z52uUFXRVvB5CltdFtpupX9ZZzoAO+9QPx3xSC6D0bbeCfTa8mJ8H4rDRYzDdMyObmBKevHFPsOUrUY6An0Vu6dBrgAG3z4EjFP83o2LJnQzRb+zbrF9w5Kc8qIDY/7HFcDD85YgMyn1IiQr3RqP6Puen/HQNvjXJxy2+M2etRkRLCIyRhJf/4gLm8YbKR+7kMWGy/BBjIZ/8pc0JNe71bpjwtT3ngQ+Zw7hoKoZ4DxfkowXfqAFoaPWx8hbVBpc2mrg2YYF4DE7JlQId72UXAOgUiQzyWZ5TepXrzbjude8FXAIhEJA/nz9jvSf0zWyHbMS0iHfsKsREnCu9u4RgX3tuQL3TyT6HOHNOpCFbHB9nBYgM4k1BkcJGaUGeCm2P1zxE4J/CQ41vw4J5w8oTccMzIYQZEXhHnGmd2x54B4nTWVGWlWb5hg0cqvapvgrACfNjHyV6SMQRBtrxlw5mVTtY3It+w3Xn64PVOt2A4cLSYyTWNQ5m9cdI8/QTmfNk7VEvAUFJ50B/SZYKKQi/Inbq014G8caB7amr6IFf8GphS1dgGOIc8qnSSmSK5c7xpcAGtafdPWl9mTK7ZWRG6ClsEHWo5YpViRtZdJkohk5EKajKeR0enwI3v7oyGqkOfKEk0BlDc3zhCpOSspbBr08SRxUzGtGmMOHmNAMWJ6ay8AEJ0gRyj6saJ1MIzjW70M4o/9x3kHo3BiWqVVaDtxpyOObJxx1ze26d/G/9HCuf3nuM8m9TikngHsQl+zT6Bvb08ChVRjAT6sDzbvB/FGiKyux7wX0wCqkTHmfYOqWeJyCHDndgFhpt3J+HX//OMunmkpEXBdq4afqL5h4nzqyIfwL5VtXN3kW5muvMLZjOkM1xQd1bZgO3iZzOPwXOvWITlcG5OTJWEjHE+bD7uq9FvjdiWrGx26Ym9oEqef8zdBddGHyFlZ1SCtg371LyvsUUkm0TVUGdOrm3Ii56g/FhU8vtsUtY1m19hZYAPkMBT2LfUwddL62sZqY3RMJOpa98BSfi2N+AJiiKOLLWOzeldsGBixYOBjGB3DANBgkrBgEEAYI3EQIxADATBgkqhkiG9w0BCRUxBgQEAQAAADBXBgkqhkiG9w0BCRQxSh5IADkANQA1AGUANgAyAGYANgAtADkAMQA1ADAALQA0AGMAMgBjAC0AOQAzAGIANwAtAGEAYwBjADMAOAA5ADIAOAAyADkAZgAxMF0GCSsGAQQBgjcRATFQHk4ATQBpAGMAcgBvAHMAbwBmAHQAIABTAHQAcgBvAG4AZwAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIwggP3BgkqhkiG9w0BBwagggPoMIID5AIBADCCA90GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECGY+WNOUhlCtAgIH0ICCA7DoQ3i+xoibf75j7DQek7tg7MrlhV2R9+urbPhMKyoUodhmNOT7HAwx21tBwTw7i81G+fPQ+1qJB0JcRvRryXqXo9n1PlWhT+5zDM+7e+3NBKhA+obJUCqNwtbO8le6wauodpphMPT6/btVi6ehAbhXCPl4Ul3nbzzquEOQA1ynpBjfCJdNc9FWGuDwyDEWuxu/TX0y17GJmBDCjzqEaE7yFV0RBjtRhlCNWHXdj72oxLOftG8ibO/4V2QuLls//9Y165gIgMkEnmJ723NI7Nems3CVuB1TvzAb2Pv6wd7bL6rsmujviWP0BzqjNP1+KMheJ5JiUYKEBE3xQlPNq+CaqaznIM2A9EBnJoTHOPsVqn+wlXfIwnERpq7+toJmSDlfwiexIWXZ6BSoU6BJDEU1NOGMwHOyv3+NwQonXgPbx7aU4z15tTj5R7bHyaNJR+5ad5ApCcESzISYCgx+lnllgdkOVN1IA8SVioUkkV7TpWMKi7KvB9tNp2+8zpcQQ5XDSUGUmVZP4ouLY+QUUMtFZ39cB2+jSF72ZlY7QWBTKwg1UWhZcLYYSIe5VdagxUauf1bYvKvPlCCIXfHrqzta0rH93HMryyKcPlIvpr3X2jr9BzDhbaCp/flqeDLJoH0SMNinMI1oq4Eh5HotVrq81mSRmaBE+fnr1gpVPKUNw4Yj/tG5TRgycSauB7gmYgetZwRxL1PrjA5R2ZuFBdq1JnOMwLDgqj0mroaK+r2XjVkK16AlbFjvaEBQtFB4n166ignG6s5T4OCcBnWa8PJJU8kFu2nLPGlJGPtiGYpXyfJjuMkCD/VCfSj5F1VD24Aw256IY6dCig2tNO/31CmW7+Q0ZlX/y15uuN+zQp7iZQvH3+cyhQkMap0r/7i0Wge+uFpRLQmsZba1pIksJ6fcD3cCyuyXdV2LflBsSCRBqohHgbrk9Pzcb/7t1C6oONLM7saAw6gosoxTPTKagZzb4guHVdKyNTVnKSI8FVDdP4C7MGp4kqPbaVEKvYXbvAnjpRqcWLQMLhqoxxeMoLRflcR3wabGuj3jbu5ANXfIuCkenSkfQYymqXF0d5mo3l4Ak0Wv/nAnx6t9wr5ZMI4+OpXgAHUCZ0kTs924hxRQglpi7i2lQUFrt/TAcp52DCPMst4YlhBP90JFXT/kEvUNLaKahqSKxLbrDHNgFZVVm5+foU0Cb9qKXxobTytIKMzqOUQ5JOERYnDvL2fgascWOfn9mkVuhfd+MpayBCQXrjA3MB8wBwYFKw4DAhoEFBNPLaPVF8m94SxtpthICain/6n7BBSIrBaNgWE4o5NiBKid9L1c9R1m8A=="; + public static string SelfSigned2048_SHA512_Public = "MIIDXjCCAkagAwIBAgIQzTfvf7ABYLxKOErOiooMIjANBgkqhkiG9w0BAQ0FADA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEANQAxADIwHhcNMTQxMjI2MTUyODMxWhcNMzkxMjMxMjM1OTU5WjA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEANQAxADIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzk2XIZKwGbblamSyJ3l+Co+SzCqSV4X7COoJM0R7UwgYT12hD30xhvDUpQrhuHc2ecF5SPggpG/Z63BXsIaqSMCcmzOoV9igFDqWzecbj5Mz/xSm/ZjJ7HXxiklSekWFG1q/8crd1HfdHjaCm+hMxpfXFSH+h3bSxv+2XBkT+Y35wUXnnw6Q/rE+ieW5+xn0MUvh1UkFCl7+ZDOhIzbXkzM/BKUAPxbJBjXeAr0Cum/IVFStavxi21Sgj1XoMuW6tlFX+eG6wUvmh4LjVTlIVdrV8bqxDIm/w/vCwlyvcQxERlP3TVlusUkc157pXKvhqNlPdEGG9kUumMVaziNxNAgMBAAGjajBoMGYGA1UdAQRfMF2AEMQYtKMfx+sbsi5bQ7l/LTShNzA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEANQAxADKCEM0373+wAWC8SjhKzoqKDCIwDQYJKoZIhvcNAQENBQADggEBAAvM9kCf8fpwiLYtEQK6ryHmg6MC5L2BNGsuRUOZNDkp+/LZF48tkfL6dTYslj3kPeEBGAA9ggIjDinTbPEveEpPUoZTllkMj9A9T963yhaLlsVAJDPbJw8XlHO+c01VjUtIjaVtIvJaCNoXF0S+TfbRDKceiEXYcDS+ySyssCi4x23nd2fylRvpiaOrFAMDXHF440vR/I18VEqKuPa/NWj/JbVdaXAmyjjtHi7GIcL6rQQFpbDDfrzKmNCc/SXLkNQ97ArngEkOzZhOmP2aZ7ZqdX/h3mRQ3wo91+WfVfFfbhKc4qTUQHr9rop2JeEhu8WaRwVoqz6PtXB6WtIX8hk="; + public static X509Certificate2 CertSelfSigned2048_SHA512 = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA512), "SelfSigned2048_SHA512", X509KeyStorageFlags.PersistKeySet); + public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA512 = new X509SecurityKey(CertSelfSigned2048_SHA512); + public static X509Certificate2 CertSelfSigned2048_SHA512_Public = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA512_Public), "SelfSigned2048_SHA512"); + public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA512_Public = new X509SecurityKey(CertSelfSigned2048_SHA512_Public); + public static SigningCredentials X509SigningCreds_SelfSigned2048_SHA512 = new SigningCredentials(X509SecurityKeySelfSigned2048_SHA512, SecurityAlgorithms.RsaSha512); + + // all asymmetric material has private key unless public is included in variable name + public const string CertPassword = "abcd"; + public const string X509Data_AAD_Public = @"MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng"; + public static X509Certificate2 Cert_AAD_Public = new X509Certificate2(Convert.FromBase64String(X509Data_AAD_Public)); + public static X509SecurityKey X509SecurityKey_AAD_Public = new X509SecurityKey(Cert_AAD_Public); + public static SigningCredentials X509SigningCreds_AAD_Public = new SigningCredentials(X509SecurityKey_AAD_Public, SecurityAlgorithms.RsaSha256Signature); + + public const string X509Data_LocalSts = @"MIIG/wIBAzCCBrsGCSqGSIb3DQEHAaCCBqwEggaoMIIGpDCCA8UGCSqGSIb3DQEHAaCCA7YEggOyMIIDrjCCA6oGCyqGSIb3DQEMCgECoIICtjCCArIwHAYKKoZIhvcNAQwBAzAOBAgxJ3VQ0iw/xwICB9AEggKQpGXp1k8GPfQoWaPJ0laxuR3wjejEWhAIHFOeeYiV4d0LJJ1rl1QwlnaArY7hDbL2KxMuDXQpa4vRVAuze2uW/BfxXGK8mFkClDkLa90zYWl7Bgn+I1dq5ngGjefaZ1Jecm12aMDdm2KgCtDCZMypJroa53ixrfah7PoF39vFOP9EELugF/HbGHbJrqGQlJxHhL3A7TCTt2B6DwhsoNupqhYKjt0W6W3p8mLrNKjM7DDJehMSN+RJKXit6p/XnncRsaML0NHoz8Ubys9+2zWVEc3daUc1AQV5W01WDENxC9JerDnwLhwv+JW8d0Y6I02tHvZJnEHSSPQLyZ5xGAg0AlcEjcN6+AbPKbl7hRM3mKyvzBuInA5Dpr9D1dOaa+FrzoxF5TkaWjH2XKpbv0zL4bpSqPq23IgWT1Xgr9mqBojig5jKrHO9K3eGC/UxVcdIymbaovgNY2mAG64FmCTgKc0HFGkjY6q8TxgTzLSOQgdoZjL3FQN85urlpKLd4LVSoxJAy0lCTlJFsZGdv2XOoNwWUGkGllEWkAGQHvUGSkPCW9S3R8zMrb/7L0q35Npk+owVETCqsm/+uHwDrhKHhDmEDaLbdgC6G16oMsctmqPoARcW8+5RoD3pT6jnPYGZbukcOzVzGFjLO70umpTmk8aw/8Y2jY5TStnMqdOw21RuSTPepv36Vk7EG3fd3rmddtyY+tr5wmpJyXFJjgavKMR45TqOBXC+/I59xbO9H40BvTkvlwqs7v825xNDHVZaDnfULpeAixNrt2rr8puhqlSiY7bE5V3RATSZF/FMUliaZd2b+XYcwEdaoKcQ/QFPTQj3IXBNvwtx3lZniiGaVCDoR1v0yc+ViUVg2RtXibMxgeAwDQYJKwYBBAGCNxECMQAwEwYJKoZIhvcNAQkVMQYEBAEAAAAwWwYJKoZIhvcNAQkUMU4eTAB7ADEARQAxADYANQBCAEYAQQAtADUAMwA1AEIALQA0AEEAOABEAC0AOABEADkAMgAtADIANwAzAEEANQA1ADgAMQBCADIAQQBCAH0wXQYJKwYBBAGCNxEBMVAeTgBNAGkAYwByAG8AcwBvAGYAdAAgAFMAdAByAG8AbgBnACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcjCCAtcGCSqGSIb3DQEHBqCCAsgwggLEAgEAMIICvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIziGrBRDWdnQCAgfQgIICkIlezl4wsBhEcM0r4tXf3gpVSHQ242FsqqJGR6lGl97TIbC7lBHShbnpVqZLkHdem57rMtHMsQu0TEr18zU81E6rJ620734KWfc2cCXN9z6ec03TKimjrYpJLo8Aw+3nShJ/e9BeXstVMWuf1PU4NCrBIxcRUA4dNL5Z56u6uV8FmHztfBqzoTWkm0KpFrHILShWphKvhMLcwtp+XyC17WgbXNxvXn9dyarC9XuygGySKlJaapLRYKqR1PCIFz7X/mn0DO4P69nkJGEvEFORNKBYoGS2+rufxMniA1O/+58/FXHGf9HfhAvYuAThyZCyqRFvc4cfd03aYYVwbN+/+9e8ryXfqO9rCaEdc4HygVNhiChjoM8NMlZL5+R4L9tHr78uCPIzN0gyzL3wcWipmBNWYaG0bffbCyY4gILMvZGD1bEFpPL9wS+VRiLm3tmpLcrhJgCBGYgdkFL6WCWzHQy2tk4yqp+3nTm+8MjV2IafLquzICeqq3aplWkDlFU0IEVfPI8eMi62YsBhVpez4cn6tee3DyVoIYTFuX1qAVUs9JJFmbec12gO2UI2X/f2Iu/iTD655Kpshm3FiyanBrXlTJUGa6mUGbI3YP5Uwgxupyh1YH3uuhNFaejRQ4T1fS3n0MEN3Th27FaH7jDA7wNenfctvokIQv2h4Sa06vcwFkzMRp02GCC/kyD8+7fqkEFAQGdOv0Gt+a97qs9IAVUNN/wOIkAkQ8Yn6lloowps70oOATE8ht3Z5+mVJDXQe5w7kzUVHOxjWxS8rW8CosHshHbKzDdwNsx0syQ33C+vasdE5PeMktbglvHNEg2AzdnH5yoNkf77+R6fLNbX8xVJXKX/nGBYN+u+3+iTVH1NMDswHzAHBgUrDgMCGgQUiwmNMPt0QB2eI9Jb0gi6nqnmEOIEFNY15fRBiXJYAwaPVCRLqAaQYuDAAgIH0AAA"; + public static X509Certificate2 Cert_LocalSts = new X509Certificate2(Convert.FromBase64String(X509Data_LocalSts), CertPassword, X509KeyStorageFlags.MachineKeySet); + public static X509SecurityKey X509SecurityKey_LocalSts = new X509SecurityKey(Cert_LocalSts); + public static SigningCredentials X509SigningCreds_LocalSts = new SigningCredentials(X509SecurityKey_LocalSts, SecurityAlgorithms.RsaSha256Signature); + + // 1024 bit RSA + public const string X509Data_1024 = @"MIIG1AIBAzCCBpQGCSqGSIb3DQEHAaCCBoUEggaBMIIGfTCCA7YGCSqGSIb3DQEHAaCCA6cEggOjMIIDnzCCA5sGCyqGSIb3DQEMCgECoIICtjCCArIwHAYKKoZIhvcNAQwBAzAOBAgku/0+xvwIuQICB9AEggKQKj2X13Ln4Nxc3dvy+pr8VaN1GiUNk2O6Of6nT2dxbzH3eLpOudxrzjahD3bP46M+DhP66gw0495W1LVhkpZpvM7rQ0xkmfj6wMKYPCzPpCM2cwuyKWlKWYilkuZKicYtgxLRbaFG3zUQBjl2wiTEe0GCjltkHDQXDfhhRnlnYubVptPiiIFj1erGM9EOoPNSXwUiPqK6McWPE7UwK8f0pvpOncFrorWX607NbgGrgM2Uee9RPBDg7LNX0MV1McWVUBAOCaZiC30CxVuT4hSb4MFubTnwjvjQHcCadE83DBY1LvWZYwd586xSiOkLWlXtpG+96m7CWyJ+QVK/XUDUPn6PYWsMP0BqfAlgy0XWXiYc157FFl25PEaYHrMdqAMiOdDFfn1oKFnbTEaho00VqI30seqA6Yr9psp7G2fBe7bDKnwEe0fCcyzf31bnRjCWZ44reTX9fH3W0n1BFnbJ/64pXDfKSfH6lHWiUUAeiU76qhq40OaybiyodQ09F8rK7eHjmKAdz+6/jAO3h+I1okp22C+nks0T4ousKSTNlSadeMo+K0UxFO3GBgV7umnkdgOGGdh50FBdak/ujn5DR5hsag27NTPgm5ElMM3EE5r5+dsLCyv0cV+v4vZk6dCC+Bu7kfw8Es3iLurPP8rQHKo+pHZovBI3WB3XvT4phQkUdsU3bH7B5Csf1owPLIaHrb4jU+onEdUMaRzV412QCoEDXZhMCRpaB7cCRt/6YUncAytPjaSdhmRJihFPraxYGr+QcPb5gt4oTEe7znE1Cr/52BvNco3Q5CoumjcfH1sTICYI4boWYq+6KVQEhPmSMLaGq1Bh8ZQOLadENbfD7V2oK1CLwCBwcA001ZK8m9QxgdEwEwYJKoZIhvcNAQkVMQYEBAEAAAAwWwYJKoZIhvcNAQkUMU4eTAB7ADEAQQBDADIAMABEADgARAAtAEEARAA4ADMALQA0ADYAQwAyAC0AOQBGADgARgAtAEYARgA5ADIANgA3ADUARAA2ADcAQQA2AH0wXQYJKwYBBAGCNxEBMVAeTgBNAGkAYwByAG8AcwBvAGYAdAAgAFMAdAByAG8AbgBnACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcjCCAr8GCSqGSIb3DQEHBqCCArAwggKsAgEAMIICpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIKTLShXSwFbUCAgfQgIICeGtlT3KSaK3KeU9WooHDN853C3yE6EbsEM5bj/aoO0axyUxPLgpzRWf9U4D3tpNVE3oXRu4nZcEUL6cRk1sK0r77NKhMMjx/fUDEZtfMCk79ocuwH8VKFKmn+jcPGPNk8ChcOdyZtQLlt4G9e+ZwY4WLA20dhN4tzsNMgFIBknhF+p28PRIRFAt1DjkSJ+3vsJtRjqQ9Qu54rH+at7Qkbalg3052MCG/oKvzFIscKCmOcIM4sNrNzlbexQqSqBGIXaFGYIJVvu3RUs9LZH/rMaytwmMczWO858L95lw9nBLrsyOad4dq//DRG2bDjtVIS70iskrwiDhn7GsKubh+EbX9+Tc5FWea9qUtaX+O6Q9422dNzFXDwPNzsDbAzp5PB9TzzWMaYDkhfZgXpJ8IFYgNf6JxuoPjpP65+w3vcGrOvy1KZjMv82wNqoOqkkaKZ4kVtbPSRsfai54Mwy6S9etcSuG3IHIR530layLJDIwj3vErlmdQeyT8ViQ9g3WHrr0/TgFR/pN4Y9qGt6BCj7gom88aI5nocKyi9btfrGjLgM9YxLupUYUh7msDDXMPIfFCN5kgY5ntBQjH1ZfvEMtB44sYJCkeMojNDcexs+GB8tjeg8HGI6J0T4aMwqIyaZIr/+/QJ5QqMOqCC3hbLsuVj+GFEpWc1rT1nxW3L5GH2pMgotJD+CuSTUgKpEUeBFiDvpSnwYicto6Xe381kwhXbhjPktdOo410/roZMdm8bbiNVi2eZzXtgDc8JpzmcnRJbfEQJQ3eRUMjoNRmbqtdNtgkzOLMdH4I+KAEy1TutJuJw2oQ4PZ0IcWKBP3DJ9Zj4YwbloI8MDcwHzAHBgUrDgMCGgQU2EdATfKXox0hdIYBapLH2vR+ezoEFEnnlk54jkqT7wyahd8rSwT+vezP"; + public static X509Certificate2 Cert_1024 = new X509Certificate2(Convert.FromBase64String(X509Data_1024), CertPassword, X509KeyStorageFlags.MachineKeySet); + public static X509SecurityKey X509SecurityKey_1024 = new X509SecurityKey(Cert_1024); + public static SigningCredentials X509SigningCreds_1024_RsaSha2_Sha2 = new SigningCredentials(X509SecurityKey_1024, SecurityAlgorithms.RsaSha256Signature); + + // 2048 bit RSA + public const string DefaultX509Data_2048 = @"MIIKHAIBAzCCCdwGCSqGSIb3DQEHAaCCCc0EggnJMIIJxTCCBf4GCSqGSIb3DQEHAaCCBe8EggXrMIIF5zCCBeMGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAivxX2ENGkqRwICB9AEggTYFn22METHTeg0HaAP8Abvg7vjXbyVReMNsR0dBiY0waqF69lXGECwKMZL75biisgxx2y16ek2n/jIidyB/3pQwJLXr8DeIcRguiUi3edMaBel8fOOUbg4CpeHiLmEriKf/g1p1d7uLz5cGGpNKgAI5Xe9eYoisF06UnS+Sg9l4Z6FFs14YvkTRpn/QhllN0Oshy0TxaQtA6EylZPZ3QetvcS3Cl4BjXey0Q1vn6Cm7S1xP8HwBQ2uJRMzYeACFnDCwrASMxaNhIKhGJIfHwxzk/peuJix91wjCOPx6R1JTZRpSMKcyg8I/MO4CfII0wzutBpxGRjq5zQTkeg5nfJgye66RLxbDsyA2YMsEDGkQWbRVGRVq/R0d3MTt2b/mY6nmhbGSY24suHjY05A67BBTURjCO1u9fXFrvdaq+WrcEtjcdo75DWfOzCqtxQ2nRaA6qF48CX8LF6GX05meTug5Zl7Cixa8jOw+M88OxM2R0TayAV6AxO/hBTFq5WcLmHl/gGcjLY8ypWj3i8HB3akQYUoqV/mCwILhdQwfG/E8UcjRA5yplWRnz346RA7NJ/Ae84VY4hR7Fxrgam765uLl063GAQhW+M3lctJL3Xooo7rduXeVL6RDQhYdz6cOkEIyyH+4ftArhesgGUECQxQTibWiXeLTQbJfc/g4+BG4iQTBgl599LjfR044THpH20y3gNm2bYe8VAcJgVrwlQOgFQAGAVLSQKFNvznHPfWGPFMuK1xfsNVdaTugOE9YGQv16CDcCJMTgeYqVPXm9Hq1TKL7nqRR3FqkNCaE1aMn2v3TOmv4TuCfepe+CxR5WFJin06PMjaBibUTQ520H1eIudjUJSN5VQ+Rfh05HQVagBPT4dkcjLNZtKPZJSNC72HhEdxLO1+s12mLN2ZdBtbPVBfXHtrfHrXYVhk1vcvztoA6Wq92Z9x+ZMlJZuhXk45xWsH/dL4H0S+f/keakpLSCRB9zBdXMhyixSN3gyE/YHcbc6XHuIdhMDOEDwINmZJBG29FTrG7F2QUrPfRLlRYLD3xgDJHH/p2BgpGyAN3FlwSQjhNW6UCLTsKl24qaDVwJ60+9SpypJbJra0o3l+6gc4CxGuLY9TBR6jrSToaE476uyyoYWUn2hCzlOOtedd6hGZQECh8fh5rf93nfhCQghKtUakdjSJUW8XWSnouv+Z5dNoYlqflkGQ/AfCkWj3jgO+MYLriJVf5tDxcYyj+trfV7HWI3GgL4fPXsrc740/AesDUrf+JqK36Hm2s3GQe9eqeUg9+ohxVY5QO3QBkUMbvaMHqlXYo0EbW91SyLZQBlcx97q9YFkAtwp3311hoP2bl7+N/T5XMw1EoA89GutLkzIVuE+AQk94eEcIJwmjb9pYKl58tZLlqfDBS6sV+j95Dh83dwMG+8gRCwS8qFYRyXO0UVcjWPv/qeHVEEorgyhJveLrjimdEzheFlQrBit8YAS+akXOBVQC4QQ42biCWsz2qO1sQIMZndN6dVke88Br7Ilh9UJ0qojXR0mc6BPUKl3Zh9d32WyFbKm3Qj6AS2vnmkZCdjBO9PTT5oY/j17ClLTshps2B5ruysXotcrGNjuOhPE05fkYUFzknfSv7HhrjMvQYQNulHxGijTvksey1NedbDGB0TATBgkqhkiG9w0BCRUxBgQEAQAAADBbBgkqhkiG9w0BCRQxTh5MAHsAMwA1AEEAQgBFADcAOQBBAC0AOQA3ADIAQwAtADQAOAAxAEYALQA4AEIAMQA3AC0AQQBDADAAOQAxAEEANwAwADgAQwA2AEYAfTBdBgkrBgEEAYI3EQExUB5OAE0AaQBjAHIAbwBzAG8AZgB0ACAAUwB0AHIAbwBuAGcAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByMIIDvwYJKoZIhvcNAQcGoIIDsDCCA6wCAQAwggOlBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBBjAOBAg6DCoLVPw6qAICB9CAggN4Xykvk2tPB1lZ00HE84x0B0384ZMGb8UgjGbjr7fMnSMUXDgHijcevFNmdeP/II/Ltd+F73MbEsaA1d1CEH72cPk4wdoDsgrTt/Fg9xL+jja9HB35HuitgmLsfF1NJ6NdPZZK+0yfvlIKbz/MmKRrGfAwNuWtOVU3bnOv0myfXmfLg5O4mp/JdHJ5kjG4O81nUq6+OCyFbARuDVkrlIZbLO1ck3TPA7Dd2a8ujayY8mtFzMBrGV7U5LJH1V/LprpEA1dZmqt3kmXdLvIwSzNUub23wJDFWc0wQZ2/CJp33RiulZIe9na5bj7S0adOj/Jloot0V9Rxf46sevvsMM/M9rQXVAz0rquwW2o4yRUJxQgajntn75/Dridu+hj++j+Nq5Fs3pII5yjv517YzTZihoWB1xhO9yZhmMUq6OtJQFgQlB9YQTvCvleeC0AoU2lRZ5dvyrzxEMFEbHN72vG7Sps5vyyz/joF1RVNZw/hP4/hoFGuGcIFkI3Dsz+JSi0iZEqgmAaq2LUihT2rx40r49aSCU1VXs7DDnBLhh3w20Z1hx2IQmc2wp0YGKSbQDjA4hItRG6xXapMrlizaIp0LzWtmgV+qRbZN39xvXOkc0kITFdbyWILA04WgNwGeAlwtiSeO+C2c/EVXFOLOH+ibJ/OCUexw6yDTtIBqsk8oUCTMvJNNKguJCC2pSEKPhH606HAnuYTbWqUxY9GWK6wNIFAJaQnHD2pprq9j4va69qq0xy9rn7pfiEB7GeGlRb7QtOd5myfG1SZ5S/oP0Pnx+G6tA1Xkx8vMVeZhzH128+zApqVLd/xtMGJ24RlTgViyJsN1Z5k77Ces5YdwTZjAnJ6kyMbiVhZIpwzlKiJ23Aq00RpinF7ZvzPK0L3RDWbahU1eM98zhokRW3c5dKKBEAGePzyCVUnyoCCBpLUWkSXhL58Qm6Us1IfsoiYGnE/YtWwpArHXqndDnArrqTECUxf4VAqZ3Sj3CDRQN54aLBPgllNB2VjzmS4qKbyT7VP1HkxAbE5B1PRLqKCSzgeIJTMpGbHkaacz9Kme+O99d6OOdLr2OyogX5g6FkEc32n+lwnDww5VgbfdLV8JBjgS1WeEQk2UgJqXzwlNEjLvtX6RReLljUi7QLDeEaC2WKJFGnRlbX0JYL+ugggUY5UhXnJ6BvYv6P2MDcwHzAHBgUrDgMCGgQUPN6zb4ZCGV3dy3+JzgHFLCrHlGIEFNnQRFK67cH21VJ27RcK5qgEvQfh"; + public static X509Certificate2 DefaultCert_2048 = new X509Certificate2(Convert.FromBase64String(DefaultX509Data_2048), CertPassword, X509KeyStorageFlags.MachineKeySet); + public static string DefaultX509Key_2048_KeyId = "DefaultX509Key_2048_KeyId"; + public static string DefaultX509Key_2048_Thumbprint = "pqoeamb2e5YVzR6_rqFpiCrFZgw"; + public static X509SecurityKey DefaultX509Key_2048 = new X509SecurityKey(DefaultCert_2048); + public static X509SecurityKey DefaultX509Key_2048_With_KeyId = new X509SecurityKey(DefaultCert_2048) { KeyId = DefaultX509Key_2048_KeyId }; + public static SigningCredentials DefaultX509SigningCreds_2048_RsaSha2_Sha2 = new SigningCredentials(DefaultX509Key_2048, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest); + public static X509Certificate2 DefaultAsymmetricCert_2048 = new X509Certificate2(Convert.FromBase64String(DefaultX509Data_2048), CertPassword, X509KeyStorageFlags.MachineKeySet); + + public static string DefaultX509Data_2048_Public = @"MIICyjCCAbKgAwIBAgIQJPMYqnyiTY1GQYAwZxadMjANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDExZBREZTIFNpZ25pbmcgLSBTVFMuY29tMB4XDTEyMTAwOTIyMTA0OVoXDTEzMTAwOTIyMTA0OVowITEfMB0GA1UEAxMWQURGUyBTaWduaW5nIC0gU1RTLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmeVPJz8o7ayB3AS2dJtsIo/eXqeNhZ+ZqEJgHVHc0JAAgNNwR++moMt8+iIlOKZiAL8dvQBKOuPms+FfqrG1HshnMiLcuadtWUqOntxUdyQLcEKvdaFOqOppqmasqGFtRLPwYKIkZOkj8ikndNzI6PZV46mw18nLaN6rTByMnjVA5n9Lf7Cdu7lmxlKGJOI5F0IfeaW68/kY1bdw3KAEb1aOKHj0r7RJ2joRuHJ+96kw1bA2T6bGC/1LYND3DFsnQQtMBl7LlDrSG1gGoiZxCoQmPCxfrTCrYKGK6y9j6IQ4MCmJpnt0l/INL5i88TjctF4IkJwbJGn9iY2fIIBxMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAq/SyHGCLpBm+Gmh5I7BAWJXvtPaIelt30WgKVXRHccxRVIYpKOfAA2iPuD/CVruFz6pnP4K7o2KLAs+XJptigYzLEjKw6rY4836ZJC8m5kfBVanu45OW39nxzxp1udbxQ5gAdmvnY/2agpFhCFR8M1BtWON6G3SzHwo2dXHh+ettOO2LtK38e1+Uy+KGowRw/m4gprSIvgN3AAo7e0PnFblZn6vRgMsK60QB5D8f+Kxdg2I3ZGQcPBQI2fpjEDQCZVc2LV4ywPX4QDPfmYjn+1IaU9w7unbh+oUGQsrdKw3gsdzWEsX/IMXTDf46FEOjV+JqE7VilzcNuDcQ0x9K8gAA"; + public static X509Certificate2 DefaultCert_2048_Public + { + get => new X509Certificate2(Convert.FromBase64String(DefaultX509Data_2048_Public)); + } + + public static X509SecurityKey DefaultX509Key_2048_Public + { + get => new X509SecurityKey(DefaultCert_2048_Public); + } + + public static SigningCredentials DefaultX509SigningCreds_2048_RsaSha2_Sha2_Public = new SigningCredentials(DefaultX509Key_2048_Public, SecurityAlgorithms.RsaSha256Signature); + + public static string ExpiredX509Data_Public = @"MIIDKTCCAhGgAwIBAgIQWYE2RAW22K1AwRf9VBgsLDANBgkqhkiG9w0BAQsFADAkMSIwIAYDVQQDDBlodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tMB4XDTE3MTEwMjIyNTMwNloXDTE3MTEwMjIzMDI0NVowJDEiMCAGA1UEAwwZaHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK79bBjoH2zMR2poFZDm7wJjzgp+Nidk8jkrps3iqzqqf1YVFtEtFBng4KE+2jfyaQxS4FO3dnd1Nh7wdCBH/60A0e6uROEBe4L/kydyJS3u2wsz+aabCBJ2M8FVUWziGZ4o2NKwAvRbCWFbsA9irhXTEw3hjqP7DDdjAayztmczG7vgeU10GnEPcYanyrraNRWkVaZGAI6EeFOy4QEYtFLd7N7gb84ScW/h2edVKm5VoYaVXF6KE7gfbMp+uflqJ8hBaLXjFSoXxN3Y6BQqxUGxX4qdAnpuRqDJzYQjDUm81MtD2XIfY46duJDDZOwpRPyXRe2YeJp5rVG5Pr0i7gECAwEAAaNXMFUwDgYDVR0PAQH/BAQDAgWgMCQGA1UdEQQdMBuCGWh0dHA6Ly9EZWZhdWx0Lklzc3Vlci5jb20wHQYDVR0OBBYEFJI/4wsmVjLpK1tRYJ96zKoBULBzMA0GCSqGSIb3DQEBCwUAA4IBAQBUToqoMJ0QJciKd+GRzivq3idPzCEyo4/V2V7B/H5czwzVx+lhn2e/EwCaMBPk3x9C5DQbJdmSp6DoX9VvD2XNOiFFeabBu/w9jhkRiDpOtNnWMJwzjHMAD0f4z8fSO5ZXcvFr2Ze3zGDTEY1vdXkAK2k9WuKu7c9kcoZO55Tads5T15vg4e8OmBq9kcGNEZRt2xBHkjlef0v6gBZ/lFeJHe0qTuKNCiTxJvUfAPnP0sTAdFdsDBt9bqLBHx+Wz/ALj535dUpCi5tXv4bI/t6qgh8toQNvJ7lNMv34W4+CiRYAPR9fK5bGsua+tb1FvfEqXx17yOLLgHgsu8oOsaZo"; + public static X509Certificate2 ExpiredX509Cert_Public = new X509Certificate2(Convert.FromBase64String(ExpiredX509Data_Public)); + public static X509SecurityKey ExpiredX509SecurityKey_Public = new X509SecurityKey(ExpiredX509Cert_Public); + public static SigningCredentials ExpiredX509SigningCreds_Public = new SigningCredentials(ExpiredX509SecurityKey_Public, SecurityAlgorithms.RsaSha256Signature); + + public static string NotYetValidX509Data_Public = @"MIIDLTCCAhWgAwIBAgIQeLKUcfFgAJVLmqR629EXJTANBgkqhkiG9w0BAQsFADAkMSIwIAYDVQQDDBlodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tMCIYDzIwNTAxMjMxMTgxMTEyWhgPMjA1MTEyMzExODIxMTJaMCQxIjAgBgNVBAMMGWh0dHA6Ly9EZWZhdWx0Lklzc3Vlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDayOgzHzuXRq830o1TbBQcMcTlh5aG1OfyM8SSOwvTf8VBliOaYsIvWmmPDuhZou4o2TyAm0/HGwtHJ14F9IMxADtkkGBUXp8KRWCCeGMBWS3ipTdZRguLORD+UMctZzuYAi+vvfYKnwk3NVhZ9zNeXN9WctXtNCV0//mOh7YswukCm1Dc4YuU0fKWMI+dh2kK6K8or2g435WQ9UhYPvcV7KVp8CXkpXelcY7VXQ3/lXEkPoTHnWPaoHNo2eFFxWJHh0FYmXv/FMK16t8VIhA8Di0GJCH8bdIgDz6FKDAMotHP2AFwCvi7TUnvSCxarW8zQhPs7hL0X9/6sJwvIO1FAgMBAAGjVzBVMA4GA1UdDwEB/wQEAwIFoDAkBgNVHREEHTAbghlodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tMB0GA1UdDgQWBBTw+jeDZzRQuc9JvralcWgaFsLq/DANBgkqhkiG9w0BAQsFAAOCAQEAb0Jj0CjkyVfftMJQt6hezCxcQhg2WXoNU1RynOGsWxqjZkcfSgowrBgOjxkkCKbHtCkBt/hA/PSCfW6cpKcT03GV2X1nxrW6QraozOP7rFHR0Pyzjq9V9ipz38/5W0V93vujYCDci7pGk8t2c++wZHBMXDp6nvUCY4GvdQ0sxVc4bcMHJa3S0hX1VyJboK9qoz0X0wvEexPP+u9Li+2rWgogE+LeRU6ew78fqxBJTG3ucVaA1pwt8M60RHsUiZaoi5URV+lGSvS1iqHE234fHkob0Xl7PWbMSDCzno7xYZbzEdVwYz0fK4P6xLAoltV63SGGen+JkcyjwuYXPydS/g=="; + public static X509Certificate2 NotYetValidX509Cert_Public = new X509Certificate2(Convert.FromBase64String(NotYetValidX509Data_Public)); + public static X509SecurityKey NotYetValidX509SecurityKey_Public = new X509SecurityKey(NotYetValidX509Cert_Public); + public static SigningCredentials NotYetValidX509SigningCreds_Public = new SigningCredentials(NotYetValidX509SecurityKey_Public, SecurityAlgorithms.RsaSha256Signature); + + public static SecurityKey DefaultAADSigningKey + { + get + { + var certData = "MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD"; + var aadCert = new X509Certificate2(Convert.FromBase64String(certData)); + return new X509SecurityKey(aadCert); + } + } + + // RSA securityKey + + public static RSAParameters RsaParametersFromPing1; + public static RSAParameters RsaParametersFromPing2; + public static RSAParameters RsaParametersFromPing3; + public static RSAParameters RsaParameters_1024; + public static RSAParameters RsaParameters_1024_Public; + public static RSAParameters RsaParameters_2048; + public static RSAParameters RsaParameters_2048_Public; + public static RSAParameters RsaParameters_4096; + public static RSAParameters RsaParameters_4096_Public; + public static RSAParameters RsaParameters_2048_MissingModulus; + public static RSAParameters RsaParameters_2048_MissingExponent; + + public static RSAParameters RsaParameters1 + { + get => new RSAParameters + { + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + Modulus = Base64UrlEncoder.DecodeBytes("rCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVw==") + }; + } + + public static RsaSecurityKey RsaSecurityKey1 + { + get => new RsaSecurityKey(RsaParameters1) + { + KeyId = "NGTFvdK-fythEuLwjpwAJOM9n-A" + }; + } + + public static RSAParameters RsaParameters2 + { + get => new RSAParameters + { + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + Modulus = Base64UrlEncoder.DecodeBytes("kSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuw==") + }; + } + + public static RsaSecurityKey RsaSecurityKey2 + { + get => new RsaSecurityKey(RsaParameters2) + { + KeyId = "kriMPdmBvx68skT8-mPAB3BseeA" + }; + } + + public static RsaSecurityKey RsaSecurityKeyFromPing1; + public static RsaSecurityKey RsaSecurityKeyFromPing2; + public static RsaSecurityKey RsaSecurityKeyFromPing3; + public static RsaSecurityKey RsaSecurityKey_1024; + public static RsaSecurityKey RsaSecurityKey_1024_Public; + public static RsaSecurityKey RsaSecurityKey_4096; + public static RsaSecurityKey RsaSecurityKey_4096_Public; + + public static SigningCredentials RsaSigningCreds_1024; + public static SigningCredentials RsaSigningCreds_1024_Public; + public static SigningCredentials RsaSigningCreds_2048; + public static SigningCredentials RsaSigningCreds_2048_Public; + public static SigningCredentials RsaSigningCreds_2048_FromRsa; + public static SigningCredentials RsaSigningCreds_2048_FromRsa_Public; + public static SigningCredentials RsaSigningCreds_4096; + public static SigningCredentials RsaSigningCreds_4096_Public; + + // ECDSA Cng security keys + public static readonly ECDsaSecurityKey Ecdsa256Key; + public static readonly ECDsaSecurityKey Ecdsa384Key; + public static readonly ECDsaSecurityKey Ecdsa521Key; + public static readonly ECDsaSecurityKey Ecdsa256Key_Public; + public static readonly ECDsaSecurityKey Ecdsa384Key_Public; + public static readonly ECDsaSecurityKey Ecdsa521Key_Public; + + // SymmetricKeys + + public static string DefaultSymmetricKeyEncoded_56 = "bd0Q+Z6Ydw=="; + public static byte[] DefaultSymmetricKeyBytes_56 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_56); + public static SymmetricSecurityKey DefaultSymmetricSecurityKey_56 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_56) { KeyId = "DefaultSymmetricSecurityKey_56" }; + + public static string DefaultSymmetricKeyEncoded_64 = "bd0Q+Z6Yd34="; + public static byte[] DefaultSymmetricKeyBytes_64 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_64); + public static SymmetricSecurityKey DefaultSymmetricSecurityKey_64 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_64) { KeyId = "DefaultSymmetricSecurityKey_64" }; + + public static string DefaultSymmetricKeyEncoded_128 = "00FBopST3JAf7QHhMFFXkg=="; + public static byte[] DefaultSymmetricKeyBytes_128 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_128); + public static SymmetricSecurityKey DefaultSymmetricSecurityKey_128 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_128) { KeyId = "DefaultSymmetricSecurityKey_128" }; + + public static string DefaultSymmetricKeyEncoded_192 = "hf+ctyfSxzcVMn5B5D+u4It4/HHjnh/E"; + public static byte[] DefaultSymmetricKeyBytes_192 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_192); + public static SymmetricSecurityKey DefaultSymmetricSecurityKey_192 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_192) { KeyId = "DefaultSymmetricSecurityKey_192" }; + + public static string DefaultSymmetricKeyEncoded_256 = "Vbxq2mlbGJw8XH+ZoYBnUHmHga8/o/IduvU/Tht70iE="; + public static byte[] DefaultSymmetricKeyBytes_256 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_256); + public static SymmetricSecurityKey DefaultSymmetricSecurityKey_256 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_256) { KeyId = "DefaultSymmetricSecurityKey_256" }; + public static SigningCredentials DefaultSymmetricSigningCreds_256_Sha2 = new SigningCredentials(DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256); + public static EncryptingCredentials DefaultSymmetricEncryptingCreds_Aes128_Sha2 = new EncryptingCredentials(DefaultSymmetricSecurityKey_256, "dir", SecurityAlgorithms.Aes128CbcHmacSha256); + + public static string DefaultSymmetricKeyEncoded_384 = "Q6o4CQLPygAD+Dj6psJNJjCadf1+ZA6ggW2OzqAJ1Kq9orrXZmXUi8mMrYI4T3u8"; + public static byte[] DefaultSymmetricKeyBytes_384 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_384); + public static SymmetricSecurityKey DefaultSymmetricSecurityKey_384 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_384) { KeyId = "DefaultSymmetricSecurityKey_384" }; + public static SigningCredentials DefaultSymmetricSigningCreds_384_Sha2 = new SigningCredentials(DefaultSymmetricSecurityKey_384, SecurityAlgorithms.HmacSha256Signature); + public static EncryptingCredentials DefaultSymmetricEncryptingCreds_Aes256_Sha512_384 = new EncryptingCredentials(DefaultSymmetricSecurityKey_384, "dir", SecurityAlgorithms.Aes256CbcHmacSha512); + + public static string DefaultSymmetricKeyEncoded_512 = "/N8zPTrtwbh1ftQH4frI74akNpRAiJDWssebaGWGit7kwj/4RF/3tGXQppRAvQGMe2CFhXXCN3NOXYpyUVlT7w=="; + public static byte[] DefaultSymmetricKeyBytes_512 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_512); + public static SymmetricSecurityKey DefaultSymmetricSecurityKey_512 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_512) { KeyId = "DefaultSymmetricSecurityKey_512" }; + public static EncryptingCredentials DefaultSymmetricEncryptingCreds_Aes256_Sha512_512 = new EncryptingCredentials(DefaultSymmetricSecurityKey_512, "dir", SecurityAlgorithms.Aes256CbcHmacSha512); + + public static string DefaultSymmetricKeyEncoded_768 = "bEgppKgpryhZigwgV2u/gzS4t8DE0JZBFny3nO6A9kYwA0s5/lU8Bp5ZmbhRmQss3sTJcwxJHZyy6I0scRM62ZTF71QghYXee7Aiazfe8Hxwir0ptoI65+WuhxbHEJSK"; + public static byte[] DefaultSymmetricKeyBytes_768 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_768); + public static SymmetricSecurityKey DefaultSymmetricSecurityKey_768 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_768) { KeyId = "DefaultSymmetricSecurityKey_768" }; + public static EncryptingCredentials DefaultSymmetricEncryptingCreds_Aes256_Sha512_768 = new EncryptingCredentials(DefaultSymmetricSecurityKey_768, "dir", SecurityAlgorithms.Aes256CbcHmacSha512); + + public static string DefaultSymmetricKeyEncoded_1024 = "3bIgChZlnpg9lkM5zdy1F+HMOOxIGJuseTDSz3Z6Yq99RFZ7uUuCWNbii9tidRbNQSkNYqPPA8UWc5Hmks4hwzSUu4mFOl6WSt8WZoy/SgMZBY5NbAALrkCQZEW5nMYIwMenzbmNRwfKdxjEuZ04VimNzIw/01YziA1J9NUZ3K0="; + public static byte[] DefaultSymmetricKeyBytes_1024 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_1024); + public static SymmetricSecurityKey DefaultSymmetricSecurityKey_1024 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_1024) { KeyId = "DefaultSymmetricSecurityKey_1024" }; + public static EncryptingCredentials DefaultSymmetricEncryptingCreds_Aes256_Sha512_1024 = new EncryptingCredentials(DefaultSymmetricSecurityKey_1024, "dir", SecurityAlgorithms.Aes256CbcHmacSha512); + + public static string SymmetricKeyEncoded2_56 = "pzPUY9YbfA=="; + public static byte[] SymmetricKeyBytes2_56 = Convert.FromBase64String(SymmetricKeyEncoded2_56); + public static SymmetricSecurityKey SymmetricSecurityKey_56 = new SymmetricSecurityKey(SymmetricKeyBytes2_56) { KeyId = "SymmetricSecurityKey2_56" }; + + public static string SymmetricKeyEncoded2_64 = "pzPUY9YbfLI="; + public static byte[] SymmetricKeyBytes2_64 = Convert.FromBase64String(SymmetricKeyEncoded2_64); + public static SymmetricSecurityKey SymmetricSecurityKey2_64 = new SymmetricSecurityKey(SymmetricKeyBytes2_64) { KeyId = "SymmetricSecurityKey2_64" }; + + public static string SymmetricKeyEncoded2_128 = "ZQIzxyEZ1gZGV1kY5QOqkg=="; + public static byte[] SymmetricKeyBytes2_128 = Convert.FromBase64String(SymmetricKeyEncoded2_128); + public static SymmetricSecurityKey SymmetricSecurityKey2_128 = new SymmetricSecurityKey(SymmetricKeyBytes2_128) { KeyId = "SymmetricSecurityKey2_128" }; + + public static string SymmetricKeyEncoded2_256 = "ZQIzxyEZ1gZGV1kY5QOqkp0zUtYKhLRl5mZKU0RNjGU="; + public static byte[] SymmetricKeyBytes2_256 = Convert.FromBase64String(SymmetricKeyEncoded2_256); + public static SymmetricSecurityKey SymmetricSecurityKey2_256 = new SymmetricSecurityKey(SymmetricKeyBytes2_256) { KeyId = "SymmetricSecurityKey2_256" }; + + public static string SymmetricKeyEncoded2_384 = "ZQIzxyEZ1gZGV1kY5QOqkp0zUtYKhLRl5mZKU0RNjGUYQDrTFPFqIlUpGjMqfKpV"; + public static byte[] SymmetricKeyBytes2_384 = Convert.FromBase64String(SymmetricKeyEncoded2_384); + public static SymmetricSecurityKey SymmetricSecurityKey2_384 = new SymmetricSecurityKey(SymmetricKeyBytes2_384) { KeyId = "SymmetricSecurityKey2_384" }; + + public static string SymmetricKeyEncoded2_512 = "ZQIzxyEZ1gZGV1kY5QOqkp0zUtYKhLRl5mZKU0RNjGUYQDrTFPFqIlUpGjMqfKpVW9stSYtqfOFNzeC6z4PC+Q=="; + public static byte[] SymmetricKeyBytes2_512 = Convert.FromBase64String(SymmetricKeyEncoded2_512); + public static SymmetricSecurityKey SymmetricSecurityKey2_512 = new SymmetricSecurityKey(SymmetricKeyBytes2_512) { KeyId = "SymmetricSecurityKey2_512" }; + + public static string SymmetricKeyEncoded2_768 = "ZQIzxyEZ1gZGV1kY5QOqkp0zUtYKhLRl5mZKU0RNjGUYQDrTFPFqIlUpGjMqfKpVW9stSYtqfOFNzeC6z4PC+cr0/6XI1n2syC+A4GqBO2q79PdoIEParcRZhkcQr1PS"; + public static byte[] SymmetricKeyBytes2_768 = Convert.FromBase64String(SymmetricKeyEncoded2_768); + public static SymmetricSecurityKey SymmetricSecurityKey2_768 = new SymmetricSecurityKey(SymmetricKeyBytes2_768) { KeyId = "SymmetricSecurityKey2_768" }; + + public static string SymmetricKeyEncoded2_1024 = "ZQIzxyEZ1gZGV1kY5QOqkp0zUtYKhLRl5mZKU0RNjGUYQDrTFPFqIlUpGjMqfKpVW9stSYtqfOFNzeC6z4PC+cr0/6XI1n2syC+A4GqBO2q79PdoIEParcRZhkcQr1PSZiFpNXwFjIRdgIFb6Zt3zJF2/9uLWdiHGlHhb1A2nBg="; + public static byte[] SymmetricKeyBytes2_1024 = Convert.FromBase64String(SymmetricKeyEncoded2_1024); + public static SymmetricSecurityKey SymmetricSecurityKey2_1024 = new SymmetricSecurityKey(SymmetricKeyBytes2_1024) { KeyId = "SymmetricSecurityKey2_1024" }; + + // These signingCreds have algorithms and hashs that are not supported + public static SigningCredentials SymmetricSigningCreds_256_Rsa256_Sha2 = new SigningCredentials(DefaultSymmetricSecurityKey_256, SecurityAlgorithms.RsaSha256Signature); + + public static X509Certificate2 X509Certificate1; + public static X509Certificate2 X509Certificate2; + + public static X509SecurityKey X509SecurityKey1; + public static X509SecurityKey X509SecurityKey2; + + static KeyingMaterial() + { + X509Certificate1 = new X509Certificate2(Convert.FromBase64String("MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng")); + X509Certificate2 = new X509Certificate2(Convert.FromBase64String("MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZ")); + X509SecurityKey1 = new X509SecurityKey(X509Certificate1); + X509SecurityKey2 = new X509SecurityKey(X509Certificate2); + + byte[] cspbytes_1024 = Base64UrlEncoder.DecodeBytes("BwIAAACkAABSU0EyAAQAAAEAAQAlur35vBYFooH0yfB3G919joyz-7xD8LcoQLRIqV7DdEicgTkJWD8sfDvxHRf18w2bA2kx_Bg89855uR3yDvIqtcZ-vq6Gv6yvx7iSjuXW_SNV4gVSjShBuCMelyU-dsHK-IuLcyMcms93fQ3Gh13_AFeyGuT2P0g7LUEEdz8K099x6CCApMROhY261NbN-d5uDE33bypd8tfLCWj2jlSZUNX__O7OUCVqegyI3rAPCpbtB5V7jw7uKD2lR6OeZfN7fPlPPtQEXyaIzYQHo8td6ASYcIFAUjxkBhN8lMUG2FXe-jH3tYYf3FMywf6GA6bo1LfVMW1Sb935YrGAt_fd-8YFoKDUoZgMTjcEiM0Koq80DM8Hy0rb1F4KnzKpXPy2XeGAxIEM-6MMINuh2aY-gZ6oMUomEcw9uSW1hBNk5mtPAdUqHfud8RBYvTH5yx-Cipu6wDLoQl4UTZcop-tVLpJGWJpDYkeLsda2pKJpJcITs3_gRq-QjUIG7-M2OMEvKwBd3tMfIHNkVA-RBk6v_dEHH8cRHvPZC2wna7FQztJqN5ybOSWcpqCX5RvbMkfK38hdGo6oPUkQ3YmtFLFOialpsJo-c_HDOlI32fCnjTLRsR9B-JbSDRLEHg0bVmgVyL1oZaLPYAMyUH6grtel2enOiUODgX9YZbynGtHjvGMn0-3nbz2TRUlchl5b-mQqPbM673WnddAUeaaqNc7gopo5Zofsd6-YV1Z0nL-XzLad2Ax9aAHpVoejevXGz1w"); + byte[] cspbytes_1024_Public = Base64UrlEncoder.DecodeBytes("BgIAAACkAABSU0ExAAQAAAEAAQAlur35vBYFooH0yfB3G919joyz-7xD8LcoQLRIqV7DdEicgTkJWD8sfDvxHRf18w2bA2kx_Bg89855uR3yDvIqtcZ-vq6Gv6yvx7iSjuXW_SNV4gVSjShBuCMelyU-dsHK-IuLcyMcms93fQ3Gh13_AFeyGuT2P0g7LUEEdz8K0w"); + + RsaParametersFromPing1 = new RSAParameters + { + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + Modulus = Base64UrlEncoder.DecodeBytes("mhupHfUtg_gHIqwu2wm8CprXY-gKqbPMV6tEYVqkyYrHugzQ_YDYAHr7vWo5Pe_3gIujSFwpqIfXaP8-Fl3O5fQhMo1lMv4DdRabyDLEpv7YO9qoVKTmDOZqYZx-AYBr5x1Zh2xWByI6_0dsPtCjD1pFZfg_SxNEcLPyH1aY6dT8CWYu32qG4O0WF4EihZzMkzSn8fyh8RXbMf5U9Wm2kgb0g8jK62S7MoF4IlhFaJreq898wgUohhPwR8P3X-gk0XQJAFcogEf04Fw4UmKo3z1B6mcNbPRfImhWw4wtLkhp_KIqKNOkMsSpYGSLrCvqQpgK56EJZExrmb7WozjwHw") + }; + + RsaParametersFromPing2 = new RSAParameters + { + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + Modulus = Base64UrlEncoder.DecodeBytes("wY2KNRyiEvyBFkr1IC_1UGWMPInkzVYpoap_-Zw5fYAXLVxKMSPdZVVLt9AVhuNtagOOQqlZ_Y32e4l19REHym6RGV9Sm1noKRxDUjkz7U8OVeUew7D7h4Dk6E2rrlIYpy9OmhhzWSS68pBTf0_ESdekKv3OQbEs99avEXOPK5uH3V-NHsy1YP3DAvl7HJaV6fn-1Nch1quLrg1G7ohBuTb4Zr-499TJ6bkfabaACz8bf-RHuPezFBjoY0LHNNu6-KQ-qqHVkoki_1OQwj2s_Lui3qYWOmLoaVN9ZzO90rBdhhg8t0JZv6pSlc7o0XT4fie5RRjiqCuOpuGQvNYKpQ") + }; + + RsaParametersFromPing3 = new RSAParameters + { + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + Modulus = Base64UrlEncoder.DecodeBytes("tgLZUXY8mo2Y1TaXHjOYrFGs23jZxgpzEKfBz004AEeOMHFbEP1h1Lrqf2B7f49mOpXRkBgEm4tnSYzX7pDWrMvNeRVkTFXSXwHYvda1R1kmwiTxnrC9IWjvizrr22DtzHhSSpL_7xuXtmaid2orOF8mUoXnKesPQVfq33pCKm1QUV6oFNSVxAiOKJkzFmxjYvcqzryjYi10glxPSx3cmSI8RGqlxolJr0negfLmI9bNxuAvStf_L6zXB5NFqccmkCQXn_QC3P1N3j-HgwwHTVFxkrS8kZQOMTw3TMXbtTFNrVAx1QC_3M0ze4cVncr2zTSECS_2qXM5RS7xBTEDvQ") + }; + + RsaSecurityKeyFromPing1 = new RsaSecurityKey(RsaParametersFromPing1) + { + KeyId = "20am7" + }; + + RsaSecurityKeyFromPing2 = new RsaSecurityKey(RsaParametersFromPing2) + { + KeyId = "20am3" + }; + + RsaSecurityKeyFromPing3 = new RsaSecurityKey(RsaParametersFromPing3) + { + KeyId = "20alz" + }; + + RsaParameters_1024 = new RSAParameters + { + D = Base64UrlEncoder.DecodeBytes("XM_G9Xqjh1bpAWh9DNidtsyXv5x0VleYr3fsh2Y5mqLgzjWqpnkU0HWnde86sz0qZPpbXoZcSUWTPW_n7dMnY7zj0RqnvGVYf4GDQ4nO6dml166gflAyA2DPomVovcgVaFYbDR7EEg3SlvhBH7HRMo2n8Nk3UjrD8XM-mrBpqYk"), + DP = Base64UrlEncoder.DecodeBytes("5mQThLUluT3MESZKMaiegT6m2aHbIAyj-wyBxIDhXbb8XKkynwpe1NtKywfPDDSvogrNiAQ3TgyYodSgoAXG-w"), + DQ = Base64UrlEncoder.DecodeBytes("wTg24-8GQo2Qr0bgf7MTwiVpoqS21rGLR2JDmlhGki5V66col00UXkLoMsC6m4qCH8v5Mb1YEPGd-x0q1QFPaw"), + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + InverseQ = Base64UrlEncoder.DecodeBytes("TrEUrYndEEk9qI4aXcjfykcy2xvll6CmnCU5m5w3atLOULFrJ2wL2fMeEccfB9H9r04GkQ9UZHMgH9PeXQArLw"), + Modulus = Base64UrlEncoder.DecodeBytes("0wo_dwRBLTtIP_bkGrJXAP9dh8YNfXfPmhwjc4uL-MrBdj4llx4juEEojVIF4lUj_dbljpK4x6-sv4auvn7GtSryDvIduXnO9zwY_DFpA5sN8_UXHfE7fCw_WAk5gZxIdMNeqUi0QCi38EO8-7OMjn3dG3fwyfSBogUWvPm9uiU"), + P = Base64UrlEncoder.DecodeBytes("82Weo0elPSjuDo97lQftlgoPsN6IDHpqJVDO7vz_1VCZVI72aAnL1_JdKm_3TQxu3vnN1tS6jYVOxKSAIOhx3w"), + Q = Base64UrlEncoder.DecodeBytes("3fe3gLFi-d1vUm0x1bfU6KYDhv7BMlPcH4a19zH63lXYBsWUfBMGZDxSQIFwmAToXcujB4TNiCZfBNQ-T_l8ew"), + }; + + RsaParameters_1024_Public = new RSAParameters + { + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + Modulus = Base64UrlEncoder.DecodeBytes("0wo_dwRBLTtIP_bkGrJXAP9dh8YNfXfPmhwjc4uL-MrBdj4llx4juEEojVIF4lUj_dbljpK4x6-sv4auvn7GtSryDvIduXnO9zwY_DFpA5sN8_UXHfE7fCw_WAk5gZxIdMNeqUi0QCi38EO8-7OMjn3dG3fwyfSBogUWvPm9uiU"), + }; + + byte[] cspbytes_2048 = Base64UrlEncoder.DecodeBytes("BwIAAACkAABSU0EyAAgAAAEAAQCP7GdRPSJ5_SDCM4mQsuRP72_P19sw7w7qStb9CXj4aun9iY81bhXI8YjGHZPDrhaSi4bwhGIx5JTNsxBejBTU0QOsLqb8IvlabEHD7T2J4GfIsNwh5u_u8chKMRWeUkxqLzaXdVwickmtvG7t7BjghMzl6Ubwv1DL9prH-pkH56fTqbsu1EwEF4DxWS6RBg1DKNzlmtt5SYYmNksH89yXUV5118YY0UMxJZd3a4Ir_r8wNq4ZtotCAyTfLnCKryTLPrJUcduPlTnjXeegPTFH57fK_UQjq3RGOeTkiDLvKrjQ2FRgXtLdHhXDbAqjQPX0_oruXb78kBxMf0sWa-HrmZTz2hg-VrxNsnJPS-2f-4_MIa8q2dOfGgbxQxLZM19_3VHG_qcn3sXPiVzEwjTvR8edj6wCQ96SYAOkSWByuMplbrzFMfq37u0x6JhOrbkBKWgnU0FO8JvMnAO6jpxNifsWjLkk-ca-JDbzX1L_5u54pHNE76rlEe6oKwvCq_1nG3MI3d_X623S9aQwFw94UGseJfma-6tRAj95LniiXBD7ifjLpCeZvO2W_iLHOOp2WB7DSrNQ_rLfRoStq9DxQY8To4O2SMYPQT7To6tRhRV7lsVuzoGrJIlurXjGXeGBD2gvBTy2_7qhE8ZKiYun67JpIsrN84LkM2pKRtgL7gG1kwCRFEPH_7Pl4JUMCV6kv1DeWCdKlz6fFMatcvN_MUQDBdzjpkgabhc7O_-gBCJp71gnIKsQeMNG_LBxKP0wVZBOtCW3bBmNUSHNZF5CMr7TD7TxXNP6K5sDafOc9_vHz2lkxDDaurY659PrXifpdYFKheHeGPB4nZs697MS-3AARGqCDdoekJft6mF613pzUTOBEc00hm0ehVWVent58JU3ThmcIkImGKxgWaCpaEunlcGVgmpJG562zYPWPTUzsmDnTjciCSZMw_F8PdKzN5kU73JX1yY8k0Oh3ETOxl-uFRGPOiucAeCmvw-9_Mkmyjcrv4Xsk9ftE7ZssGH-F3_O4CMGbQVnsBSpAnO8Yi0f3a9vhipydlTzqpUK7LCoRn4gWVDdsbSmlv-2zjypk_BpgoB4L6ASJOyRySk4KoYSSs38yLEg8SQyNSR95GWZJPEmZhxi5R_03TZcaicn_YCMyfNf9hLmNy8zHetIz8An2qLoZv8w-FglW2O5lXFdKgRb_W-Af2GcjyWGWsMywGEsE6p7A8Ytm8RrwZueTcib_YPFG6_Q4rHHGxcbA_fbz6GKLXrx9oY3xZfNi_3ebPE2aci3CXtoWkH3FRW6kZvGnQsHxxfBww3dogWdV9a0nVdBkfVOD8gfTdCLO8RfARUt1UYwdO22aUqSbxlnxdSgrzFKePsGp_iHCNDZlWeQOIXCIjg2oQLPPT8LYKJrxeWMsyhUw3KlK7cuU_STNLO8CmFD7p025xCrzpK1cC4VeODjur7nB-zuLdmjn-JbLSv0ky9eTNyTkkguhcBbpejM8wEuE3R-HKmV6SrgL8OlhAYBneVIpFP9h2UGoQs"); + byte[] cspbytes_2048_Public = Base64UrlEncoder.DecodeBytes("BgIAAACkAABSU0ExAAgAAAEAAQCP7GdRPSJ5_SDCM4mQsuRP72_P19sw7w7qStb9CXj4aun9iY81bhXI8YjGHZPDrhaSi4bwhGIx5JTNsxBejBTU0QOsLqb8IvlabEHD7T2J4GfIsNwh5u_u8chKMRWeUkxqLzaXdVwickmtvG7t7BjghMzl6Ubwv1DL9prH-pkH56fTqbsu1EwEF4DxWS6RBg1DKNzlmtt5SYYmNksH89yXUV5118YY0UMxJZd3a4Ir_r8wNq4ZtotCAyTfLnCKryTLPrJUcduPlTnjXeegPTFH57fK_UQjq3RGOeTkiDLvKrjQ2FRgXtLdHhXDbAqjQPX0_oruXb78kBxMf0sWa-Hr"); + + RsaParameters_2048 = new RSAParameters + { + D = Base64UrlEncoder.DecodeBytes("C6EGZYf9U6RI5Z0BBoSlwy_gKumVqRx-dBMuAfPM6KVbwIUuSJKT3ExeL5P0Ky1b4p-j2S3u7Afnvrrj4HgVLnC1ks6rEOc2ne5DYQq8szST9FMutyulcsNUKLOM5cVromALPz3PAqE2OCLChTiQZ5XZ0AiH-KcG-3hKMa-g1MVnGW-SSmm27XQwRtUtFQFfxDuL0E0fyA9O9ZFBV5201ledBaLdDcPBF8cHC53Gm5G6FRX3QVpoewm3yGk28Wze_YvNl8U3hvbxei2Koc_b9wMbFxvHseLQrxvFg_2byE2em8FrxJstxgN7qhMsYcAyw1qGJY-cYX-Ab_1bBCpdcQ"), + DP = Base64UrlEncoder.DecodeBytes("ErP3OpudePAY3uGFSoF16Sde69PnOra62jDEZGnPx_v3nPNpA5sr-tNc8bQP074yQl5kzSFRjRlstyW0TpBVMP0ocbD8RsN4EKsgJ1jvaSIEoP87OxduGkim49wFA0Qxf_NyrcYUnz6XSidY3lC_pF4JDJXg5bP_x0MUkQCTtQE"), + DQ = Base64UrlEncoder.DecodeBytes("YbBsthPt15Pshb8rN8omyfy9D7-m4AGcKzqPERWuX8bORNyhQ5M8JtdXcu8UmTez0j188cNMJgkiN07nYLIzNT3Wg822nhtJaoKVwZWnS2ipoFlgrBgmQiKcGU43lfB5e3qVVYUebYY0zRGBM1Fzetd6Yertl5Ae2g2CakQAcPs"), + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + InverseQ = Base64UrlEncoder.DecodeBytes("lbljWyVY-DD_Zuii2ifAz0jrHTMvN-YS9l_zyYyA_Scnalw23fQf5WIcZibxJJll5H0kNTIk8SCxyPzNShKGKjgpyZHsJBKgL3iAgmnwk6k8zrb_lqa0sd1QWSB-Rqiw7AqVqvNUdnIqhm-v3R8tYrxzAqkUsGcFbQYj4M5_F_4"), + Modulus = Base64UrlEncoder.DecodeBytes("6-FrFkt_TByQ_L5d7or-9PVAowpswxUe3dJeYFTY0Lgq7zKI5OQ5RnSrI0T9yrfnRzE9oOdd4zmVj9txVLI-yySvinAu3yQDQou2Ga42ML_-K4Jrd5clMUPRGMbXdV5Rl9zzB0s2JoZJedua5dwoQw0GkS5Z8YAXBEzULrup06fnB5n6x5r2y1C_8Ebp5cyE4Bjs7W68rUlyIlx1lzYvakxSnhUxSsjx7u_mIdywyGfgiT3tw0FsWvki_KYurAPR1BSMXhCzzZTkMWKE8IaLkhauw5MdxojxyBVuNY-J_elq-HgJ_dZK6g7vMNvXz2_vT-SykIkzwiD9eSI9UWfsjw"), + P = Base64UrlEncoder.DecodeBytes("_avCCyuo7hHlqu9Ec6R47ub_Ul_zNiS-xvkkuYwW-4lNnI66A5zMm_BOQVMnaCkBua1OmOgx7e63-jHFvG5lyrhyYEmkA2CS3kMCrI-dx0fvNMLEXInPxd4np_7GUd1_XzPZEkPxBhqf09kqryHMj_uf7UtPcrJNvFY-GNrzlJk"), + Q = Base64UrlEncoder.DecodeBytes("7gvYRkpqM-SC883KImmy66eLiUrGE6G6_7Y8BS9oD4HhXcZ4rW6JJKuBzm7FlnsVhVGro9M-QQ_GSLaDoxOPQfHQq62ERt-y_lCzSsMeWHbqOMci_pbtvJknpMv4ifsQXKJ4Lnk_AlGr-5r5JR5rUHgPFzCk9dJt69ff3QhzG2c"), + }; + + RsaParameters_2048_Public = new RSAParameters + { + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + Modulus = Base64UrlEncoder.DecodeBytes("6-FrFkt_TByQ_L5d7or-9PVAowpswxUe3dJeYFTY0Lgq7zKI5OQ5RnSrI0T9yrfnRzE9oOdd4zmVj9txVLI-yySvinAu3yQDQou2Ga42ML_-K4Jrd5clMUPRGMbXdV5Rl9zzB0s2JoZJedua5dwoQw0GkS5Z8YAXBEzULrup06fnB5n6x5r2y1C_8Ebp5cyE4Bjs7W68rUlyIlx1lzYvakxSnhUxSsjx7u_mIdywyGfgiT3tw0FsWvki_KYurAPR1BSMXhCzzZTkMWKE8IaLkhauw5MdxojxyBVuNY-J_elq-HgJ_dZK6g7vMNvXz2_vT-SykIkzwiD9eSI9UWfsjw"), + }; + + RsaParameters_2048_MissingModulus = new RSAParameters + { + D = Base64UrlEncoder.DecodeBytes("C6EGZYf9U6RI5Z0BBoSlwy_gKumVqRx-dBMuAfPM6KVbwIUuSJKT3ExeL5P0Ky1b4p-j2S3u7Afnvrrj4HgVLnC1ks6rEOc2ne5DYQq8szST9FMutyulcsNUKLOM5cVromALPz3PAqE2OCLChTiQZ5XZ0AiH-KcG-3hKMa-g1MVnGW-SSmm27XQwRtUtFQFfxDuL0E0fyA9O9ZFBV5201ledBaLdDcPBF8cHC53Gm5G6FRX3QVpoewm3yGk28Wze_YvNl8U3hvbxei2Koc_b9wMbFxvHseLQrxvFg_2byE2em8FrxJstxgN7qhMsYcAyw1qGJY-cYX-Ab_1bBCpdcQ"), + DP = Base64UrlEncoder.DecodeBytes("ErP3OpudePAY3uGFSoF16Sde69PnOra62jDEZGnPx_v3nPNpA5sr-tNc8bQP074yQl5kzSFRjRlstyW0TpBVMP0ocbD8RsN4EKsgJ1jvaSIEoP87OxduGkim49wFA0Qxf_NyrcYUnz6XSidY3lC_pF4JDJXg5bP_x0MUkQCTtQE"), + DQ = Base64UrlEncoder.DecodeBytes("YbBsthPt15Pshb8rN8omyfy9D7-m4AGcKzqPERWuX8bORNyhQ5M8JtdXcu8UmTez0j188cNMJgkiN07nYLIzNT3Wg822nhtJaoKVwZWnS2ipoFlgrBgmQiKcGU43lfB5e3qVVYUebYY0zRGBM1Fzetd6Yertl5Ae2g2CakQAcPs"), + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + InverseQ = Base64UrlEncoder.DecodeBytes("lbljWyVY-DD_Zuii2ifAz0jrHTMvN-YS9l_zyYyA_Scnalw23fQf5WIcZibxJJll5H0kNTIk8SCxyPzNShKGKjgpyZHsJBKgL3iAgmnwk6k8zrb_lqa0sd1QWSB-Rqiw7AqVqvNUdnIqhm-v3R8tYrxzAqkUsGcFbQYj4M5_F_4"), + P = Base64UrlEncoder.DecodeBytes("_avCCyuo7hHlqu9Ec6R47ub_Ul_zNiS-xvkkuYwW-4lNnI66A5zMm_BOQVMnaCkBua1OmOgx7e63-jHFvG5lyrhyYEmkA2CS3kMCrI-dx0fvNMLEXInPxd4np_7GUd1_XzPZEkPxBhqf09kqryHMj_uf7UtPcrJNvFY-GNrzlJk"), + Q = Base64UrlEncoder.DecodeBytes("7gvYRkpqM-SC883KImmy66eLiUrGE6G6_7Y8BS9oD4HhXcZ4rW6JJKuBzm7FlnsVhVGro9M-QQ_GSLaDoxOPQfHQq62ERt-y_lCzSsMeWHbqOMci_pbtvJknpMv4ifsQXKJ4Lnk_AlGr-5r5JR5rUHgPFzCk9dJt69ff3QhzG2c"), + }; + + RsaParameters_2048_MissingExponent = new RSAParameters + { + D = Base64UrlEncoder.DecodeBytes("C6EGZYf9U6RI5Z0BBoSlwy_gKumVqRx-dBMuAfPM6KVbwIUuSJKT3ExeL5P0Ky1b4p-j2S3u7Afnvrrj4HgVLnC1ks6rEOc2ne5DYQq8szST9FMutyulcsNUKLOM5cVromALPz3PAqE2OCLChTiQZ5XZ0AiH-KcG-3hKMa-g1MVnGW-SSmm27XQwRtUtFQFfxDuL0E0fyA9O9ZFBV5201ledBaLdDcPBF8cHC53Gm5G6FRX3QVpoewm3yGk28Wze_YvNl8U3hvbxei2Koc_b9wMbFxvHseLQrxvFg_2byE2em8FrxJstxgN7qhMsYcAyw1qGJY-cYX-Ab_1bBCpdcQ"), + DP = Base64UrlEncoder.DecodeBytes("ErP3OpudePAY3uGFSoF16Sde69PnOra62jDEZGnPx_v3nPNpA5sr-tNc8bQP074yQl5kzSFRjRlstyW0TpBVMP0ocbD8RsN4EKsgJ1jvaSIEoP87OxduGkim49wFA0Qxf_NyrcYUnz6XSidY3lC_pF4JDJXg5bP_x0MUkQCTtQE"), + DQ = Base64UrlEncoder.DecodeBytes("YbBsthPt15Pshb8rN8omyfy9D7-m4AGcKzqPERWuX8bORNyhQ5M8JtdXcu8UmTez0j188cNMJgkiN07nYLIzNT3Wg822nhtJaoKVwZWnS2ipoFlgrBgmQiKcGU43lfB5e3qVVYUebYY0zRGBM1Fzetd6Yertl5Ae2g2CakQAcPs"), + InverseQ = Base64UrlEncoder.DecodeBytes("lbljWyVY-DD_Zuii2ifAz0jrHTMvN-YS9l_zyYyA_Scnalw23fQf5WIcZibxJJll5H0kNTIk8SCxyPzNShKGKjgpyZHsJBKgL3iAgmnwk6k8zrb_lqa0sd1QWSB-Rqiw7AqVqvNUdnIqhm-v3R8tYrxzAqkUsGcFbQYj4M5_F_4"), + Modulus = Base64UrlEncoder.DecodeBytes("6-FrFkt_TByQ_L5d7or-9PVAowpswxUe3dJeYFTY0Lgq7zKI5OQ5RnSrI0T9yrfnRzE9oOdd4zmVj9txVLI-yySvinAu3yQDQou2Ga42ML_-K4Jrd5clMUPRGMbXdV5Rl9zzB0s2JoZJedua5dwoQw0GkS5Z8YAXBEzULrup06fnB5n6x5r2y1C_8Ebp5cyE4Bjs7W68rUlyIlx1lzYvakxSnhUxSsjx7u_mIdywyGfgiT3tw0FsWvki_KYurAPR1BSMXhCzzZTkMWKE8IaLkhauw5MdxojxyBVuNY-J_elq-HgJ_dZK6g7vMNvXz2_vT-SykIkzwiD9eSI9UWfsjw"), + P = Base64UrlEncoder.DecodeBytes("_avCCyuo7hHlqu9Ec6R47ub_Ul_zNiS-xvkkuYwW-4lNnI66A5zMm_BOQVMnaCkBua1OmOgx7e63-jHFvG5lyrhyYEmkA2CS3kMCrI-dx0fvNMLEXInPxd4np_7GUd1_XzPZEkPxBhqf09kqryHMj_uf7UtPcrJNvFY-GNrzlJk"), + Q = Base64UrlEncoder.DecodeBytes("7gvYRkpqM-SC883KImmy66eLiUrGE6G6_7Y8BS9oD4HhXcZ4rW6JJKuBzm7FlnsVhVGro9M-QQ_GSLaDoxOPQfHQq62ERt-y_lCzSsMeWHbqOMci_pbtvJknpMv4ifsQXKJ4Lnk_AlGr-5r5JR5rUHgPFzCk9dJt69ff3QhzG2c"), + }; + + byte[] cspbytes_4096 = Base64UrlEncoder.DecodeBytes("BwIAAACkAABSU0EyABAAAAEAAQCZrcZ3JOjYvkjBZwkC_ukZook4u8se9AjHSP6bySfv69VLwlQLAREu-qz13lsoylKxVT4Abz2TxI4oLKKogKAdinRoNRYrIidsbOe6wHbsxreV6Qt4aiU_YdR0PnisyIx9jnheWtcO-_PCW5dQv9-OnjbnKxgy1A5XhHaj-MhL-uVOBKHmk1cXTMcAOzt1XL_oYjxiftg_InHBBT7hG6HrPyritd_np1TckPnuJq5GeajEcwmSIxGNtR4WlTyGD-5MyIVxxWvQgvWjXHDCXp01eA_R-3KImaE62cAULabdKHbNzQFAfJOb-nmAiZU9bhKw7TdZb9Omjr7DadZ8WrqlY7kYmk73IczxX3Vnvm67_Haj7hBrKewJfvQ3SPyqF85CpyNLCrLXzLxVNqEg-YxNkg5Zlf62-t3BA-QHUW7mOIi87iuwvp6WmoZ_o_JEcAl7DY1XlsMVF5v5KrhsAm9FeUQTjFpZkkrFWkgVzBYZ0RpJbDtREgTJXy8764Gq0qcgk7CvC7RkYAtUXj_0rME6nbooLDpKhiQNl9-OLGas-kh9MtR76jTbteToQz2XsIZI3gnJjzpb_BNSvABRqbSgWJ8mVTkGmIc-YImXUqxriE5P4EdulcX5orRkD1LTWiS5tnLqLCUlK-v9SEC0raKx99H5CXl4xv_EDsM2qubzvZXWPbz3kSQY1zhwdKcemx4iIUg69JK7v9PAApf136EVRX3wjVhLUHJfBVAZ0H_VGSCosxmbUuyyh1akiLwzaH1crZz0M9uJ1iS1HZrxpVGn4DuI0A-2ZTP7GAA_q2PjVcNR65LJxAsQmQLHESnWxqA4RZxcxtCukB158isSW6cpxgnsVG2hSHh9spBUaRjzqzejAgh2lrknSJEDSxrfCusdlLmTwbQvOUANAWEpyyVUAnHToFFY6lg6jkJqlAKUdAXw-zPuE3gDaC4fwZL9pCyY-0V2kVW_xusGKg-peiAPGAdaqnL9O0l_tcHrXLNxjySMHPY925ywNf21gTHVfM_1zfc66A_8qv7bAPFMZ-9X0c2Fxq8sGbKDwwj4mnuwB5zRR1wg7YqsvR6XT29h2j7O1VtzJWAfkoMRO_g0cqQP6c9GHPIO9kmLua0KzxRD-KTaQthvgt3x8cn7Ru_NJ3UNDh5cdzt2ieuQFvTGsyoctrRWta9rzb_C0BisBWw-PejJ5yUbFaTi1pJvLOoZTZZ7lCMw5DyRMS3r59Fv7hCY2MI9uIrr4HGOgCdDtYq5Xq4TkKolf887HkuFnUrPsaqk8N-eib1XOlvdyN4YUTlJx6uLTU-kruwEJBZxZ-IRwKDRTG73dVGgf61FSFmD5jpuWNoVkzx2f1UMCYmQhF3qGRIBar0gA7EQCl7IB2TXKuC746nismR2GhlRzktUloCMrzn9OqTgLu39okB4aE_ik1PElT7NDSZNVR41rQtXhHKKOO--Ch4fFv4zlpxErAIB1hu8w4stBx0ZXOyZegHsG0b6JAq0dVjqE357GzypgrrnwvBBDwAW3hPHyHbbKFcjH2N3RRCAHZlsafa_dBHkeevcktWiEarVAhRf0dGjAapoacrL8izb5mr7NGCmg2cwF_F6WvZJhjG5SPSj2HbfLoEkLGUMtDewYK7717_JRFOUEW2OHBfdL0GB0w6hTgLMoKfYXt_rYZw87Bzim5xXLNCZ5BTiWQO4LA8-O3-8oWkHNpNAAPKLXQaGpqopBHa3ujIUQCsINKZuaMMOnl_PFALxGiVY5f9JpHMGtjAVplAZZ4vPZsW7X7O478pwejNRR3_Y4SWNWZglyBamKRxeSz007lwtnbQoywtX72QNvNgpd6jY6zf4h5hNxhZqVg0FVrQUZUBnrA2TkFP3xUDoUOA26IlSf-qKYUus36wxNet-nyoMrAunQ0RubAwE7WWlGmBX-AQ5hXew7Cb-vjhjaZtGecJxQvVIcSBsvBK9Zfp7T85TaRFsHYH_Em8Eysb3grTTNnw6tkx2n43AOML3zyQiSgO4TxwzIINKrDwx94hH4tgBlph636eQLySS3nH0bSUw0pbBZurtkeX3IKYHdsCZfMtmhJUZxLMSLlZILQLm_6GD3I6kHINvGTdhHnZSoS4BecS3vBL3tXa-p_UAvhra8u7YLuGBkM8ZUV3a7OifB0R5TKhf_nyPsJg9_W5HnFvdv1wRsL1u8vdQOFHu4O9iCbLtDs2yTmRo0UTuWBItAqOhDqcU2wA6blptT-t7KhZvfOApK10kvEeDov6ch49JXX0CIQqUe2uzWh7Hc1xVI48ahK9aautS0EpaplbPuipNp1qIGSOOeVkDYPGd0KtjtlI2ZZdvxHu1UDsfZBBc-ngZWPp8IbGFMLIvv_ZnaCwn9hzCBT87WHg9dAEbudMxNw7mBBkjDJWqNFZVWDdeZk-dx2rAC5cM09CCkjjHjX2_eCpztb65lvM0ir1l8tq3SPaz2N9OLwipLRdm8vjWwSRGYaApXqxC4ZgxzSgTm-9Yd4o60zE5JdHyyCZ0DIuHieJ437ut-ozQ5-cV8d2yUrOQWjx97ehixruKZlf8PnOn-0Q48mGtqOJ2gQNiULIpksv7AGxORmRHKoBGQtzjiGfViOxk6hf62-ilAbz7fLeSLVZhG1ixaQWXkWeSf9G27mgEvt3IfrSJLmb4tMsspeYFYdjlTtkz1XBbpuv-F6-vhbgRnQQeR9OAa5BAtsFHvDU2KSOfkJfqWVQ9ffxriCTY3R1og4U52-Jdt64IlA-7-ZBbourBEbuCti8wC0UsjgtH4uAhhu4I7Td8ja-l2MJAGu5kvOoGRvg09ClyW3Top7Bmr7YkKchSjwyrPwhJtn5edl_N9p7i_1uHTrzTmNW7z4_g8NZl1oy2F14KQXCrjo8Kw_gt7D43nu9A2MXEYvIxEoaRu6SJJh8dL-Wfjo4dNsNS6iq-RxGtlJigMRV_lAG6n9U2YPws3xj6cTRiAnRcJcpRm8QyHoE-BlxWV739ENQXcno-qpYOT6UMO-wwCTU0x92rrDAL9ow4TkjX3VrMV9B1BLUFakDfj_pRp5P4bBMtMah20CZEXgc"); + byte[] cspbytes_4096_Public = Base64UrlEncoder.DecodeBytes("BgIAAACkAABSU0ExABAAAAEAAQCZrcZ3JOjYvkjBZwkC_ukZook4u8se9AjHSP6bySfv69VLwlQLAREu-qz13lsoylKxVT4Abz2TxI4oLKKogKAdinRoNRYrIidsbOe6wHbsxreV6Qt4aiU_YdR0PnisyIx9jnheWtcO-_PCW5dQv9-OnjbnKxgy1A5XhHaj-MhL-uVOBKHmk1cXTMcAOzt1XL_oYjxiftg_InHBBT7hG6HrPyritd_np1TckPnuJq5GeajEcwmSIxGNtR4WlTyGD-5MyIVxxWvQgvWjXHDCXp01eA_R-3KImaE62cAULabdKHbNzQFAfJOb-nmAiZU9bhKw7TdZb9Omjr7DadZ8WrqlY7kYmk73IczxX3Vnvm67_Haj7hBrKewJfvQ3SPyqF85CpyNLCrLXzLxVNqEg-YxNkg5Zlf62-t3BA-QHUW7mOIi87iuwvp6WmoZ_o_JEcAl7DY1XlsMVF5v5KrhsAm9FeUQTjFpZkkrFWkgVzBYZ0RpJbDtREgTJXy8764Gq0qcgk7CvC7RkYAtUXj_0rME6nbooLDpKhiQNl9-OLGas-kh9MtR76jTbteToQz2XsIZI3gnJjzpb_BNSvABRqbSgWJ8mVTkGmIc-YImXUqxriE5P4EdulcX5orRkD1LTWiS5tnLqLCUlK-v9SEC0raKx99H5CXl4xv_EDsM2qubzvQ"); + + RsaParameters_4096 = new RSAParameters + { + D = Base64UrlEncoder.DecodeBytes("B15EJtB2qDEtE2z4k6dR-o_fQGoFtQR10FfMWt3XSE44jPYLMKyr3cc0NQkw7DsMpU8Olqo-enIX1BD9vVdWXAY-gR4yxJtRyiVcdAJiNHH6GN8s_GA21Z-6AZR_FTGgmJStEUe-KupSwzYdjo6f5S8dHyaJpLuRhhIx8mLExdhA7543Puwt-MMKj46rcEEKXhe2jNZl1vDgj8-71ZjTvE6HW__invbNX3ZefrZJCD-rDI9SyCkktq9msKfodFtyKfQ0-EYG6rxk7hpAwtilr418N-0I7oYh4OJHC44sRQswL7aCuxHB6qJbkPm7D5QIrrdd4ts5hYNoHd3YJIhr_H09VFnql5CfIyk2NbxHwbZAkGuA00ceBJ0RuIWvrxf-66ZbcNUz2U7l2GEF5qUsy7T4Zi6JtH7I3b4EaO620X-SZ5GXBWmxWBthVi2St3z7vAGl6Nv6F-pk7IjVZ4jj3EJGgCpHZEZObAD7y5IpslBiA4F24qitYfI4RPuncz78V2aKu8Zi6O19PFqQs1Ky3fEV5-fQjPqtu9944omHiwx0Jsjy0SU5MdM6indY75sTKM0xmOFCrF4poGFGJMHW-PJmFy2pCC9O39iz9ki32vJlvYo085a5vrVzKni_fY3HOJKC0NMMlwvAasedT2ZeN1hVVjSqlQwjGQTmDjcx07k"), + DP = Base64UrlEncoder.DecodeBytes("obx_Oz4PLLgDWeIU5JnQLFecm-Ic7DycYevfXtinoMwCTqEO04FBL90XHI5tEZRTRMm_1_uuYLA3tAxlLCSBLt922KP0SLkxhkn2WnrxFzBng6ZgNPtq5tss8svKaWiqAaPR0V8UAtWqEaLVktzreeQRdL_2aWyZHYAQRXdjHyNXKNt2yMcT3hYAD0Hwwue6gqk8G3t-E-pYdbQKJPpGG-wBepnsXBkdBy2Lw7wb1gECrEScljP-Fh8eCr7vOIpyhFcLrTUeVU0mDc0-lcRTk-JPaHhAov3tLuCkOv05r4yAllRLzlEZGnZksuKp47vgKtdkB8heChCxAyC9agESGQ"), + DQ = Base64UrlEncoder.DecodeBytes("cd6SJC-Qp996mJYB2OJHiPcxPKxKgyAzHE-4A0oiJM_3wjjAjZ92TLY6fDbTtIL3xsoEbxL_gR1sEWlTzk97-mW9ErxsIHFI9UJxwnlGm2ljOL7-Juywd4U5BPhXYBqlZe0EDGxuREOnC6wMKp9-6zUxrN-sS2GK6n9Sieg24FDoQMX3U5CTDaxnQGUUtFYFDVZqFsZNmIf4N-vYqHcp2LwNZO9XC8sotJ0tXO40PUteHCmmFsglmFmNJeHYf0dRM3pwyu-4s1-7xWbPi2cZUKYVMLYGc6RJ_-VYJRrxAhTPX54Ow2hupjQIK0AUMrq3dgQpqqaGBl2L8gBAkzYHaQ"), + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + InverseQ = Base64UrlEncoder.DecodeBytes("GwF0PXhYOz8Fwhz2JyxoZ_a_L7IwhbEhfPpYGXj6XBBkHztQtXvEb5dlNlK2Y6vQnfFgA1l5jiMZiFqnTSq6z1amWkrQUutqWq-EGo8jVVxzxx5as2t7lAohAn1dSY-HnP6ig0e8JF0rKeB8bxYqe-tPbVpuOgDbFKcOoaMCLRJY7kTRaGROss0O7bIJYu_g7lE4UPfybr2wEVy_3VucR279PZiwj3z-X6hMeUQHn-js2l1RGc-QgeEu2O7y2hq-APWnvna19xK8t8R5AS6hUnYeYTcZb4McpI7cg6H_5gItSFYuErPEGZWEZst8mcB2B6Yg9-WR7epmwZbSMCVt9A"), + Modulus = Base64UrlEncoder.DecodeBytes("vfPmqjbDDsT_xnh5CfnR97GirbRASP3rKyUlLOpytrkkWtNSD2S0ovnFlW5H4E9OiGusUpeJYD6HmAY5VSafWKC0qVEAvFIT_Fs6j8kJ3kiGsJc9Q-jktds06nvUMn1I-qxmLI7flw0khko6LCi6nTrBrPQ_XlQLYGS0C6-wkyCn0qqB6zsvX8kEElE7bEka0RkWzBVIWsVKkllajBNEeUVvAmy4KvmbFxXDlleNDXsJcETyo3-GmpaevrAr7ryIOOZuUQfkA8Hd-rb-lVkOkk2M-SChNlW8zNeyCksjp0LOF6r8SDf0fgnsKWsQ7qN2_Ltuvmd1X_HMIfdOmhi5Y6W6WnzWacO-jqbTb1k37bASbj2ViYB5-puTfEABzc12KN2mLRTA2TqhmYhy-9EPeDWdXsJwXKP1gtBrxXGFyEzuD4Y8lRYetY0RI5IJc8SoeUauJu75kNxUp-ffteIqP-uhG-E-BcFxIj_YfmI8Yui_XHU7OwDHTBdXk-ahBE7l-kvI-KN2hFcO1DIYK-c2no7fv1CXW8Lz-w7XWl54jn2MyKx4PnTUYT8langL6ZW3xux2wLrnbGwnIisWNWh0ih2ggKiiLCiOxJM9bwA-VbFSyihb3vWs-i4RAQtUwkvV6-8nyZv-SMcI9B7LuziJohnp_gIJZ8FIvtjoJHfGrZk"), + P = Base64UrlEncoder.DecodeBytes("z3zVMYG1_TWwnNs99hyMJI9xs1zrwbV_STv9cqpaBxgPIHqpDyoG68a_VZF2RfuYLKT9ksEfLmgDeBPuM_vwBXSUApRqQo46WOpYUaDTcQJUJcspYQENQDkvtMGTuZQd6wrfGksDkUgnuZZ2CAKjN6vzGGlUkLJ9eEihbVTsCcYpp1sSK_J5HZCu0MZcnEU4oMbWKRHHApkQC8TJkutRw1XjY6s_ABj7M2W2D9CIO-CnUaXxmh21JNaJ2zP0nK1cfWgzvIikVoey7FKbGbOoIBnVf9AZUAVfclBLWI3wfUUVod_1lwLA07-7kvQ6SCEiHpsep3RwONcYJJH3vD3WlQ"), + Q = Base64UrlEncoder.DecodeBytes("6l2EkIkJDFV_djyTFdpYbjrmg1lIRa1_oFF1925M0aDAEeJncRYkBOyupE9Ni6vHSTlRGN7I3Vs6V72Jnt_wpKqxz0qdhUseO89_JaqQE65euYq1QyeAjnHg64q4PcLYmBDub9Hn6y0xkTzkMCOUe5ZNGeosb5LW4qQVGyXnyeg9PmwFrBjQwr_Na6-1VrS2HCqzxvQWkOuJdjt3XB4ODXUnze9G-8nx8d2Cb9hC2qT4QxTPCq25i0n2DvIcRs_pD6RyNPg7EYOSH2Alc1vVzj7aYW9Plx69rIrtIFxH0ZwHsHua-AjDg7IZLK_Ghc3RV-9nTPEA2_6q_A_oOvfN9Q"), + }; + + RsaParameters_4096_Public = new RSAParameters + { + Exponent = Base64UrlEncoder.DecodeBytes("AQAB"), + Modulus = Base64UrlEncoder.DecodeBytes("vfPmqjbDDsT_xnh5CfnR97GirbRASP3rKyUlLOpytrkkWtNSD2S0ovnFlW5H4E9OiGusUpeJYD6HmAY5VSafWKC0qVEAvFIT_Fs6j8kJ3kiGsJc9Q-jktds06nvUMn1I-qxmLI7flw0khko6LCi6nTrBrPQ_XlQLYGS0C6-wkyCn0qqB6zsvX8kEElE7bEka0RkWzBVIWsVKkllajBNEeUVvAmy4KvmbFxXDlleNDXsJcETyo3-GmpaevrAr7ryIOOZuUQfkA8Hd-rb-lVkOkk2M-SChNlW8zNeyCksjp0LOF6r8SDf0fgnsKWsQ7qN2_Ltuvmd1X_HMIfdOmhi5Y6W6WnzWacO-jqbTb1k37bASbj2ViYB5-puTfEABzc12KN2mLRTA2TqhmYhy-9EPeDWdXsJwXKP1gtBrxXGFyEzuD4Y8lRYetY0RI5IJc8SoeUauJu75kNxUp-ffteIqP-uhG-E-BcFxIj_YfmI8Yui_XHU7OwDHTBdXk-ahBE7l-kvI-KN2hFcO1DIYK-c2no7fv1CXW8Lz-w7XWl54jn2MyKx4PnTUYT8langL6ZW3xux2wLrnbGwnIisWNWh0ih2ggKiiLCiOxJM9bwA-VbFSyihb3vWs-i4RAQtUwkvV6-8nyZv-SMcI9B7LuziJohnp_gIJZ8FIvtjoJHfGrZk"), + }; + + } + +#if NET452 || NET45 + public static RsaSecurityKey RsaSecurityKeyWithCspProvider_2048 + { + get + { + var rsaCsp = new RSACryptoServiceProvider(); + rsaCsp.ImportParameters(RsaParameters_2048); + return new RsaSecurityKey(rsaCsp) { KeyId = "RsaSecurityKeyWithCspProvider_2048" }; + } + } + + public static RsaSecurityKey RsaSecurityKeyWithCspProvider_2048_Public + { + get + { + var rsaCsp = new RSACryptoServiceProvider(); + rsaCsp.ImportParameters(RsaParameters_2048_Public); + return new RsaSecurityKey(rsaCsp) { KeyId = "RsaSecurityKeyWithCspProvider_2048" }; + } + } + + public static RsaSecurityKey RsaSecurityKey_2048_FromRsa + { + get + { + var rsa = new RSACryptoServiceProvider(); + rsa.ImportParameters(RsaParameters_2048); + return new RsaSecurityKey(rsa) { KeyId = "RsaSecurityKey_FromRsa_2048" }; + } + } + + public static RsaSecurityKey RsaSecurityKey_2048_FromRsa_Public + { + get + { + var rsa = new RSACryptoServiceProvider(); + rsa.ImportParameters(RsaParameters_2048_Public); + return new RsaSecurityKey(rsa) { KeyId = "RsaSecurityKey_FromRsa_2048_Public" }; + } + } +#endif + +#if NETCOREAPP2_0 + public static RsaSecurityKey RsaSecurityKeyWithCngProvider_2048 + { + get + { + var rsaCng = new RSACng(); + rsaCng.ImportParameters(RsaParameters_2048); + return new RsaSecurityKey(rsaCng) { KeyId = "RsaSecurityKeyWithCngProvider_2048" }; + } + } + + public static RsaSecurityKey RsaSecurityKeyWithCngProvider_2048_Public + { + get + { + var rsaCng = new RSACng(); + rsaCng.ImportParameters(RsaParameters_2048_Public); + return new RsaSecurityKey(rsaCng) { KeyId = "RsaSecurityKeyWithCngProvider_2048" }; + } + } + + public static RsaSecurityKey RsaSecurityKey_2048_FromRsa + { + get + { + var rsa = new RSACng(); + rsa.ImportParameters(RsaParameters_2048); + return new RsaSecurityKey(rsa) { KeyId = "RsaSecurityKey_FromRsa_2048" }; + } + } + + public static RsaSecurityKey RsaSecurityKey_2048_FromRsa_Public + { + get + { + var rsa = new RSACng(); + rsa.ImportParameters(RsaParameters_2048_Public); + return new RsaSecurityKey(rsa) { KeyId = "RsaSecurityKey_FromRsa_2048_Public" }; + } + } +#endif + + public static RsaSecurityKey RsaSecurityKey_2048_Public + { + get + { + return new RsaSecurityKey(RsaParameters_2048_Public) { KeyId = "RsaSecurityKey_2048_Public" }; + } + } + + public static RsaSecurityKey RsaSecurityKey_2048 + { + get + { + return new RsaSecurityKey(RsaParameters_2048) { KeyId = "RsaSecurityKey_2048" }; + } + } + + public static SecurityKey DefaultRsaSecurityKey1 + { + get + { + AsymmetricAlgorithm publicKey; +#if NETCOREAPP2_0 + publicKey = RSACertificateExtensions.GetRSAPublicKey(DefaultCert_2048); +#else + publicKey = DefaultCert_2048.PublicKey.Key; +#endif + RSA rsa = publicKey as RSA; + RSAParameters parameters = rsa.ExportParameters(false); + return new RsaSecurityKey(parameters); + } + } + + public static SecurityKey DefaultRsaSecurityKey2 + { + get + { + var certData = "MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD"; + var cert = new X509Certificate2(Convert.FromBase64String(certData)); + AsymmetricAlgorithm publicKey; +#if NETCOREAPP2_0 + publicKey = RSACertificateExtensions.GetRSAPublicKey(cert); +#else + publicKey = cert.PublicKey.Key; +#endif + RSA rsa = publicKey as RSA; + RSAParameters parameters = rsa.ExportParameters(false); + return new RsaSecurityKey(parameters); + } + } + + public static SecurityKey DefaultJsonWebKeyWithCertificate1 + { + get + { + var jsonWebKey = new JsonWebKey(); + jsonWebKey.X5c.Add("MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ="); + jsonWebKey.Kty = JsonWebAlgorithmsKeyTypes.RSA; + AsymmetricAlgorithm publicKey; +#if NETCOREAPP2_0 + publicKey = RSACertificateExtensions.GetRSAPublicKey(DefaultCert_2048); +#else + publicKey = DefaultCert_2048.PublicKey.Key; +#endif + RSA rsa = publicKey as RSA; + RSAParameters parameters = rsa.ExportParameters(false); + jsonWebKey.E = Base64UrlEncoder.Encode(parameters.Exponent); + jsonWebKey.N = Base64UrlEncoder.Encode(parameters.Modulus); + return jsonWebKey; + } + } + + public static SecurityKey DefaultJsonWebKeyWithCertificate2 + { + get + { + var certData = "MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD"; + var jsonWebKey = new JsonWebKey(); + jsonWebKey.X5c.Add(certData); + jsonWebKey.Kty = JsonWebAlgorithmsKeyTypes.RSA; + var cert = new X509Certificate2(Convert.FromBase64String(certData)); + AsymmetricAlgorithm publicKey; +#if NETCOREAPP2_0 + publicKey = RSACertificateExtensions.GetRSAPublicKey(cert); +#else + publicKey = cert.PublicKey.Key; +#endif + RSA rsa = publicKey as RSA; + RSAParameters parameters = rsa.ExportParameters(false); + jsonWebKey.E = Base64UrlEncoder.Encode(parameters.Exponent); + jsonWebKey.N = Base64UrlEncoder.Encode(parameters.Modulus); + return jsonWebKey; + } + } + + public static SecurityKey DefaultJsonWebKeyWithParameters1 + { + get + { + AsymmetricAlgorithm publicKey; +#if NETCOREAPP2_0 + publicKey = RSACertificateExtensions.GetRSAPublicKey(DefaultCert_2048); +#else + publicKey = DefaultCert_2048.PublicKey.Key; +#endif + RSA rsa = publicKey as RSA; + RSAParameters parameters = rsa.ExportParameters(false); + var jsonWebKey = new JsonWebKey(); + jsonWebKey.E = Base64UrlEncoder.Encode(parameters.Exponent); + jsonWebKey.N = Base64UrlEncoder.Encode(parameters.Modulus); + jsonWebKey.Kty = JsonWebAlgorithmsKeyTypes.RSA; + return jsonWebKey; + } + } + + public static SecurityKey DefaultJsonWebKeyWithParameters2 + { + get + { + var certData = "MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD"; + var cert = new X509Certificate2(Convert.FromBase64String(certData)); + AsymmetricAlgorithm publicKey; +#if NETCOREAPP2_0 + publicKey = RSACertificateExtensions.GetRSAPublicKey(cert); +#else + publicKey = cert.PublicKey.Key; +#endif + RSA rsa = publicKey as RSA; + RSAParameters parameters = rsa.ExportParameters(false); + var jsonWebKey = new JsonWebKey(); + jsonWebKey.E = Base64UrlEncoder.Encode(parameters.Exponent); + jsonWebKey.N = Base64UrlEncoder.Encode(parameters.Modulus); + jsonWebKey.Kty = JsonWebAlgorithmsKeyTypes.RSA; + return jsonWebKey; + } + } + + public static string JsonWebKeySymmetricKid128 + { + get + { + return "JsonWebKeySymmetricKid128"; + } + } + + public static string JsonWebKeySymmetricBytesEncoded128 + { + get + { + return "mSSKo6XfloeNAGLhqTQwvQ=="; + } + } + + public static byte[] JsonWebKeySymmetricBytes128 + { + get + { + return Base64UrlEncoder.DecodeBytes(JsonWebKeySymmetricBytesEncoded128); + } + } + + public static JsonWebKey JsonWebKeySymmetric128 + { + get + { + return new JsonWebKey + { + K = JsonWebKeySymmetricBytesEncoded128, + KeyId = JsonWebKeySymmetricKid128, + Kty = JsonWebAlgorithmsKeyTypes.Octet + }; + } + } + + public static string JsonWebKeySymmetricKid256 + { + get + { + return "JsonWebKeySymmetricKid256"; + } + } + + public static string JsonWebKeySymmetricBytesEncoded256 + { + get + { + return "Vbxq2mlbGJw8XH+ZoYBnUHmHga8/o/IduvU/Tht70iE="; + } + } + + public static byte[] JsonWebKeySymmetricBytes256 + { + get + { + return Base64UrlEncoder.DecodeBytes(JsonWebKeySymmetricBytesEncoded256); + } + } + + public static JsonWebKey JsonWebKeySymmetric256 + { + get + { + return new JsonWebKey + { + K = JsonWebKeySymmetricBytesEncoded256, + KeyId = JsonWebKeySymmetricKid256, + Kty = JsonWebAlgorithmsKeyTypes.Octet + }; + } + } + + //json web key + public static JsonWebKey JsonWebKeyRsa256 + { + get + { + return new JsonWebKey + { + D = "C6EGZYf9U6RI5Z0BBoSlwy_gKumVqRx-dBMuAfPM6KVbwIUuSJKT3ExeL5P0Ky1b4p-j2S3u7Afnvrrj4HgVLnC1ks6rEOc2ne5DYQq8szST9FMutyulcsNUKLOM5cVromALPz3PAqE2OCLChTiQZ5XZ0AiH-KcG-3hKMa-g1MVnGW-SSmm27XQwRtUtFQFfxDuL0E0fyA9O9ZFBV5201ledBaLdDcPBF8cHC53Gm5G6FRX3QVpoewm3yGk28Wze_YvNl8U3hvbxei2Koc_b9wMbFxvHseLQrxvFg_2byE2em8FrxJstxgN7qhMsYcAyw1qGJY-cYX-Ab_1bBCpdcQ", + DP = "ErP3OpudePAY3uGFSoF16Sde69PnOra62jDEZGnPx_v3nPNpA5sr-tNc8bQP074yQl5kzSFRjRlstyW0TpBVMP0ocbD8RsN4EKsgJ1jvaSIEoP87OxduGkim49wFA0Qxf_NyrcYUnz6XSidY3lC_pF4JDJXg5bP_x0MUkQCTtQE", + DQ = "YbBsthPt15Pshb8rN8omyfy9D7-m4AGcKzqPERWuX8bORNyhQ5M8JtdXcu8UmTez0j188cNMJgkiN07nYLIzNT3Wg822nhtJaoKVwZWnS2ipoFlgrBgmQiKcGU43lfB5e3qVVYUebYY0zRGBM1Fzetd6Yertl5Ae2g2CakQAcPs", + E = "AQAB", + QI = "lbljWyVY-DD_Zuii2ifAz0jrHTMvN-YS9l_zyYyA_Scnalw23fQf5WIcZibxJJll5H0kNTIk8SCxyPzNShKGKjgpyZHsJBKgL3iAgmnwk6k8zrb_lqa0sd1QWSB-Rqiw7AqVqvNUdnIqhm-v3R8tYrxzAqkUsGcFbQYj4M5_F_4", + N = "6-FrFkt_TByQ_L5d7or-9PVAowpswxUe3dJeYFTY0Lgq7zKI5OQ5RnSrI0T9yrfnRzE9oOdd4zmVj9txVLI-yySvinAu3yQDQou2Ga42ML_-K4Jrd5clMUPRGMbXdV5Rl9zzB0s2JoZJedua5dwoQw0GkS5Z8YAXBEzULrup06fnB5n6x5r2y1C_8Ebp5cyE4Bjs7W68rUlyIlx1lzYvakxSnhUxSsjx7u_mIdywyGfgiT3tw0FsWvki_KYurAPR1BSMXhCzzZTkMWKE8IaLkhauw5MdxojxyBVuNY-J_elq-HgJ_dZK6g7vMNvXz2_vT-SykIkzwiD9eSI9UWfsjw", + P = "_avCCyuo7hHlqu9Ec6R47ub_Ul_zNiS-xvkkuYwW-4lNnI66A5zMm_BOQVMnaCkBua1OmOgx7e63-jHFvG5lyrhyYEmkA2CS3kMCrI-dx0fvNMLEXInPxd4np_7GUd1_XzPZEkPxBhqf09kqryHMj_uf7UtPcrJNvFY-GNrzlJk", + Q = "7gvYRkpqM-SC883KImmy66eLiUrGE6G6_7Y8BS9oD4HhXcZ4rW6JJKuBzm7FlnsVhVGro9M-QQ_GSLaDoxOPQfHQq62ERt-y_lCzSsMeWHbqOMci_pbtvJknpMv4ifsQXKJ4Lnk_AlGr-5r5JR5rUHgPFzCk9dJt69ff3QhzG2c", + Kty = JsonWebAlgorithmsKeyTypes.RSA, + Kid = "RsaSecurityKey_2048" + }; + } + } + + public static SigningCredentials JsonWebKeyRsa256SigningCredentials + { + get => new SigningCredentials(JsonWebKeyRsa256, SecurityAlgorithms.RsaSha256, SecurityAlgorithms.Sha256); + } + + public static JsonWebKey JsonWebKeyRsa256Public + { + get + { + return new JsonWebKey + { + E = "AQAB", + N = "6-FrFkt_TByQ_L5d7or-9PVAowpswxUe3dJeYFTY0Lgq7zKI5OQ5RnSrI0T9yrfnRzE9oOdd4zmVj9txVLI-yySvinAu3yQDQou2Ga42ML_-K4Jrd5clMUPRGMbXdV5Rl9zzB0s2JoZJedua5dwoQw0GkS5Z8YAXBEzULrup06fnB5n6x5r2y1C_8Ebp5cyE4Bjs7W68rUlyIlx1lzYvakxSnhUxSsjx7u_mIdywyGfgiT3tw0FsWvki_KYurAPR1BSMXhCzzZTkMWKE8IaLkhauw5MdxojxyBVuNY-J_elq-HgJ_dZK6g7vMNvXz2_vT-SykIkzwiD9eSI9UWfsjw", + Kty = JsonWebAlgorithmsKeyTypes.RSA, + Kid = "RsaSecurityKey_2048_Public" + }; + } + } + + public static SigningCredentials JsonWebKeyRsa256PublicSigningCredentials + { + get => new SigningCredentials(JsonWebKeyRsa256Public, SecurityAlgorithms.RsaSha256, SecurityAlgorithms.Sha256); + } + + public static JsonWebKey JsonWebKeyP521WrongX_Public + { + get + { + var curvePointParameterLength = 2 << 20; + var curvePointParameter = Base64UrlEncoder.Encode(new byte[curvePointParameterLength]); + + var jsonString = string.Format( + @"{{ + ""kty"": ""EC"", + ""kid"": ""bilbo.baggins@hobbiton.example"", + ""use"": ""sig"", + ""crv"": ""P-521"", + ""x"": ""{0}"", + ""y"": ""AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"" + }}", curvePointParameter); + + return new JsonWebKey(jsonString); + } + } + + public static JsonWebKey JsonWebKeyP521WrongY_Public + { + get + { + var curvePointParameterLength = 2 << 20; + var curvePointParameter = Base64UrlEncoder.Encode(new byte[curvePointParameterLength]); + + var jsonString = string.Format(@"{{ + ""kty"": ""EC"", + ""kid"": ""bilbo.baggins@hobbiton.example"", + ""use"": ""sig"", + ""crv"": ""P-521"", + ""x"": ""AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"", + ""y"": ""{0}"" + }}", curvePointParameter); + + return new JsonWebKey(jsonString); + } + } + + public static JsonWebKey JsonWebKeyP521WrongD + { + get + { + var curvePointParameterLength = 2 << 20; + var curvePointParameter = Base64UrlEncoder.Encode(new byte[curvePointParameterLength]); + + var jsonString = string.Format(@"{{ + ""kty"": ""EC"", + ""kid"": ""bilbo.baggins@hobbiton.example"", + ""use"": ""sig"", + ""crv"": ""P-521"", + ""x"": ""AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt"", + ""y"": ""AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"", + ""d"": ""{{0}}"" + }}", curvePointParameter); + + return new JsonWebKey(jsonString); + } + } + + public static JsonWebKey JsonWebKeyP256 + { + get + { + return new JsonWebKey + { + Crv = "P-256", + X = "luR290c8sXxbOGhNquQ3J3rh763Os4D609cHK-L_5fA", + Y = "tUqUwtaVHwc7_CXnuBrCpMQTF5BJKdFnw9_JkSIXWpQ", + D = "OOX7PnYlSTE41BSclDj5Gi_sx_SPgEqStjY3doku4TQ", + KeyId = "JsonWebKeyEcdsa256", + Kid = "JsonWebKeyEcdsa256", + Kty = JsonWebAlgorithmsKeyTypes.EllipticCurve + }; + } + } + + public static JsonWebKey JsonWebKeyP256_Public + { + get + { + return new JsonWebKey + { + Crv = "P-256", + X = "luR290c8sXxbOGhNquQ3J3rh763Os4D609cHK-L_5fA", + Y = "tUqUwtaVHwc7_CXnuBrCpMQTF5BJKdFnw9_JkSIXWpQ", + KeyId = "JsonWebKeyEcdsa256_Public", + Kid = "JsonWebKeyEcdsa256_Public", + Kty = JsonWebAlgorithmsKeyTypes.EllipticCurve + }; + } + } + + public static JsonWebKey JsonWebKeySymmetric64 + { + get + { + return new JsonWebKey + { + K = "bd0Q-Z6Yd34", + Kid = "DefaultSymmetricSecurityKey_64", + Kty = JsonWebAlgorithmsKeyTypes.Octet + }; + } + } + + public static JsonWebKey JsonWebKeySymmetric256_2 + { + get + { + return new JsonWebKey + { + K = "vAhpeveLSFSsPs5rg+CPdLYor40ISGgdpen+FXzCSJg=", + Kty = JsonWebAlgorithmsKeyTypes.Octet + }; + } + } + + public static JsonWebKey JsonWebKeyX509_2048 + { + get + { + var jsonWebKey = new JsonWebKey(); + jsonWebKey.Kty = JsonWebAlgorithmsKeyTypes.RSA; + jsonWebKey.X5c.Add(DefaultX509Data_2048); + jsonWebKey.X5t = DefaultX509Key_2048_Thumbprint; + jsonWebKey.Kid = DefaultX509Key_2048_KeyId; + return jsonWebKey; + } + } + } +} diff --git a/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdConnectMessage.cs b/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdConnectMessage.cs index 81d9230617..f6cf661b4b 100644 --- a/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdConnectMessage.cs +++ b/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdConnectMessage.cs @@ -547,6 +547,8 @@ public string Sid "ID_NET461"; #elif NETSTANDARD2_0 "ID_NETSTANDARD2_0"; +#elif NETSTANDARD2_1 + "ID_NETSTANDARD2_1"; #endif /// diff --git a/src/Microsoft.IdentityModel.Protocols.WsFederation/Microsoft.IdentityModel.Protocols.WsFederation.csproj b/src/Microsoft.IdentityModel.Protocols.WsFederation/Microsoft.IdentityModel.Protocols.WsFederation.csproj index 244e1b5bb7..a37789fd3b 100644 --- a/src/Microsoft.IdentityModel.Protocols.WsFederation/Microsoft.IdentityModel.Protocols.WsFederation.csproj +++ b/src/Microsoft.IdentityModel.Protocols.WsFederation/Microsoft.IdentityModel.Protocols.WsFederation.csproj @@ -21,7 +21,7 @@ - + diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Properties/AssemblyInfo.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Properties/AssemblyInfo.cs index d87f9b3a7a..e0ae3ed3ed 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Properties/AssemblyInfo.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Properties/AssemblyInfo.cs @@ -39,3 +39,4 @@ [assembly: ComVisible(false)] [assembly: InternalsVisibleTo("Microsoft.IdentityModel.Tokens.Saml.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] +[assembly: InternalsVisibleTo("Microsoft.IdentityModel.Tokens.Xml.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs index 8a7b28e601..41e85dba39 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs @@ -34,6 +34,7 @@ using System.Text; using System.Xml; using Microsoft.IdentityModel.Logging; +using Microsoft.IdentityModel.Xml; using static Microsoft.IdentityModel.Logging.LogHelper; using TokenLogMessages = Microsoft.IdentityModel.Tokens.LogMessages; @@ -150,16 +151,13 @@ public override bool CanReadToken(string securityToken) try { - using (var sr = new StringReader(securityToken)) + using (var reader = XmlUtil.CreateDefaultXmlDictionaryReader(securityToken)) { var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit }; #if NET45 settings.XmlResolver = null; #endif - using (var reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr, settings))) - { - return CanReadToken(reader); - } + return CanReadToken(reader); } } catch (Exception) diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/EncryptedAssertionHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/EncryptedAssertionHandler.cs new file mode 100644 index 0000000000..58fcacc9ee --- /dev/null +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/EncryptedAssertionHandler.cs @@ -0,0 +1,430 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using Microsoft.IdentityModel.Logging; +using Microsoft.IdentityModel.Xml; +using System; +using System.Linq; +using System.Security.Cryptography; +using System.Text; +using System.Xml; + +namespace Microsoft.IdentityModel.Tokens.Saml2 +{ + /// + /// EncryptedAssertionHandler can be used for interactions with SAML2 encrypted assertion. + /// + internal class EncryptedAssertionHandler : IEncryptedAssertionHandler + { + /// + /// Encrypts provided SAML2 bytes using the instance. + /// + /// A byte array representation of SAML2 assertion string to be encrypted. + /// An ecryption credentials instance. + /// A instance. + public Saml2EncryptedAssertion EncryptAssertion(byte[] assertionData, EncryptingCredentials encryptingCredentials) + { + ValidateEncryptingCredentials(encryptingCredentials); + + var encryptedAssertion = new Saml2EncryptedAssertion(); + var sessionKey = CreateSessionKey(encryptingCredentials); + encryptedAssertion.EncryptedData = CreateEncryptedData(assertionData, encryptingCredentials, sessionKey); + encryptedAssertion.EncryptedKey = CreateEncryptedKey(encryptingCredentials, sessionKey, encryptedAssertion.EncryptedData.Id); + return encryptedAssertion; + } + + /// + /// Decrypts provided using the instance. + /// + /// A instance to be decrypted. + /// A instance to be used to decrypt . + /// A string representation of an . + /// A Saml2 assertion string. + /// + /// will be used as a decryption key in case that + /// delegate is not set. will be used as a cryto provider factory, if set. + /// + public string DecryptAssertion(Saml2EncryptedAssertion assertion, TokenValidationParameters validationParameters, string assertionString) + { + if (validationParameters == null) + throw LogHelper.LogArgumentNullException(nameof(validationParameters)); + + ValidateEncryptedAssertion(assertion); + + SecurityKey key = null; + // Support only for a single key for now + if (validationParameters.TokenDecryptionKeyResolver != null) + { + key = validationParameters.TokenDecryptionKeyResolver(assertionString, null, assertion.EncryptedData.KeyInfo.KeyName, validationParameters).FirstOrDefault(); + } + else + key = validationParameters.TokenDecryptionKey; + + if (key == null) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13622)); + + var cryptoProviderFactory = validationParameters.CryptoProviderFactory ?? key.CryptoProviderFactory; + if (cryptoProviderFactory == null) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13621)); + + // There is no EncryptedKey - Relying Party must be able to locally determine the decryption key + if (assertion.EncryptedKey == null) + { + if (!cryptoProviderFactory.IsSupportedAlgorithm(assertion.EncryptedData.EncryptionMethod.KeyAlgorithm, key)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13623, assertion.EncryptedData.EncryptionMethod.KeyAlgorithm, key))); + + var decryptionProvider = cryptoProviderFactory.CreateAuthenticatedEncryptionProvider(key, assertion.EncryptedData.EncryptionMethod.KeyAlgorithm); + var decryptedAssertionBytes = decryptionProvider.Decrypt(assertion.EncryptedData.CipherData.CipherValue, null, null, null); + return Encoding.UTF8.GetString(decryptedAssertionBytes); + } + else // Session key is wrapped + { + if (!cryptoProviderFactory.IsSupportedAlgorithm(assertion.EncryptedKey.EncryptionMethod.KeyAlgorithm, key)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13623, assertion.EncryptedKey.EncryptionMethod.KeyAlgorithm, key))); + + var keyWrapProvider = cryptoProviderFactory.CreateKeyWrapProviderForUnwrap(key, assertion.EncryptedKey.EncryptionMethod.KeyAlgorithm); + var unwrappedKey = keyWrapProvider.UnwrapKey(assertion.EncryptedKey.CipherData.CipherValue); + var sessionKey = new SymmetricSecurityKey(unwrappedKey); + + var decryptionProvider = cryptoProviderFactory.CreateAuthenticatedEncryptionProvider(sessionKey, assertion.EncryptedData.EncryptionMethod.KeyAlgorithm); + var decryptedAssertionBytes = decryptionProvider.Decrypt(assertion.EncryptedData.CipherData.CipherValue, null, null, null); + return Encoding.UTF8.GetString(decryptedAssertionBytes); + } + } + + + /// + /// Reads provided SAML2 string into a instance. + /// + /// A SAML2 assertion string. + /// A instance. + public Saml2EncryptedAssertion ReadEncryptedAssertion(string assertion) + { + using (var reader = XmlUtil.CreateDefaultXmlDictionaryReader(assertion)) + { + var encryptedAssertion = new Saml2EncryptedAssertion(); + encryptedAssertion.ReadXml(reader); + return encryptedAssertion; + } + } + + /// + /// Writes provided into the . + /// + /// An XML writer instance. + /// A instance to be writen into an XML writer. + /// A saml2 xml prefix. + public void WriteAssertionToXml(XmlWriter writer, Saml2EncryptedAssertion assertion, string samlPrefix) + { + writer.WriteStartElement(samlPrefix, Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace); + assertion.WriteXml(writer); + writer.WriteEndElement(); + } + + #region Helper methods + private void ValidateEncryptingCredentials(EncryptingCredentials encryptingCredentials) + { + if (encryptingCredentials == null) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13624)); + + // Only AES-GCM is supported as a data encryption algorithm + if (!(SecurityAlgorithms.Aes128Gcm.Equals(encryptingCredentials.Enc, StringComparison.Ordinal) + || (SecurityAlgorithms.Aes192Gcm.Equals(encryptingCredentials.Enc, StringComparison.Ordinal)) + || (SecurityAlgorithms.Aes256Gcm.Equals(encryptingCredentials.Enc, StringComparison.Ordinal)))) + { + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13625, SecurityAlgorithms.Aes128Gcm, SecurityAlgorithms.Aes192Gcm, SecurityAlgorithms.Aes256Gcm, encryptingCredentials.Enc))); + } + + if (encryptingCredentials.Key is SymmetricSecurityKey) + { + // If SymmetricSecurityKey is used (pre-shared session key) - Algorithm should be set to None + if (!encryptingCredentials.Alg.Equals(SecurityAlgorithms.None, StringComparison.Ordinal)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13626, SecurityAlgorithms.None, encryptingCredentials.Alg))); + + } + else if (encryptingCredentials.Key is AsymmetricSecurityKey) + { + if (!(SecurityAlgorithms.RsaOaepMgf1pKeyWrap.Equals(encryptingCredentials.Alg, StringComparison.Ordinal) + || (SecurityAlgorithms.RsaOaepKeyWrap.Equals(encryptingCredentials.Alg, StringComparison.Ordinal)))) + { + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13627, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, encryptingCredentials.Alg))); + } + } + else + { + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13628)); + } + } + + private void ValidateEncryptedAssertion(Saml2EncryptedAssertion encryptedAssertion) + { + if (encryptedAssertion.EncryptedData == null) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13610)); + + // By xmlenc-core1 standard EncryptionMethod is an optional element. + // "If the element is absent, the encryption algorithm must be known by the recipient or the decryption will fail" + // As there is no support for users to provide the encryption algorithm - we will treat the encryption algorithm as required for now + if (string.IsNullOrEmpty(encryptedAssertion.EncryptedData.EncryptionMethod.KeyAlgorithm)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13611)); + + // CipherValue is required Element + if (encryptedAssertion.EncryptedData.CipherData.CipherValue == null) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13612)); + + // If present - type should be http://www.w3.org/2001/04/xmlenc#Element + if (!string.IsNullOrEmpty(encryptedAssertion.EncryptedData.Type) && !encryptedAssertion.EncryptedData.Type.Equals(XmlEncryptionConstants.EncryptedDataTypes.Element)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13613, encryptedAssertion.EncryptedData.Type))); + + // EncryptedKey is present - there are additional checks + if (encryptedAssertion.EncryptedKey != null) + { + // By xmlenc-core1 standard EncryptionMethod is an optional element. + // "If the element is absent, the encryption algorithm must be known by the recipient or the decryption will fail" + // As there is no support for users to provide the encryption algorithm - we will treat the encryption algorithm as required for now + if (string.IsNullOrEmpty(encryptedAssertion.EncryptedKey.EncryptionMethod.KeyAlgorithm)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13611)); + + // CipherValue is a required Element + if (encryptedAssertion.EncryptedKey.CipherData.CipherValue == null) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13612)); + + // If present - type should be http://www.w3.org/2001/04/xmlenc#EncryptedKey + if (!string.IsNullOrEmpty(encryptedAssertion.EncryptedKey.Type) && !encryptedAssertion.EncryptedKey.Type.Equals(XmlEncryptionConstants.EncryptedDataTypes.EncryptedKey)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13614, encryptedAssertion.EncryptedKey.Type))); + + // If EncryptedKey contains DataReferences - then at least one DataReference should reference the EncrytedData element + if (encryptedAssertion.EncryptedKey.ReferenceList.Any(item => item is DataReference)) + { + // If the above is true, EncryptedData must have an ID + if (string.IsNullOrEmpty(encryptedAssertion.EncryptedData.Id)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13615)); + + // At least one DataReference should reference the EncrytedData element + var isEncryptedDataReferenced = encryptedAssertion.EncryptedKey.ReferenceList.Any(item => item is DataReference && item.Uri.Equals(encryptedAssertion.EncryptedData.Id)); + if (!isEncryptedDataReferenced) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13616)); + } + + // If EncryptedData -> KeyInfo has RetrievalMethodUri element - then it should reference the EncryptedKey + if (!string.IsNullOrEmpty(encryptedAssertion.EncryptedData.KeyInfo.RetrievalMethodUri)) + { + // If the above is true, EncryptedKey must have an ID + if (string.IsNullOrEmpty(encryptedAssertion.EncryptedKey.Id)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13617)); + + // RetrievalMethodUri element should reference the EncryptedKey + if (!encryptedAssertion.EncryptedData.KeyInfo.RetrievalMethodUri.Equals(encryptedAssertion.EncryptedKey.Id, StringComparison.Ordinal)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13618, encryptedAssertion.EncryptedData.KeyInfo.RetrievalMethodUri, encryptedAssertion.EncryptedKey.Id))); + } + } + } + + private EncryptedData CreateEncryptedData(byte[] assertionData, EncryptingCredentials encryptingCredentials, SymmetricSecurityKey sessionKey) + { + if (encryptingCredentials == null) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13624)); + + var encryptedData = new EncryptedData(); + string algorithm = encryptingCredentials.Enc; + + // SymmetricSecurityKey is provided: + // Session key will not be serialized, but KeyName will be set if available + if (encryptingCredentials.Key is SymmetricSecurityKey) + { + encryptedData.KeyInfo.KeyName = sessionKey.KeyId; + } + // AsymmetricSecurityKey is provided: + else if (encryptingCredentials.Key is AsymmetricSecurityKey) + { + encryptedData.KeyInfo.RetrievalMethodUri = encryptingCredentials.Key.KeyId; + } + else + { + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13606, encryptingCredentials.Key))); + } + + var cryptoProviderFactory = encryptingCredentials.CryptoProviderFactory ?? encryptingCredentials.Key.CryptoProviderFactory; + + if (cryptoProviderFactory == null) + throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX13600)); + + if (!cryptoProviderFactory.IsSupportedAlgorithm(algorithm, sessionKey)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13601, algorithm, sessionKey))); + + // Encrypt assertion data + AuthenticatedEncryptionResult authenticatedEncryptionResult = null; + AuthenticatedEncryptionProvider authenticatedEncryptionProvider = null; + try + { + authenticatedEncryptionProvider = cryptoProviderFactory.CreateAuthenticatedEncryptionProvider(sessionKey, algorithm); + + if (authenticatedEncryptionProvider == null) + throw new Saml2SecurityTokenEncryptedAssertionEncryptionException(); + } + catch (Exception ex) + { + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13602, ex)); + } + + try + { + authenticatedEncryptionResult = authenticatedEncryptionProvider.Encrypt(assertionData, null); + } + catch (Exception ex) + { + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13603, algorithm, sessionKey), ex)); + } + + // Populate EncryptedData + encryptedData.CipherData.CipherValue = Utility.ConcatByteArrays(authenticatedEncryptionResult.IV, authenticatedEncryptionResult.Ciphertext, authenticatedEncryptionResult.AuthenticationTag); + encryptedData.EncryptionMethod = new EncryptionMethod(algorithm); + encryptedData.Type = XmlEncryptionConstants.EncryptedDataTypes.Element; + encryptedData.Id = new Saml2Id().Value; + + return encryptedData; + } + + private EncryptedKey CreateEncryptedKey(EncryptingCredentials encryptingCredentials, SymmetricSecurityKey sessionKey, string encryptedDataId) + { + if (encryptingCredentials == null) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13624)); + + if (sessionKey == null) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13629)); + + // SymmetricSecurityKey is provided: + // Session key will not be serialized - EncryptedKey should be null + if (encryptingCredentials.Key is SymmetricSecurityKey) + { + return null; + } + else if (!(encryptingCredentials.Key is AsymmetricSecurityKey)) + { + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13606, encryptingCredentials.Key))); + } + // AsymmetricSecurityKey is provided: Session key will be wrapped with provided AsymmetricSecurityKey + else // (encryptingCredentials.Key is AsymmetricSecurityKey) + { + var cryptoProviderFactory = encryptingCredentials.CryptoProviderFactory ?? encryptingCredentials.Key.CryptoProviderFactory; + var key = encryptingCredentials.Key; + var algorithm = encryptingCredentials.Alg; + + if (cryptoProviderFactory == null) + throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX13600)); + + if (!cryptoProviderFactory.IsSupportedAlgorithm(algorithm, key)) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13601, algorithm, key))); + + var encryptedKey = new EncryptedKey + { + Id = key.KeyId, + EncryptionMethod = new EncryptionMethod(algorithm) + }; + + // Wrap the sessionKey + try + { + var keyWrapProvider = cryptoProviderFactory.CreateKeyWrapProvider(key, algorithm); + var wrappedKey = keyWrapProvider.WrapKey(sessionKey.Key); + encryptedKey.CipherData.CipherValue = wrappedKey; + } + catch (Exception ex) + { + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13603, algorithm, sessionKey), ex)); + } + + // Add reference from EncrypedKey to EncryptedData + encryptedKey.AddReference(new DataReference(encryptedDataId)); + + // Set Digest method for EncryptedKey (AES-GCM) + if (SecurityAlgorithms.RsaOaepMgf1pKeyWrap.Equals(encryptingCredentials.Alg, StringComparison.Ordinal) + || SecurityAlgorithms.RsaOaepKeyWrap.Equals(encryptingCredentials.Alg, StringComparison.Ordinal)) + encryptedKey.EncryptionMethod.DigestMethod = SecurityAlgorithms.Sha1Digest; + + // Set X509CertificateData if available + if (encryptingCredentials.Key is X509SecurityKey) + { + var cert = (encryptingCredentials.Key as X509SecurityKey).Certificate; + var x509Data = new X509Data(cert); + encryptedKey.KeyInfo.X509Data.Add(x509Data); + } + + return encryptedKey; + } + } + + private SymmetricSecurityKey CreateSessionKey(EncryptingCredentials encryptingCredentials) + { + if (encryptingCredentials == null) + throw LogHelper.LogArgumentNullException(nameof(encryptingCredentials)); + + string algorithm = encryptingCredentials.Enc; + + if (string.IsNullOrEmpty(algorithm)) + throw LogHelper.LogArgumentNullException(nameof(algorithm)); + + SymmetricSecurityKey sessionKey; + + // SymmetricSecurityKey is provided: + // Pre-shared symmetric key (session key) is used to encrypt an assertion + if (encryptingCredentials.Key is SymmetricSecurityKey) + { + sessionKey = (SymmetricSecurityKey)encryptingCredentials.Key; + } + // AsymmetricSecurityKey is provided: + // New session key will be created to encrypt an assertion + else if (encryptingCredentials.Key is AsymmetricSecurityKey) + { + int keySize = -1; + + if (SecurityAlgorithms.Aes128Gcm.Equals(algorithm, StringComparison.Ordinal)) + keySize = 128; + else if (SecurityAlgorithms.Aes192Gcm.Equals(algorithm, StringComparison.Ordinal)) + keySize = 192; + else if (SecurityAlgorithms.Aes256Gcm.Equals(algorithm, StringComparison.Ordinal)) + keySize = 256; + + if (keySize == -1) + { + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13607, algorithm))); + } + + var aes = Aes.Create(); + aes.KeySize = keySize; + aes.GenerateKey(); + sessionKey = new SymmetricSecurityKey(aes.Key); + } + else + { + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13606, encryptingCredentials.Key))); + } + + return sessionKey; + } + #endregion + } +} diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionDecryptionException.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionDecryptionException.cs new file mode 100644 index 0000000000..3f4da57c44 --- /dev/null +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionDecryptionException.cs @@ -0,0 +1,61 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; + +namespace Microsoft.IdentityModel.Tokens.Saml2 +{ + /// + /// This exception is thrown when SAML2 assertion decryption failed. + /// + public class Saml2SecurityTokenEncryptedAssertionDecryptionException : Saml2SecurityTokenEncryptedAssertionException + { + /// + /// Initializes a new instance of the class. + /// + public Saml2SecurityTokenEncryptedAssertionDecryptionException() + : base() + { } + + /// + /// Initializes a new instance of the class. + /// + /// Additional information to be included in the exception and displayed to user. + public Saml2SecurityTokenEncryptedAssertionDecryptionException(string message) + : base(message) + { } + + /// + /// Initializes a new instance of the class. + /// + /// Additional information to be included in the exception and displayed to user. + /// A that represents the root cause of the exception. + public Saml2SecurityTokenEncryptedAssertionDecryptionException(string message, Exception innerException) + : base(message, innerException) + { } + } +} diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionEncryptionException.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionEncryptionException.cs new file mode 100644 index 0000000000..0b8ed1fb53 --- /dev/null +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionEncryptionException.cs @@ -0,0 +1,61 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; + +namespace Microsoft.IdentityModel.Tokens.Saml2 +{ + /// + /// This exception is thrown when SAML2 assertion encryption failed. + /// + public class Saml2SecurityTokenEncryptedAssertionEncryptionException : Saml2SecurityTokenEncryptedAssertionException + { + /// + /// Initializes a new instance of the class. + /// + public Saml2SecurityTokenEncryptedAssertionEncryptionException() + : base() + { } + + /// + /// Initializes a new instance of the class. + /// + /// Additional information to be included in the exception and displayed to user. + public Saml2SecurityTokenEncryptedAssertionEncryptionException(string message) + : base(message) + { } + + /// + /// Initializes a new instance of the class. + /// + /// Additional information to be included in the exception and displayed to user. + /// A that represents the root cause of the exception. + public Saml2SecurityTokenEncryptedAssertionEncryptionException(string message, Exception innerException) + : base(message, innerException) + { } + } +} diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionException.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionException.cs new file mode 100644 index 0000000000..7d6bbee148 --- /dev/null +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionException.cs @@ -0,0 +1,61 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; + +namespace Microsoft.IdentityModel.Tokens.Saml2 +{ + /// + /// This exception is thrown when SAML2 assertion encryption/decryption failed. + /// + public class Saml2SecurityTokenEncryptedAssertionException : SecurityTokenException + { + /// + /// Initializes a new instance of the class. + /// + public Saml2SecurityTokenEncryptedAssertionException() + : base() + { } + + /// + /// Initializes a new instance of the class. + /// + /// Additional information to be included in the exception and displayed to user. + public Saml2SecurityTokenEncryptedAssertionException(string message) + : base(message) + { } + + /// + /// Initializes a new instance of the class. + /// + /// Additional information to be included in the exception and displayed to user. + /// A that represents the root cause of the exception. + public Saml2SecurityTokenEncryptedAssertionException(string message, Exception innerException) + : base(message, innerException) + { } + } +} diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/IEncryptedAssertionHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/IEncryptedAssertionHandler.cs new file mode 100644 index 0000000000..08fff24ffb --- /dev/null +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/IEncryptedAssertionHandler.cs @@ -0,0 +1,69 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System.Xml; + +namespace Microsoft.IdentityModel.Tokens.Saml2 +{ + /// + /// Exposes operations for interactions with a . + /// + public interface IEncryptedAssertionHandler + { + /// + /// Encrypts provided SAML2 bytes using the instance. + /// + /// SAML2 assertion bytes to be encrypted. + /// An ecryption credentials instance. + /// A instance. + Saml2EncryptedAssertion EncryptAssertion(byte[] assertionData, EncryptingCredentials encryptingCredentials); + + /// + /// Decrypts provided using the instance. + /// + /// A instance to be decrypted. + /// A instance to be used to decrypt . + /// A string representation of an . + /// A Saml2 assertion string. + string DecryptAssertion(Saml2EncryptedAssertion assertion, TokenValidationParameters validationParameters, string assertionString); + + /// + /// Reads provided SAML2 string into a instance. + /// + /// A SAML2 assertion string. + /// A instance. + Saml2EncryptedAssertion ReadEncryptedAssertion(string assertion); + + /// + /// Writes provided into the . + /// + /// An XML writer instance. + /// A instance to be writen into an XML writer. + /// A saml2 xml prefix. + void WriteAssertionToXml(XmlWriter writer, Saml2EncryptedAssertion assertion, string samlPrefix); + } +} diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/InternalsVisibleTo.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/InternalsVisibleTo.cs new file mode 100644 index 0000000000..51d4558e57 --- /dev/null +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/InternalsVisibleTo.cs @@ -0,0 +1,29 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Tokens.Saml.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] +[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Xml.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/LogMessages.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/LogMessages.cs index cf5e492cbc..4f4223846c 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/LogMessages.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/LogMessages.cs @@ -80,7 +80,6 @@ internal static class LogMessages internal const string IDX13138 = "IDX13138: Unable to read for Saml2SecurityToken. the AttributeStatement does not contain any Attributes."; internal const string IDX13139 = "IDX13139: Uri must be an AbsoluteUri is: '{0}'"; internal const string IDX13140 = "IDX13140: EncryptedId is not supported. You will need to override ReadEncryptedId and provide support."; - internal const string IDX13141 = "IDX13141: EncryptedAssertion is not supported. You will need to override ReadAssertion and provide support."; internal const string IDX13313 = "IDX13313: 'AuthnStatement' cannot be empty."; internal const string IDX13312 = "IDX13312: 'AuthnContext' cannot be empty."; internal const string IDX13314 = "IDX13314: 'AuthzDecisionStatement' cannot be empty (must have at least one 'Subject')."; @@ -98,6 +97,35 @@ internal static class LogMessages internal const string IDX13306 = "IDX13306: Multiple name identifier claim is not allowed in tokenDescriptor.Subject.Claims."; internal const string IDX13310 = "IDX13310: SAML2 AuthorizationDecision DecisionType must be 'Permit', 'Deny' or 'Indeterminate'."; + // Saml2 EncryptedAssertion + internal const string IDX13600 = "IDX13600: Unable to obtain a CryptoProviderFactory, EncryptingCredentials.CryptoProviderFactory and EncryptingCredentials.Key.CrypoProviderFactory are both null."; + internal const string IDX13601 = "IDX13601: Saml2Assertion encryption failed. No support for algorithm: '{0}', SecurityKey: '{1}'."; + internal const string IDX13602 = "IDX13602: Failed to create the token encryption provider."; + internal const string IDX13603 = "IDX13603: Encryption failed. EncryptionProvider failed for: Algorithm: '{0}', SecurityKey: '{1}'. See inner exception."; + internal const string IDX13606 = "IDX13606: EncryptionCredentials.Key is not SymmetricSecurityKey or AsymmetricSecurityKey. EncryptionCredentials.Key: '{0}'."; + internal const string IDX13607 = "IDX13607: Session key encryption algorithm: '{0}' is not supported."; + internal const string IDX13608 = "IDX13608: Saml2Assertion is encrypted. Unable to get '{0}' from a Saml2EncryptedAssertion."; + internal const string IDX13609 = "IDX13609: Unable to check if an Assertion is a Saml2EncryptedAssertion. Assertion: '{0}'. Inner exception: '{1}'."; + internal const string IDX13610 = "IDX13610: Saml2EncryptedAssertion validation failed. EncryptedData is null."; + internal const string IDX13611 = "IDX13611: Saml2EncryptedAssertion validation failed. EncryptionMethod is not present. As there is no support for users to provide an encryption algorithm - EncryptionMethod is treated as required for now."; + internal const string IDX13612 = "IDX13612: Saml2EncryptedAssertion validation failed. CypherValue is null."; + internal const string IDX13613 = "IDX13613: Saml2EncryptedAssertion validation failed. EncryptedData Type is not valid: '{0}'."; + internal const string IDX13614 = "IDX13614: Saml2EncryptedAssertion validation failed. EncryptedKey Type is not valid: '{0}'."; + internal const string IDX13615 = "IDX13615: EncryptedKey contain DataReference(s), but EncryptedData doesn't have an ID attribute set."; + internal const string IDX13616 = "IDX13616: EncryptedKey contains DataReference(s) where neither references the EncryptedData element."; + internal const string IDX13617 = "IDX13617: EncryptedData->KeyInfo contain RetrievalMethodUri, but EncryptedKey doesn't have an ID attribute set."; + internal const string IDX13618 = "IDX13618: EncryptedData->KeyInfo->RetrievalMethodUri is not equal to EncryptedKey->ID. Values found: RetrievalMethodUri: '{0}', EncryptedKey->ID: '{1}'."; + internal const string IDX13620 = "IDX13620: Unable to Read a Saml2EncryptedAssertion. Expecting XmlReader to be at element: '{0}', found: '{1}'."; + internal const string IDX13621 = "IDX13621: Unable to obtain a CryptoProviderFactory, key.CryptoProviderFactory and ValidationParameters.CrypoProviderFactory are both null."; + internal const string IDX13622 = "IDX13622: Saml2EncryptedAssertion decryption failed. There is no security key for decryption."; + internal const string IDX13623 = "IDX13623: Saml2EncryptedAssertion decryption failed. No support for algorithm: '{0}', SecurityKey: '{1}'."; + internal const string IDX13624 = "IDX13624: EncryptingCredentials is null. Unable to encrypt an assertion."; + internal const string IDX13625 = "IDX13625: Encryption failed. Saml2 data encryption is only supported for: '{0}', '{1}' and '{2}'. The content encryption specified is: '{3}'."; + internal const string IDX13626 = "IDX13626: Encryption failed. Saml2 encryption algorithm should be set to '{0}' when pre-shared session key is used to encrypt data. The data encryption specified is: '{1}'."; + internal const string IDX13627 = "IDX13627: Encryption failed. Saml2 key wrap is only supported for: '{0}', and '{1}'. The key wrap algorithm specified is: '{2}'."; + internal const string IDX13628 = "IDX13628: Encryption failed. Key is either null or it's not Symmetric/Asymmetric SecurityKey."; + internal const string IDX13629 = "IDX13629: SessionKey is null. Unable to Wrap a null session key."; + // IDX11900 - AuthorizationDecisionStatement internal const string IDX13900 = "IDX13900: Unable to write Saml2Assertion: {0} is required, {1} is null or empty."; internal const string IDX13901 = "IDX13901: Unable to write Saml2Assertion: {0}.{1} is empty. This statement must contain at least one Action."; diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Assertion.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Assertion.cs index af6f53f9b0..3f67c58971 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Assertion.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Assertion.cs @@ -43,9 +43,17 @@ namespace Microsoft.IdentityModel.Tokens.Saml2 public class Saml2Assertion { private string _canonicalString; + private EncryptingCredentials _encryptingCredentials; private Saml2Id _id; private DateTime _issueInstant; private Saml2NameIdentifier _issuer; + private Signature _signature; + private Saml2Advice _advice; + private Saml2Conditions _conditions; + private string _inclusiveNamespacesPrefixList; + private SigningCredentials _signingCredentials; + private Saml2Subject _subject; + private List _statements; /// /// Creates an instance of a Saml2Assertion. @@ -56,37 +64,58 @@ public Saml2Assertion(Saml2NameIdentifier issuer) Id = new Saml2Id(); IssueInstant = DateTime.UtcNow; Issuer = issuer; - Statements = new List(); + _statements = new List(); } /// /// Gets or sets the on the Assertion. + /// Returns null if the is encrypted. /// public Signature Signature { - get; - set; + get + { + if (Encrypted) + return null; + + return _signature; + } + set => _signature = value; } /// /// Gets or sets additional information related to the assertion that assists processing in certain /// situations but which may be ignored by applications that do not understand the /// advice or do not wish to make use of it. [Saml2Core, 2.3.3] + /// Returns null if the is encrypted. /// public Saml2Advice Advice { - get; - set; + get + { + if (Encrypted) + return null; + + return _advice; + } + set => _advice = value; } /// /// Gets or sets conditions that must be evaluated when assessing the validity of and/or /// when using the assertion. [Saml2Core 2.3.3] + /// Returns null if the is encrypted. /// public Saml2Conditions Conditions { - get; - set; + get + { + if (Encrypted) + return null; + + return _conditions; + } + set => _conditions = value; } /// @@ -129,68 +158,141 @@ internal string CanonicalString } } + /// + /// Gets or sets the credentials used for encrypting the assertion. + /// + /// If this assertion is encrypted. + public EncryptingCredentials EncryptingCredentials + { + get + { + if (Encrypted) + throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionException(FormatInvariant(LogMessages.IDX13608, nameof(EncryptingCredentials)))); + + return _encryptingCredentials; + } + set => _encryptingCredentials = value; + } + /// /// Gets or sets the identifier for this assertion. [Saml2Core, 2.3.3] + /// Returns null if the is encrypted. /// /// if 'value' if null. public Saml2Id Id { - get => _id; + get + { + if (Encrypted) + return null; + + return _id; + } set => _id = value ?? throw LogArgumentNullException(nameof(value)); } /// /// Gets or sets the time instant of issue in UTC. [Saml2Core, 2.3.3] + /// Returns if the is encrypted. /// + /// if 'value' if null. public DateTime IssueInstant { - get => _issueInstant; - set => _issueInstant = DateTimeUtil.ToUniversalTime(value); + get + { + if (Encrypted) + return DateTime.MinValue; + + return _issueInstant; + } + set + { + if (value == null) + throw LogArgumentNullException(nameof(value)); + else + _issueInstant = DateTimeUtil.ToUniversalTime(value); + } } /// /// Gets or sets the as the authority that is making the claim(s) in the assertion. [Saml2Core, 2.3.3] + /// Returns null if the is encrypted. /// - /// if 'value' is null. + /// if 'value' if null. public Saml2NameIdentifier Issuer { - get => _issuer; + get + { + if (Encrypted) + return null; + + return _issuer; + } set => _issuer = value ?? throw LogArgumentNullException(nameof(value)); } /// /// Gets or sets the a PrefixList to use when there is a need to include InclusiveNamespaces writing token. + /// Returns null if the is encrypted. /// public string InclusiveNamespacesPrefixList { - get; - set; + get + { + if (Encrypted) + return null; + + return _inclusiveNamespacesPrefixList; + } + set => _inclusiveNamespacesPrefixList = value; } /// /// Gets or sets the used by the issuer to protect the integrity of the assertion. + /// Returns null if the is encrypted. /// public SigningCredentials SigningCredentials { - get; - set; + get + { + if (Encrypted) + return null; + + return _signingCredentials; + } + set => _signingCredentials = value; } /// /// Gets or sets the of the statement(s) in the assertion. [Saml2Core, 2.3.3] + /// Returns null if the is encrypted. /// public Saml2Subject Subject { - get; - set; + get + { + if (Encrypted) + return null; + + return _subject; + } + + set => _subject = value; } /// /// Gets the (s) regarding the subject. + /// Returns null if the is encrypted. /// public ICollection Statements { - get; + get + { + if (Encrypted) + return null; + + return _statements; + } } /// @@ -202,5 +304,15 @@ public string Version } internal XmlTokenStream XmlTokenStream { get; set; } + + /// + /// Indicates if this assertion is Encrypted + /// + public bool Encrypted { get; internal set; } = false; + + /// + /// String representation of this EncryptedAssertion + /// + public string EncryptedAssertion { get; internal set; } } } diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2EncryptedAssertion.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2EncryptedAssertion.cs new file mode 100644 index 0000000000..644937942e --- /dev/null +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2EncryptedAssertion.cs @@ -0,0 +1,99 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using Microsoft.IdentityModel.Logging; +using Microsoft.IdentityModel.Xml; +using System.Xml; + +namespace Microsoft.IdentityModel.Tokens.Saml2 +{ + /// + /// Represents the element. + /// + public class Saml2EncryptedAssertion + { + /// + /// Represents the element in XML encryption. + /// + public EncryptedData EncryptedData { get; set; } + + /// + /// Represents the element in XML encryption. + /// + public EncryptedKey EncryptedKey { get; set; } + + /// + /// + /// + /// + public virtual void ReadXml(XmlDictionaryReader reader) + { + if (reader == null) + throw LogHelper.LogArgumentNullException(nameof(reader)); + + if (!(reader.IsStartElement(Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace))) + throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13620, Saml2Constants.Elements.EncryptedAssertion, reader.Name))); + + reader.ReadStartElement(); + + EncryptedData = new EncryptedData(); + EncryptedData.ReadXml(reader); + + if (IsReaderPointingToEncryptedKey(reader)) + { + EncryptedKey = new EncryptedKey(); + EncryptedKey.ReadXml(reader); + } + } + + /// + /// + /// + /// + public virtual void WriteXml(XmlWriter writer) + { + if (writer == null) + throw LogHelper.LogArgumentNullException(nameof(writer)); + + EncryptedData.WriteXml(writer); + + if (EncryptedKey != null) + EncryptedKey.WriteXml(writer); + } + + private bool IsReaderPointingToEncryptedKey(XmlDictionaryReader reader) + { + if (reader == null) + throw LogHelper.LogArgumentNullException(nameof(reader)); + + if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptedKey, XmlEncryptionConstants.Namespace)) + return true; + + return false; + } + } +} \ No newline at end of file diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs index 20bc17c560..c5529534c9 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs @@ -35,6 +35,7 @@ using System.Xml; using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Tokens.Saml; +using Microsoft.IdentityModel.Xml; using static Microsoft.IdentityModel.Logging.LogHelper; using TokenLogMessages = Microsoft.IdentityModel.Tokens.LogMessages; @@ -47,7 +48,7 @@ namespace Microsoft.IdentityModel.Tokens.Saml2 public class Saml2SecurityTokenHandler : SecurityTokenHandler { private const string _actor = "Actor"; - private Saml2Serializer _serializer = new Saml2Serializer(); + private Saml2Serializer _serializer = new Saml2Serializer(new EncryptedAssertionHandler()); /// /// Gets or set the that will be used to read and write a . @@ -100,19 +101,16 @@ public override bool CanReadToken(string token) try { - using (var sr = new StringReader(token)) + using (var reader = XmlUtil.CreateDefaultXmlDictionaryReader(token)) { var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit }; #if NET45 settings.XmlResolver = null; #endif - using (var reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr, settings))) - { - return CanReadToken(reader); - } + return CanReadToken(reader); } } - catch(Exception) + catch(Exception ) { return false; } @@ -128,7 +126,8 @@ public override bool CanReadToken(XmlReader reader) if (reader == null) return false; - return reader.IsStartElement(Saml2Constants.Elements.Assertion, Saml2Constants.Namespace); + return (reader.IsStartElement(Saml2Constants.Elements.Assertion, Saml2Constants.Namespace) + || reader.IsStartElement(Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace)); } /// @@ -158,6 +157,7 @@ public virtual SecurityToken CreateToken(SecurityTokenDescriptor tokenDescriptor var assertion = new Saml2Assertion(CreateIssuerNameIdentifier(tokenDescriptor)) { Subject = CreateSubject(tokenDescriptor), + EncryptingCredentials = tokenDescriptor.EncryptingCredentials, SigningCredentials = tokenDescriptor.SigningCredentials, Conditions = CreateConditions(tokenDescriptor), Advice = CreateAdvice(tokenDescriptor) @@ -230,6 +230,13 @@ public override ClaimsPrincipal ValidateToken(string token, TokenValidationParam if (token.Length > MaximumTokenSizeInBytes) throw LogExceptionMessage(new ArgumentException(FormatInvariant(TokenLogMessages.IDX10209, token.Length, MaximumTokenSizeInBytes))); + // if an assertion is encrypted - decrypt it first + if (IsSaml2EncryptedAssertion(token)) + { + var encryptedAssertion = Serializer.ReadEncryptedAssertion(token); + token = Serializer.DecryptAssertion(encryptedAssertion, validationParameters, token); + } + var samlToken = ValidateSignature(token, validationParameters); if (samlToken == null) throw LogExceptionMessage(new SecurityTokenValidationException(FormatInvariant(TokenLogMessages.IDX10254, GetType(), "ValidateToken", GetType(), "ValidateSignature", typeof(Saml2SecurityToken)))); @@ -452,6 +459,17 @@ private Saml2SecurityToken ValidateSignature(Saml2SecurityToken samlToken, strin throw LogExceptionMessage(new SecurityTokenInvalidSignatureException(TokenLogMessages.IDX10500)); } + private IEnumerable GetAllSigningKeys(TokenValidationParameters validationParameters) + { + LogHelper.LogInformation(TokenLogMessages.IDX10243); + if (validationParameters.IssuerSigningKey != null) + yield return validationParameters.IssuerSigningKey; + + if (validationParameters.IssuerSigningKeys != null) + foreach (SecurityKey key in validationParameters.IssuerSigningKeys) + yield return key; + } + /// /// Returns a to use for validating the signature of a token. /// @@ -496,6 +514,10 @@ public override SecurityToken ReadToken(string token) /// If is null or empty. /// If .Length is greater than . /// A + /// + /// In case when token represents an EncryptedAssertion, Encrypted property of will be set to True + /// and will be used to set EncryptedAssertion property. + /// public virtual Saml2SecurityToken ReadSaml2Token(string token) { if (string.IsNullOrEmpty(token)) @@ -559,6 +581,28 @@ internal static bool IsSaml2Assertion(XmlReader reader) return reader.IsStartElement(Saml2Constants.Elements.Assertion, Saml2Constants.Namespace); } + /// + /// Indicates if the assertion string represents an EncryptedAssertion. + /// + /// String representation of an assertion. + /// 'true' if assertion is encrypted, 'false' otherwise. + private bool IsSaml2EncryptedAssertion(string assertion) + { + using (var reader = XmlUtil.CreateDefaultXmlReader(assertion)) + { + try + { + reader.MoveToContent(); + return reader.IsStartElement(Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace); + } + catch (Exception ex) + { + LogInformation(LogMessages.IDX13609, assertion, ex); + return false; + } + } + } + /// /// Creates the conditions for the assertion. /// diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Serializer.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Serializer.cs index 910bc100c8..c43b01999c 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Serializer.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Serializer.cs @@ -27,7 +27,9 @@ using System; using System.Globalization; +using System.IO; using System.Security.Claims; +using System.Text; using System.Xml; using Microsoft.IdentityModel.Xml; using static Microsoft.IdentityModel.Logging.LogHelper; @@ -41,12 +43,24 @@ public class Saml2Serializer { private DSigSerializer _dsigSerializer = DSigSerializer.Default; private string _prefix = Saml2Constants.Prefix; + private readonly IEncryptedAssertionHandler _encryptedAssertionHandler; /// /// Instantiates a new instance of . /// - public Saml2Serializer() { } + public Saml2Serializer() + { + _encryptedAssertionHandler = null; + } + /// + /// Instantiates a new instance of . + /// + /// + public Saml2Serializer(IEncryptedAssertionHandler encryptedAssertionHandler) + { + _encryptedAssertionHandler = encryptedAssertionHandler; + } /// /// Gets or sets the to use for reading / writing the @@ -186,29 +200,40 @@ protected virtual Saml2Advice ReadAdvice(XmlDictionaryReader reader) } /// - /// Reads a <saml:Assertion> element. + /// Reads a <saml:Assertion> or <saml:EncryptedAssertion> element. /// /// A positioned at a 'saml2:assertion' element. /// If is null. - /// If assertion is encrypted. /// If is not positioned at a Saml2Assertion. /// If Version is not '2.0'. /// If 'Id' is missing.> /// If 'IssueInstant' is missing.> /// If no statements are found.> + /// if assertion is an EncryptedAssertion and decrypt operation failed. /// A instance. + /// + /// If Assertion element is an EncryptedAssertion, Encrypted property of resulting Saml2Assertion object will be set to True + /// and EncryptedAssertion property will be set to raw assertion data string + /// public virtual Saml2Assertion ReadAssertion(XmlReader reader) { if (reader == null) throw LogArgumentNullException(nameof(reader)); - if (reader.IsStartElement(Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace)) - throw LogExceptionMessage(new NotSupportedException(LogMessages.IDX13141)); + XmlDictionaryReader plaintextReader = XmlDictionaryReader.CreateDictionaryReader(reader); + Saml2Assertion assertion = new Saml2Assertion(new Saml2NameIdentifier("__TemporaryIssuer__")); - XmlUtil.CheckReaderOnEntry(reader, Saml2Constants.Elements.Assertion, Saml2Constants.Namespace); + // if assertion is encrypted then flag it as encrypted, attach original assertion string, and return + if (plaintextReader.IsStartElement(Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace)) + { + assertion.Encrypted = true; + assertion.EncryptedAssertion = reader.ReadOuterXml(); + return assertion; + } + + XmlUtil.CheckReaderOnEntry(plaintextReader, Saml2Constants.Elements.Assertion, Saml2Constants.Namespace); + var envelopeReader = new EnvelopedSignatureReader(plaintextReader) { Serializer = DSigSerializer }; - var envelopeReader = new EnvelopedSignatureReader(reader) { Serializer = DSigSerializer }; - var assertion = new Saml2Assertion(new Saml2NameIdentifier("__TemporaryIssuer__")); try { // @xsi:type @@ -239,7 +264,7 @@ public virtual Saml2Assertion ReadAssertion(XmlReader reader) // will move to next element // 0-1 read by EnvelopedSignatureReader envelopeReader.Read(); - + // 1 assertion.Issuer = ReadIssuer(envelopeReader); @@ -306,7 +331,9 @@ public virtual Saml2Assertion ReadAssertion(XmlReader reader) throw LogReadException(LogMessages.IDX13102, ex, Saml2Constants.Elements.Assertion, ex); } - } + } + + /// /// Reads a . @@ -1402,7 +1429,7 @@ protected virtual Saml2NameIdentifier ReadNameIdentifier(XmlDictionaryReader rea // No declaration, or declaring that this is just a "BaseID", is invalid since statement is abstract if (declaredType == null || XmlUtil.EqualsQName(declaredType, Saml2Constants.Types.BaseIDAbstractType, Saml2Constants.Namespace)) - throw LogReadException(LogMessages.IDX13103, Saml2Constants.Elements.BaseID, declaredType, GetType(), "ReadSubjectId" ); + throw LogReadException(LogMessages.IDX13103, Saml2Constants.Elements.BaseID, declaredType, GetType(), "ReadSubjectId"); // If it's NameID we can handle it if (XmlUtil.EqualsQName(declaredType, Saml2Constants.Types.NameIDType, Saml2Constants.Namespace)) @@ -1520,7 +1547,7 @@ protected virtual void WriteAdvice(XmlWriter writer, Saml2Advice advice) } /// - /// Writes the <Assertion> element. + /// Writes the <Assertion> or <EncryptedAssertion> element. /// /// A to serialize the . /// The to serialize. @@ -1529,6 +1556,7 @@ protected virtual void WriteAdvice(XmlWriter writer, Saml2Advice advice) /// if .EncryptingCredentials != null. /// The must have a if no are present. /// The SAML2 authentication, attribute, and authorization decision require a . + /// if assertion is an EncryptedAssertion and encrypt operation failed. public virtual void WriteAssertion(XmlWriter writer, Saml2Assertion assertion) { if (writer == null) @@ -1537,6 +1565,17 @@ public virtual void WriteAssertion(XmlWriter writer, Saml2Assertion assertion) if (assertion == null) throw LogArgumentNullException(nameof(assertion)); + // When EncryptingCredentials is not null - Assertion will be encrypted + if (assertion.EncryptingCredentials != null) + { + EncryptAndWriteAssertion(writer, assertion); + } + else + WritePlaintextAssertion(writer, assertion); + } + + private void WritePlaintextAssertion(XmlWriter writer, Saml2Assertion assertion) + { // Wrap the writer if necessary for a signature // We do not dispose this writer, since as a delegating writer it would // dispose the inner writer, which we don't properly own. @@ -1563,7 +1602,6 @@ public virtual void WriteAssertion(XmlWriter writer, Saml2Assertion assertion) } } - // writer.WriteStartElement(Prefix, Saml2Constants.Elements.Assertion, Saml2Constants.Namespace); // @ID - required @@ -1631,7 +1669,7 @@ public virtual void WriteAttribute(XmlWriter writer, Saml2Attribute attribute) writer.WriteAttributeString(Saml2Constants.Attributes.FriendlyName, attribute.FriendlyName); // @OriginalIssuer - optional - if (attribute.OriginalIssuer != null ) + if (attribute.OriginalIssuer != null) writer.WriteAttributeString(Saml2Constants.Attributes.OriginalIssuer, Saml2Constants.ClaimType2009Namespace, attribute.OriginalIssuer); string xsiTypePrefix = null; @@ -1830,7 +1868,7 @@ protected virtual void WriteAuthorizationDecisionStatement(XmlWriter writer, Sam throw LogArgumentNullException(nameof(statement)); if (statement.Actions.Count == 0) - throw LogWriteException(LogMessages.IDX13901, statement.GetType(), "Actions" ); + throw LogWriteException(LogMessages.IDX13901, statement.GetType(), "Actions"); if (string.IsNullOrEmpty(statement.Decision)) throw LogWriteException(LogMessages.IDX13900, Saml2Constants.Attributes.Decision, nameof(statement.Decision)); @@ -1921,8 +1959,8 @@ protected virtual void WriteEvidence(XmlWriter writer, Saml2Evidence evidence) throw LogArgumentNullException(nameof(evidence)); if (evidence.AssertionIdReferences.Count == 0 - && evidence.Assertions.Count == 0 - && evidence.AssertionUriReferences.Count == 0 ) + && evidence.Assertions.Count == 0 + && evidence.AssertionUriReferences.Count == 0) throw LogWriteException(LogMessages.IDX13902); // @@ -2109,7 +2147,7 @@ protected virtual void WriteSubject(XmlWriter writer, Saml2Subject subject) throw LogArgumentNullException(nameof(subject)); // If there's no ID, there has to be a SubjectConfirmation - if (subject.NameId == null && 0 == subject.SubjectConfirmations.Count) + if (subject.NameId == null && 0 == subject.SubjectConfirmations.Count) throw LogExceptionMessage(new Saml2SecurityTokenException(FormatInvariant(LogMessages.IDX13305, subject))); // @@ -2349,5 +2387,42 @@ internal static Exception LogWriteException(string format, Exception inner, para { return LogExceptionMessage(new Saml2SecurityTokenWriteException(FormatInvariant(format, args), inner)); } + + #region EncryptedAssertion + internal Saml2EncryptedAssertion EncryptAssertion(byte[] assertion, EncryptingCredentials encryptingCredentials) + { + return _encryptedAssertionHandler.EncryptAssertion(assertion, encryptingCredentials); + } + + internal string DecryptAssertion(Saml2EncryptedAssertion encryptedAssertion, TokenValidationParameters validationParameters, string assertionString) + { + return _encryptedAssertionHandler.DecryptAssertion(encryptedAssertion, validationParameters, assertionString); + } + + internal Saml2EncryptedAssertion ReadEncryptedAssertion(string assertion) + { + return _encryptedAssertionHandler.ReadEncryptedAssertion(assertion); + } + + internal void EncryptAndWriteAssertion(XmlWriter writer, Saml2Assertion assertion) + { + XmlWriter originalWriter = writer; + MemoryStream plaintextStream = new MemoryStream(); + XmlDictionaryWriter plaintextWriter = XmlDictionaryWriter.CreateTextWriter(plaintextStream, Encoding.UTF8, false); + writer = plaintextWriter; + + // reuse this method in order to get bytes of plaintext written assertion + WritePlaintextAssertion(writer, assertion); + + ((IDisposable)plaintextWriter).Dispose(); + plaintextWriter = null; + + var plaintextAssertionBytes = plaintextStream.ToArray(); + ((IDisposable)plaintextStream).Dispose(); + + var encryptedAssertion = EncryptAssertion(plaintextAssertionBytes, assertion.EncryptingCredentials); + _encryptedAssertionHandler.WriteAssertionToXml(originalWriter, encryptedAssertion, Prefix); + } + #endregion } } diff --git a/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs b/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs index e3feb00ccd..ed19f6ec31 100644 --- a/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs +++ b/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs @@ -33,7 +33,7 @@ using System.Reflection; #endif -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 using System.Security.Cryptography.X509Certificates; #endif @@ -65,7 +65,7 @@ internal class AsymmetricAdapter : IDisposable private bool _useRSAOeapPadding = false; #endif -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 private RSAEncryptionPadding _rsaEncryptionPadding; #endif @@ -79,7 +79,7 @@ internal class AsymmetricAdapter : IDisposable private object _verifyRsaLock = new object(); private object _verifyEcdsaLock = new object(); -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 // HasAlgorithmName was introduced into Net46 internal AsymmetricAdapter(SecurityKey key, string algorithm, HashAlgorithm hashAlgorithm, HashAlgorithmName hashAlgorithmName, bool requirePrivateKey) : this(key, algorithm, hashAlgorithm, requirePrivateKey) @@ -183,7 +183,7 @@ internal byte[] Decrypt(byte[] data) #endif // NETSTANDARD2_0 doesn't use RSACryptoServiceProviderProxy -#if NETSTANDARD2_0 +#if NETSTANDARD2_0 || NETSTANDARD2_1 return RSA.Decrypt(data, _rsaEncryptionPadding); #endif } @@ -241,14 +241,14 @@ internal byte[] Encrypt(byte[] data) #endif // NETSTANDARD2_0 doesn't use RSACryptoServiceProviderProxy -#if NETSTANDARD2_0 +#if NETSTANDARD2_0 || NETSTANDARD2_1 return RSA.Encrypt(data, _rsaEncryptionPadding); #endif } private HashAlgorithm HashAlgorithm { get; set; } -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 private HashAlgorithmName HashAlgorithmName { get; set; } private RSASignaturePadding RSASignaturePadding { get; set; } @@ -257,7 +257,7 @@ internal byte[] Encrypt(byte[] data) private void InitializeUsingRsa(RSA rsa, string algorithm) { -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 if (algorithm.Equals(SecurityAlgorithms.RsaSsaPssSha256, StringComparison.Ordinal) || algorithm.Equals(SecurityAlgorithms.RsaSsaPssSha256Signature, StringComparison.Ordinal) || algorithm.Equals(SecurityAlgorithms.RsaSsaPssSha384, StringComparison.Ordinal) || @@ -281,7 +281,8 @@ private void InitializeUsingRsa(RSA rsa, string algorithm) // RSACryptoServiceProviderProxy is only supported on Windows platform #if DESKTOP _useRSAOeapPadding = algorithm.Equals(SecurityAlgorithms.RsaOAEP, StringComparison.Ordinal) - || algorithm.Equals(SecurityAlgorithms.RsaOaepKeyWrap, StringComparison.Ordinal); + || algorithm.Equals(SecurityAlgorithms.RsaOaepKeyWrap, StringComparison.Ordinal) + || algorithm.Equals(SecurityAlgorithms.RsaOaepMgf1pKeyWrap, StringComparison.Ordinal); if (rsa is RSACryptoServiceProvider rsaCryptoServiceProvider) { @@ -315,7 +316,7 @@ private void InitializeUsingRsa(RSA rsa, string algorithm) } #endif -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 // Here we can use RSA straight up. _rsaEncryptionPadding = (algorithm.Equals(SecurityAlgorithms.RsaOAEP, StringComparison.Ordinal) || algorithm.Equals(SecurityAlgorithms.RsaOaepKeyWrap, StringComparison.Ordinal)) ? RSAEncryptionPadding.OaepSHA1 @@ -349,7 +350,7 @@ private byte[] SignWithECDsa(byte[] bytes) } } -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 private byte[] SignWithRsa(byte[] bytes) { lock (_signRsaLock) @@ -383,7 +384,7 @@ private bool VerifyWithECDsa(byte[] bytes, byte[] signature) } } -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 private bool VerifyWithRsa(byte[] bytes, byte[] signature) { lock (_verifyRsaLock) diff --git a/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs b/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs index 9cd73395e7..f0eed673c4 100644 --- a/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs +++ b/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs @@ -185,7 +185,7 @@ private PrivateKeyStatus FoundPrivateKey(SecurityKey key) return PrivateKeyStatus.Unknown; } -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 /// /// Creating a Signature requires the use of a . /// This method returns the diff --git a/src/Microsoft.IdentityModel.Tokens/CryptoProviderFactory.cs b/src/Microsoft.IdentityModel.Tokens/CryptoProviderFactory.cs index 112f17b460..bf6c74ec9b 100644 --- a/src/Microsoft.IdentityModel.Tokens/CryptoProviderFactory.cs +++ b/src/Microsoft.IdentityModel.Tokens/CryptoProviderFactory.cs @@ -285,7 +285,7 @@ public virtual SignatureProvider CreateForVerifying(SecurityKey key, string algo return CreateSignatureProvider(key, algorithm, false, cacheProvider); } -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 /// /// Returns a for a specific algorithm. /// diff --git a/src/Microsoft.IdentityModel.Tokens/ECDsaAdapter.cs b/src/Microsoft.IdentityModel.Tokens/ECDsaAdapter.cs index 1e5ffea20a..3fb986ea31 100644 --- a/src/Microsoft.IdentityModel.Tokens/ECDsaAdapter.cs +++ b/src/Microsoft.IdentityModel.Tokens/ECDsaAdapter.cs @@ -57,7 +57,7 @@ static ECDsaAdapter() /// internal ECDsaAdapter() { -#if NETSTANDARD2_0 +#if NETSTANDARD2_0 || NETSTANDARD2_1 if (SupportsECParameters()) CreateECDsaFunction = CreateECDsaUsingECParams; else @@ -274,7 +274,7 @@ private bool SupportsCNGKey() } } -#if NETSTANDARD2_0 +#if NETSTANDARD2_0 || NETSTANDARD2_1 /// /// Creates an ECDsa object using the and . /// 'ECParameters' structure is available in .NET Framework 4.7+, .NET Standard 1.6+, and .NET Core 1.0+. diff --git a/src/Microsoft.IdentityModel.Tokens/ECDsaSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/ECDsaSecurityKey.cs index e222917d28..8ae5d911f7 100644 --- a/src/Microsoft.IdentityModel.Tokens/ECDsaSecurityKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/ECDsaSecurityKey.cs @@ -116,7 +116,7 @@ public override int KeySize /// https://tools.ietf.org/html/rfc7638 public override bool CanComputeJwkThumbprint() { -#if NETSTANDARD2_0 +#if NETSTANDARD2_0 || NETSTANDARD2_1 if (ECDsaAdapter.Instance.SupportsECParameters()) return true; #endif @@ -130,7 +130,7 @@ public override bool CanComputeJwkThumbprint() /// https://tools.ietf.org/html/rfc7638 public override byte[] ComputeJwkThumbprint() { -#if NETSTANDARD2_0 +#if NETSTANDARD2_0 || NETSTANDARD2_1 if (ECDsaAdapter.Instance.SupportsECParameters()) { ECParameters parameters = ECDsa.ExportParameters(false); diff --git a/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs b/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs index 0f3f0f94a9..d24e40de99 100644 --- a/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs +++ b/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs @@ -37,6 +37,10 @@ namespace Microsoft.IdentityModel.Tokens /// public class AuthenticatedEncryptionProvider : IDisposable { +#if NETSTANDARD2_1 + private const int AES_GCM_IV_SIZE = 12; + private const int AES_GCM_TAG_SIZE = 16; +#endif private struct AuthenticatedKeys { public SymmetricSecurityKey AesKey; @@ -67,22 +71,30 @@ public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm) if (string.IsNullOrWhiteSpace(algorithm)) throw LogHelper.LogArgumentNullException(nameof(algorithm)); - if (!IsSupportedAlgorithm(key, algorithm)) - throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10668, GetType(), algorithm, key))); + // Allow constructing AuthenticatedEncryptionProvider in case when AesGcm algorithm is passed to enable tests + if (!IsAesGcmAlgorithm(algorithm)) + { + if (!IsSupportedAlgorithm(key, algorithm)) + throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10668, GetType(), algorithm, key))); + + ValidateKeySize(key, algorithm); + + _authenticatedkeys = GetAlgorithmParameters(key, algorithm); + _hmacAlgorithm = GetHmacAlgorithm(algorithm); + Key = key; + Algorithm = algorithm; + _cryptoProviderFactory = key.CryptoProviderFactory; + if (key.CryptoProviderFactory.GetType() == typeof(CryptoProviderFactory)) + _symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hmacAlgorithm, false) as SymmetricSignatureProvider; + else + _symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hmacAlgorithm) as SymmetricSignatureProvider; + + if (_symmetricSignatureProvider == null) + throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10649, Algorithm))); + } - ValidateKeySize(key, algorithm); - _authenticatedkeys = GetAlgorithmParameters(key, algorithm); - _hmacAlgorithm = GetHmacAlgorithm(algorithm); Key = key; Algorithm = algorithm; - _cryptoProviderFactory = key.CryptoProviderFactory; - if (key.CryptoProviderFactory.GetType() == typeof(CryptoProviderFactory)) - _symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hmacAlgorithm, false) as SymmetricSignatureProvider; - else - _symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hmacAlgorithm) as SymmetricSignatureProvider; - - if (_symmetricSignatureProvider == null) - throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10649, Algorithm))); } /// @@ -99,7 +111,7 @@ public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm) /// /// Gets the that is being used. /// - public SecurityKey Key { get; } + public SecurityKey Key { get; private set; } /// /// Encrypts the 'plaintext' @@ -137,35 +149,66 @@ public virtual AuthenticatedEncryptionResult Encrypt(byte[] plaintext, byte[] au if (_disposed) throw LogHelper.LogExceptionMessage(new ObjectDisposedException(GetType().ToString())); - Aes aes = Aes.Create(); - aes.Mode = CipherMode.CBC; - aes.Padding = PaddingMode.PKCS7; - aes.Key = _authenticatedkeys.AesKey.Key; - if (iv != null) - aes.IV = iv; - byte[] ciphertext; - try + +#if NETSTANDARD2_1 + if (IsAesGcmAlgorithm(Algorithm)) { - ciphertext = Transform(aes.CreateEncryptor(), plaintext, 0, plaintext.Length); + ciphertext = new byte[plaintext.Length]; + byte[] nonce = new byte[AES_GCM_IV_SIZE]; + byte[] tag = new byte[AES_GCM_TAG_SIZE]; + using (var aesGcm = new AesGcm(GetKeyBytes(Key))) + { + //random nonce + RandomNumberGenerator rng = RandomNumberGenerator.Create(); + rng.GetBytes(nonce); + + try + { + aesGcm.Encrypt(nonce, plaintext, ciphertext, tag); + } + catch(Exception ex) + { + throw LogHelper.LogExceptionMessage(new SecurityTokenEncryptionFailedException(LogHelper.FormatInvariant(LogMessages.IDX10618, Algorithm), ex)); + } + } + + return new AuthenticatedEncryptionResult(Key, ciphertext, nonce, tag); } - catch(Exception ex) + else { - throw LogHelper.LogExceptionMessage(new SecurityTokenEncryptionFailedException(LogHelper.FormatInvariant(LogMessages.IDX10654, ex))); - } +#endif + Aes aes = Aes.Create(); + aes.Mode = CipherMode.CBC; + aes.Padding = PaddingMode.PKCS7; + aes.Key = _authenticatedkeys.AesKey.Key; + if (iv != null) + aes.IV = iv; + + try + { + ciphertext = Transform(aes.CreateEncryptor(), plaintext, 0, plaintext.Length); + } + catch (Exception ex) + { + throw LogHelper.LogExceptionMessage(new SecurityTokenEncryptionFailedException(LogHelper.FormatInvariant(LogMessages.IDX10654, ex))); + } - byte[] al = Utility.ConvertToBigEndian(authenticatedData.Length * 8); - byte[] macBytes = new byte[authenticatedData.Length + aes.IV.Length + ciphertext.Length + al.Length]; - Array.Copy(authenticatedData, 0, macBytes, 0, authenticatedData.Length); - Array.Copy(aes.IV, 0, macBytes, authenticatedData.Length, aes.IV.Length); - Array.Copy(ciphertext, 0, macBytes, authenticatedData.Length + aes.IV.Length, ciphertext.Length); - Array.Copy(al, 0, macBytes, authenticatedData.Length + aes.IV.Length + ciphertext.Length, al.Length); - byte[] macHash = _symmetricSignatureProvider.Sign(macBytes); - var authenticationTag = new byte[_authenticatedkeys.HmacKey.Key.Length]; - Array.Copy(macHash, authenticationTag, authenticationTag.Length); - - return new AuthenticatedEncryptionResult(Key, ciphertext, aes.IV, authenticationTag); - } + byte[] al = Utility.ConvertToBigEndian(authenticatedData.Length * 8); + byte[] macBytes = new byte[authenticatedData.Length + aes.IV.Length + ciphertext.Length + al.Length]; + Array.Copy(authenticatedData, 0, macBytes, 0, authenticatedData.Length); + Array.Copy(aes.IV, 0, macBytes, authenticatedData.Length, aes.IV.Length); + Array.Copy(ciphertext, 0, macBytes, authenticatedData.Length + aes.IV.Length, ciphertext.Length); + Array.Copy(al, 0, macBytes, authenticatedData.Length + aes.IV.Length + ciphertext.Length, al.Length); + byte[] macHash = _symmetricSignatureProvider.Sign(macBytes); + var authenticationTag = new byte[_authenticatedkeys.HmacKey.Key.Length]; + Array.Copy(macHash, authenticationTag, authenticationTag.Length); + + return new AuthenticatedEncryptionResult(Key, ciphertext, aes.IV, authenticationTag); +#if NETSTANDARD2_1 + } +#endif + } /// /// Decrypts ciphertext into plaintext @@ -187,6 +230,12 @@ public virtual byte[] Decrypt(byte[] ciphertext, byte[] authenticatedData, byte[ if (ciphertext == null || ciphertext.Length == 0) throw LogHelper.LogArgumentNullException(nameof(ciphertext)); + if (IsAesGcmAlgorithm(Algorithm)) + { + // Until there is no AES-GCM support, Encrypt and Decrypt operations will throw an exception + throw LogHelper.LogExceptionMessage(new SecurityTokenDecryptionFailedException(LogHelper.FormatInvariant(LogMessages.IDX10692, Algorithm))); + } + if (authenticatedData == null || authenticatedData.Length == 0) throw LogHelper.LogArgumentNullException(nameof(authenticatedData)); @@ -258,6 +307,16 @@ protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm) return SupportedAlgorithms.IsSupportedAuthenticatedEncryptionAlgorithm(algorithm, key); } + private bool IsAesGcmAlgorithm(string algorithm) + { + if (!(algorithm.Equals(SecurityAlgorithms.Aes128Gcm, StringComparison.Ordinal) + || algorithm.Equals(SecurityAlgorithms.Aes192Gcm, StringComparison.Ordinal) + || algorithm.Equals(SecurityAlgorithms.Aes256Gcm, StringComparison.Ordinal))) + return false; + + return true; + } + private AuthenticatedKeys GetAlgorithmParameters(SecurityKey key, string algorithm) { int keyLength = -1; @@ -291,13 +350,13 @@ private AuthenticatedKeys GetAlgorithmParameters(SecurityKey key, string algorit private static string GetHmacAlgorithm(string algorithm) { if (SecurityAlgorithms.Aes128CbcHmacSha256.Equals(algorithm, StringComparison.Ordinal)) - return SecurityAlgorithms.HmacSha256; + return SecurityAlgorithms.HmacSha256; if (SecurityAlgorithms.Aes192CbcHmacSha384.Equals(algorithm, StringComparison.Ordinal)) return SecurityAlgorithms.HmacSha384; if (SecurityAlgorithms.Aes256CbcHmacSha512.Equals(algorithm, StringComparison.Ordinal)) - return SecurityAlgorithms.HmacSha512; + return SecurityAlgorithms.HmacSha512; throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10652, algorithm), nameof(algorithm))); } diff --git a/src/Microsoft.IdentityModel.Tokens/InternalsVisibleTo.cs b/src/Microsoft.IdentityModel.Tokens/InternalsVisibleTo.cs index 7c51c1b4e8..ca040386bb 100644 --- a/src/Microsoft.IdentityModel.Tokens/InternalsVisibleTo.cs +++ b/src/Microsoft.IdentityModel.Tokens/InternalsVisibleTo.cs @@ -40,3 +40,5 @@ [assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.S2S.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] [assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.S2S.Tokens.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] [assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] +[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Tokens.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] +[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Tokens.Saml.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] diff --git a/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs b/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs index 806e801831..65acdc2610 100644 --- a/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs +++ b/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs @@ -56,7 +56,7 @@ public static JsonWebKey ConvertFromSecurityKey(SecurityKey key) return ConvertFromSymmetricSecurityKey(symmetricKey); else if (key is X509SecurityKey x509Key) return ConvertFromX509SecurityKey(x509Key); -#if NETSTANDARD2_0 +#if NETSTANDARD2_0 || NETSTANDARD2_1 else if (key is ECDsaSecurityKey ecdsaSecurityKey) return ConvertFromECDsaSecurityKey(ecdsaSecurityKey); #endif @@ -180,7 +180,7 @@ public static JsonWebKey ConvertFromSymmetricSecurityKey(SymmetricSecurityKey ke }; } -#if NETSTANDARD2_0 +#if NETSTANDARD2_0 || NETSTANDARD2_1 /// /// Converts a into a /// diff --git a/src/Microsoft.IdentityModel.Tokens/LogMessages.cs b/src/Microsoft.IdentityModel.Tokens/LogMessages.cs index e17d72aa30..75078c6664 100644 --- a/src/Microsoft.IdentityModel.Tokens/LogMessages.cs +++ b/src/Microsoft.IdentityModel.Tokens/LogMessages.cs @@ -123,6 +123,9 @@ internal static class LogMessages public const string IDX10615 = "IDX10615: Encryption failed. No support for: Algorithm: '{0}', SecurityKey: '{1}'."; public const string IDX10616 = "IDX10616: Encryption failed. EncryptionProvider failed for: Algorithm: '{0}', SecurityKey: '{1}'. See inner exception."; public const string IDX10617 = "IDX10617: Encryption failed. Keywrap is only supported for: '{0}', '{1}' and '{2}'. The content encryption specified is: '{3}'."; + public const string IDX10618 = "IDX10618: Encryption failed. EncryptionProvider failed for: Algorithm: '{0}'. See inner exception."; + //public const string IDX10619 = "IDX10619: Decryption failed. EncryptionProvider failed for: Algorithm: '{0}'. See inner exception."; + //public const string IDX10620 = "IDX10620: Decryption failed. Cipher-text size is less than 1."; // Formating public const string IDX10400 = "IDX10400: Unable to decode: '{0}' as Base64url encoded string."; diff --git a/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj b/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj index 7fa3e814e6..e357e9d3ec 100644 --- a/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj +++ b/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj @@ -16,7 +16,7 @@ $(DefineConstants);HAVE_ADO_NET;HAVE_APP_DOMAIN;HAVE_ASYNC;HAVE_BIG_INTEGER;HAVE_BINARY_FORMATTER;HAVE_BINARY_SERIALIZATION;HAVE_BINARY_EXCEPTION_SERIALIZATION;HAVE_CAS;HAVE_CHAR_TO_LOWER_WITH_CULTURE;HAVE_CHAR_TO_STRING_WITH_CULTURE;HAVE_COM_ATTRIBUTES;HAVE_COMPONENT_MODEL;HAVE_CONCURRENT_COLLECTIONS;HAVE_COVARIANT_GENERICS;HAVE_DATA_CONTRACTS;HAVE_DATE_TIME_OFFSET;HAVE_DB_NULL_TYPE_CODE;HAVE_DYNAMIC;HAVE_EMPTY_TYPES;HAVE_ENTITY_FRAMEWORK;HAVE_EXPRESSIONS;HAVE_FAST_REVERSE;HAVE_FSHARP_TYPES;HAVE_FULL_REFLECTION;HAVE_GUID_TRY_PARSE;HAVE_HASH_SET;HAVE_ICLONEABLE;HAVE_ICONVERTIBLE;HAVE_IGNORE_DATA_MEMBER_ATTRIBUTE;HAVE_INOTIFY_COLLECTION_CHANGED;HAVE_INOTIFY_PROPERTY_CHANGING;HAVE_ISET;HAVE_LINQ;HAVE_MEMORY_BARRIER;HAVE_METHOD_IMPL_ATTRIBUTE;HAVE_NON_SERIALIZED_ATTRIBUTE;HAVE_READ_ONLY_COLLECTIONS;HAVE_REFLECTION_EMIT;HAVE_SECURITY_SAFE_CRITICAL_ATTRIBUTE;HAVE_SERIALIZATION_BINDER_BIND_TO_NAME;HAVE_STREAM_READER_WRITER_CLOSE;HAVE_STRING_JOIN_WITH_ENUMERABLE;HAVE_TIME_SPAN_PARSE_WITH_CULTURE;HAVE_TIME_SPAN_TO_STRING_WITH_CULTURE;HAVE_TIME_ZONE_INFO;HAVE_TRACE_WRITER;HAVE_TYPE_DESCRIPTOR;HAVE_UNICODE_SURROGATE_DETECTION;HAVE_VARIANT_TYPE_PARAMETERS;HAVE_VERSION_TRY_PARSE;HAVE_XLINQ;HAVE_XML_DOCUMENT;HAVE_XML_DOCUMENT_TYPE;HAVE_CONCURRENT_DICTIONARY;$(AdditionalConstants) - + $(DefineConstants);HAVE_ADO_NET;HAVE_APP_DOMAIN;HAVE_ASYNC;HAVE_BIG_INTEGER;HAVE_BINARY_FORMATTER;HAVE_BINARY_SERIALIZATION;HAVE_BINARY_EXCEPTION_SERIALIZATION;HAVE_CHAR_TO_LOWER_WITH_CULTURE;HAVE_CHAR_TO_STRING_WITH_CULTURE;HAVE_COM_ATTRIBUTES;HAVE_COMPONENT_MODEL;HAVE_CONCURRENT_COLLECTIONS;HAVE_COVARIANT_GENERICS;HAVE_DATA_CONTRACTS;HAVE_DATE_TIME_OFFSET;HAVE_DB_NULL_TYPE_CODE;HAVE_DYNAMIC;HAVE_EMPTY_TYPES;HAVE_ENTITY_FRAMEWORK;HAVE_EXPRESSIONS;HAVE_FAST_REVERSE;HAVE_FSHARP_TYPES;HAVE_FULL_REFLECTION;HAVE_GUID_TRY_PARSE;HAVE_HASH_SET;HAVE_ICLONEABLE;HAVE_ICONVERTIBLE;HAVE_IGNORE_DATA_MEMBER_ATTRIBUTE;HAVE_INOTIFY_COLLECTION_CHANGED;HAVE_INOTIFY_PROPERTY_CHANGING;HAVE_ISET;HAVE_LINQ;HAVE_MEMORY_BARRIER;HAVE_METHOD_IMPL_ATTRIBUTE;HAVE_NON_SERIALIZED_ATTRIBUTE;HAVE_READ_ONLY_COLLECTIONS;HAVE_SECURITY_SAFE_CRITICAL_ATTRIBUTE;HAVE_SERIALIZATION_BINDER_BIND_TO_NAME;HAVE_STREAM_READER_WRITER_CLOSE;HAVE_STRING_JOIN_WITH_ENUMERABLE;HAVE_TIME_SPAN_PARSE_WITH_CULTURE;HAVE_TIME_SPAN_TO_STRING_WITH_CULTURE;HAVE_TIME_ZONE_INFO;HAVE_TRACE_WRITER;HAVE_TYPE_DESCRIPTOR;HAVE_UNICODE_SURROGATE_DETECTION;HAVE_VARIANT_TYPE_PARAMETERS;HAVE_VERSION_TRY_PARSE;HAVE_XLINQ;HAVE_XML_DOCUMENT;HAVE_XML_DOCUMENT_TYPE;HAVE_CONCURRENT_DICTIONARY;$(AdditionalConstants) @@ -33,7 +33,7 @@ - + diff --git a/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs index af26be2743..015d52ec9a 100644 --- a/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs @@ -98,7 +98,7 @@ public override bool HasPrivateKey { // imitate signing byte[] hash = new byte[20]; -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 Rsa.SignData(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); #else if (Rsa is RSACryptoServiceProvider rsaCryptoServiceProvider) diff --git a/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs b/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs index a4226f18e1..aa49099fa2 100644 --- a/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs +++ b/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs @@ -39,6 +39,20 @@ public static class SecurityAlgorithms public const string Aes256Encryption = "http://www.w3.org/2001/04/xmlenc#aes256-cbc"; public const string DesEncryption = "http://www.w3.org/2001/04/xmlenc#des-cbc"; + // See: https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM + /// + /// Currently not supported. It's possible to provide your own implementation of the algorithm by overriding CryptoProviderFactory and AuthenticatedEncryptionProvider. + /// + public const string Aes128Gcm = "http://www.w3.org/2009/xmlenc11#aes128-gcm"; + /// + /// Currently not supported. It's possible to provide your own implementation of the algorithm by overriding CryptoProviderFactory and AuthenticatedEncryptionProvider. + /// + public const string Aes192Gcm = "http://www.w3.org/2009/xmlenc11#aes192-gcm"; + /// + /// Currently not supported. It's possible to provide your own implementation of the algorithm by overriding CryptoProviderFactory and AuthenticatedEncryptionProvider. + /// + public const string Aes256Gcm = "http://www.w3.org/2009/xmlenc11#aes256-gcm"; + // See: https://www.w3.org/TR/xmlenc-core1/#sec-kw-aes public const string Aes128KeyWrap = "http://www.w3.org/2001/04/xmlenc#kw-aes128"; public const string Aes192KeyWrap = "http://www.w3.org/2001/04/xmlenc#kw-aes192"; @@ -47,7 +61,8 @@ public static class SecurityAlgorithms public const string Ripemd160Digest = "http://www.w3.org/2001/04/xmlenc#ripemd160"; // See: https://www.w3.org/TR/xmlenc-core1/#sec-RSA-OAEP - public const string RsaOaepKeyWrap = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"; + public const string RsaOaepKeyWrap = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"; // treat as http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p. RsaOaepKeyWrap identifier doesn't exist, but we released, so don't break now. + public const string RsaOaepMgf1pKeyWrap = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; // See: https://tools.ietf.org/html/rfc7518#section-4.1 public const string Aes128KW = "A128KW"; @@ -61,6 +76,7 @@ public static class SecurityAlgorithms // See: https://www.w3.org/TR/xmldsig-core1/#sec-EnvelopedSignature public const string EnvelopedSignature = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"; + public const string Sha1Digest = "http://www.w3.org/2000/09/xmldsig#sha1"; // See http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-SHA256 // and https://tools.ietf.org/html/rfc6931#section-2.1.3 @@ -113,8 +129,8 @@ public static class SecurityAlgorithms public const string Aes192CbcHmacSha384 = "A192CBC-HS384"; public const string Aes256CbcHmacSha512 = "A256CBC-HS512"; - internal const string DefaultAsymmetricKeyWrapAlgorithm = RsaOaepKeyWrap; - internal const string DefaultSymmetricEncryptionAlgorithm = Aes128CbcHmacSha256; + internal const string DefaultAsymmetricKeyWrapAlgorithm = RsaOaepMgf1pKeyWrap; + internal const string DefaultSymmetricEncryptionAlgorithm = Aes128Gcm; #pragma warning restore 1591 } diff --git a/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs b/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs index 1b6a206b11..0ae8b14898 100644 --- a/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs +++ b/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs @@ -222,7 +222,7 @@ private static bool IsSupportedRsaPss(SecurityKey key) // RSA-PSS is not available on .NET 4.5 LogHelper.LogInformation(LogMessages.IDX10692); return false; -#elif NET461 || NETSTANDARD2_0 +#elif NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 // RSACryptoServiceProvider doesn't support RSA-PSS if (key is RsaSecurityKey rsa && rsa.Rsa is RSACryptoServiceProvider) { diff --git a/src/Microsoft.IdentityModel.Tokens/Utility.cs b/src/Microsoft.IdentityModel.Tokens/Utility.cs index 46e1d82323..1ab08c6051 100644 --- a/src/Microsoft.IdentityModel.Tokens/Utility.cs +++ b/src/Microsoft.IdentityModel.Tokens/Utility.cs @@ -276,5 +276,24 @@ internal static byte[] GenerateSha256Hash(string input) return hash.ComputeHash(Encoding.UTF8.GetBytes(input)); } } + + internal static byte[] ConcatByteArrays(params byte[][] list) + { + int outputLength = 0; + for (int i = 0; i < list.Length; i++) + outputLength += list[i].Length; + + byte[] outputBytes = new byte[outputLength]; + + int dstOffset = 0; + for (int i = 0; i < list.Length; i++) + { + Array.Copy(list[i], 0, outputBytes, dstOffset, list[i].Length); + dstOffset += list[i].Length; + } + + return outputBytes; + } + } } diff --git a/src/Microsoft.IdentityModel.Tokens/X509SecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/X509SecurityKey.cs index ee95cf7422..2be8b6ee49 100644 --- a/src/Microsoft.IdentityModel.Tokens/X509SecurityKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/X509SecurityKey.cs @@ -102,7 +102,7 @@ public AsymmetricAlgorithm PrivateKey { if (!_privateKeyAvailabilityDetermined) { -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 _privateKey = RSACertificateExtensions.GetRSAPrivateKey(Certificate); #else _privateKey = Certificate.PrivateKey; @@ -129,7 +129,7 @@ public AsymmetricAlgorithm PublicKey { if (_publicKey == null) { -#if NET461 || NETSTANDARD2_0 +#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1 _publicKey = RSACertificateExtensions.GetRSAPublicKey(Certificate); #else _publicKey = Certificate.PublicKey.Key; diff --git a/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/DefaultContractResolver.cs b/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/DefaultContractResolver.cs index 6043d096e9..c8fd18b7f4 100644 --- a/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/DefaultContractResolver.cs +++ b/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/DefaultContractResolver.cs @@ -1377,7 +1377,7 @@ protected virtual IValueProvider CreateMemberValueProvider(MemberInfo member) // warning - this method use to cause errors with Intellitrace. Retest in VS Ultimate after changes IValueProvider valueProvider; -#if !(PORTABLE40 || PORTABLE || DOTNET || NETSTANDARD2_0) +#if !(PORTABLE40 || PORTABLE || DOTNET || NETSTANDARD2_0 || NETSTANDARD2_1) if (DynamicCodeGeneration) { valueProvider = new DynamicValueProvider(member); diff --git a/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/JsonTypeReflector.cs b/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/JsonTypeReflector.cs index 680074d6f6..2c47f19bef 100644 --- a/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/JsonTypeReflector.cs +++ b/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/JsonTypeReflector.cs @@ -515,7 +515,7 @@ public static ReflectionDelegateFactory ReflectionDelegateFactory { get { -#if !(PORTABLE40 || PORTABLE || DOTNET || NETSTANDARD2_0) +#if !(PORTABLE40 || PORTABLE || DOTNET || NETSTANDARD2_0 || NETSTANDARD2_1) if (DynamicCodeGeneration) { return DynamicReflectionDelegateFactory.Instance; diff --git a/src/Microsoft.IdentityModel.Xml/CipherData.cs b/src/Microsoft.IdentityModel.Xml/CipherData.cs new file mode 100644 index 0000000000..86e3cce584 --- /dev/null +++ b/src/Microsoft.IdentityModel.Xml/CipherData.cs @@ -0,0 +1,110 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; +using System.Xml; +using static Microsoft.IdentityModel.Logging.LogHelper; + +namespace Microsoft.IdentityModel.Xml +{ + /// + /// Represents the element in XML encryption. This class cannot be inherited. + /// + /// http://www.w3.org/TR/xmlenc-core/#sec-CipherData + public sealed class CipherData + { + private byte[] _cipherValue = null; + + /// + /// Initializes an instance of . + /// + public CipherData() + { } + + /// + /// Initializes an instance of . + /// + /// + public CipherData(byte[] cipherValue) + { + CipherValue = cipherValue; + } + + /// + /// Gets or sets the element. + /// + public byte[] CipherValue + { + get { return _cipherValue; } + set + { + if (value == null) + throw new ArgumentNullException(nameof(value)); + + _cipherValue = (byte[])value.Clone(); + } + } + + internal void WriteXml(XmlWriter writer) + { + if (writer == null) + throw LogArgumentNullException(nameof(writer)); + + writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.CipherData, XmlEncryptionConstants.Namespace); + writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.CipherValue, XmlEncryptionConstants.Namespace); + + writer.WriteBase64(_cipherValue, 0, _cipherValue.Length); + + writer.WriteEndElement(); // CipherValue + writer.WriteEndElement(); // CipherData + } + + internal void ReadXml(XmlDictionaryReader reader) + { + if (reader == null) + throw LogArgumentNullException(nameof(reader)); + + if (!reader.IsStartElement(XmlEncryptionConstants.Elements.CipherData, XmlEncryptionConstants.Namespace)) + throw XmlUtil.LogReadException(LogMessages.IDX30011, XmlEncryptionConstants.Namespace, XmlEncryptionConstants.Elements.CipherData, reader.NamespaceURI, reader.LocalName); + + reader.ReadStartElement(XmlEncryptionConstants.Elements.CipherData, XmlEncryptionConstants.Namespace); + + if (!reader.IsStartElement(XmlEncryptionConstants.Elements.CipherValue, XmlEncryptionConstants.Namespace)) + throw XmlUtil.LogReadException(LogMessages.IDX30011, XmlEncryptionConstants.Namespace, XmlEncryptionConstants.Elements.CipherValue, reader.NamespaceURI, reader.LocalName); + + reader.ReadStartElement(XmlEncryptionConstants.Elements.CipherValue, XmlEncryptionConstants.Namespace); + + _cipherValue = reader.ReadContentAsBase64(); + + // + reader.ReadEndElement(); + + // + reader.ReadEndElement(); + } + } +} diff --git a/src/Microsoft.IdentityModel.Xml/DataReference.cs b/src/Microsoft.IdentityModel.Xml/DataReference.cs new file mode 100644 index 0000000000..dd7dfa7c97 --- /dev/null +++ b/src/Microsoft.IdentityModel.Xml/DataReference.cs @@ -0,0 +1,68 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System.Xml; +using static Microsoft.IdentityModel.Logging.LogHelper; + +namespace Microsoft.IdentityModel.Xml +{ + /// + /// Basic implementation of DataReference element used in XML encryption. This class cannot be inherited. + /// + /// http://www.w3.org/TR/xmlenc-core/#sec-ReferenceList + public sealed class DataReference : EncryptedReference + { + /// + /// Initializes a new instance of the class. + /// + public DataReference() : base() + { + } + + /// + /// Initializes a new instance of the class using the specified Uniform Resource Identifier (URI). + /// + /// + public DataReference(string uri) : base(uri) + { + } + + internal override void WriteXml(XmlWriter writer) + { + if (writer == null) + throw LogArgumentNullException(nameof(writer)); + + // nothing to write - return + if (string.IsNullOrEmpty(Uri)) + return; + + writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.DataReference, null); + writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Uri, Uri); + writer.WriteEndElement(); + } + } +} diff --git a/src/Microsoft.IdentityModel.Xml/EncryptedData.cs b/src/Microsoft.IdentityModel.Xml/EncryptedData.cs new file mode 100644 index 0000000000..eb07ef975d --- /dev/null +++ b/src/Microsoft.IdentityModel.Xml/EncryptedData.cs @@ -0,0 +1,70 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System.Xml; +using static Microsoft.IdentityModel.Logging.LogHelper; + +namespace Microsoft.IdentityModel.Xml +{ + /// + /// Represents the element in XML encryption. This class cannot be inherited. + /// + /// http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData + public sealed class EncryptedData : EncryptedType + { + /// + /// Initializes an instance of . + /// + public EncryptedData() + { + Type = XmlEncryptionConstants.EncryptedDataTypes.Element; + } + + internal override void WriteXml(XmlWriter writer) + { + if (writer == null) + throw LogArgumentNullException(nameof(writer)); + + writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.EncryptedData, XmlEncryptionConstants.Namespace); + base.WriteXml(writer); + writer.WriteEndElement(); + } + + internal override void ReadXml(XmlDictionaryReader reader) + { + if (reader == null) + throw LogArgumentNullException(nameof(reader)); + + if (!reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptedData, XmlEncryptionConstants.Namespace)) + throw XmlUtil.LogReadException(LogMessages.IDX30011, XmlEncryptionConstants.Namespace, XmlEncryptionConstants.Elements.EncryptedData, reader.NamespaceURI, reader.LocalName); + + base.ReadXml(reader); + + reader.ReadEndElement(); + } + } +} diff --git a/src/Microsoft.IdentityModel.Xml/EncryptedKey.cs b/src/Microsoft.IdentityModel.Xml/EncryptedKey.cs new file mode 100644 index 0000000000..c2be5c829d --- /dev/null +++ b/src/Microsoft.IdentityModel.Xml/EncryptedKey.cs @@ -0,0 +1,144 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; +using System.Collections.Generic; +using System.Xml; +using static Microsoft.IdentityModel.Logging.LogHelper; + +namespace Microsoft.IdentityModel.Xml +{ + /// + /// Represents the element in XML encryption. This class cannot be inherited. + /// + /// http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey + public sealed class EncryptedKey : EncryptedType + { + private IList _referenceList; + + /// + /// Initializes an instance of . + /// + public EncryptedKey() + { + Type = XmlEncryptionConstants.EncryptedDataTypes.EncryptedKey; + } + + /// + /// Gets the ReferenceList of elements. + /// + public IList ReferenceList + { + get + { + if (_referenceList == null) + _referenceList = new List(); + return _referenceList; + } + } + + /// + /// Adds new to the ReferenceList of elements. + /// + /// + public void AddReference(EncryptedReference reference) + { + ReferenceList.Add(reference); + } + + internal override void WriteXml(XmlWriter writer) + { + writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.EncryptedKey, XmlEncryptionConstants.Namespace); + + base.WriteXml(writer); + + if (ReferenceList.Count != 0) + { + writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.ReferenceList, null); + + foreach (var reference in ReferenceList) + { + reference.WriteXml(writer); + } + + writer.WriteEndElement(); + } + + writer.WriteEndElement(); + } + + internal override void ReadXml(XmlDictionaryReader reader) + { + if (reader == null) + throw LogArgumentNullException(nameof(reader)); + + if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptedKey, XmlEncryptionConstants.Namespace)) + { + // 1 + base.ReadXml(reader); + + // ? 0 - 1 + if (reader.IsStartElement(XmlEncryptionConstants.Elements.ReferenceList, XmlEncryptionConstants.Namespace)) + { + reader.ReadStartElement(XmlEncryptionConstants.Elements.ReferenceList, XmlEncryptionConstants.Namespace); + + while (reader.IsStartElement()) + { + if (reader.IsStartElement(XmlEncryptionConstants.Elements.DataReference, XmlEncryptionConstants.Namespace)) + { + var dataReferece = new DataReference(); + dataReferece.ReadXml(reader); + ReferenceList.Add(dataReferece); + } + else if (reader.IsStartElement(XmlEncryptionConstants.Elements.KeyReference, XmlEncryptionConstants.Namespace)) + { + var keyReferece = new KeyReference(); + keyReferece.ReadXml(reader); + ReferenceList.Add(keyReferece); + } + else + { + LogInformation(LogMessages.IDX30303, reader.LocalName); + reader.Skip(); + } + } + } + + // ? 0 - 1 + // Skip - not supported + if (reader.IsStartElement(XmlEncryptionConstants.Elements.CarriedKeyName, XmlEncryptionConstants.Namespace)) + { + LogInformation(LogMessages.IDX30302, XmlEncryptionConstants.Elements.CarriedKeyName, XmlEncryptionConstants.Elements.EncryptedKey); + reader.Skip(); + } + + // should be on EndElement for the EncryptedKey + reader.ReadEndElement(); + } + } + } +} diff --git a/src/Microsoft.IdentityModel.Xml/EncryptedReference.cs b/src/Microsoft.IdentityModel.Xml/EncryptedReference.cs new file mode 100644 index 0000000000..788c615c78 --- /dev/null +++ b/src/Microsoft.IdentityModel.Xml/EncryptedReference.cs @@ -0,0 +1,74 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System.Xml; +using static Microsoft.IdentityModel.Logging.LogHelper; + +namespace Microsoft.IdentityModel.Xml +{ + /// + /// Represents the abstract base class used in XML encryption from which the and classes derive. + /// + /// http://www.w3.org/TR/xmlenc-core1/#sec-ReferenceList + public abstract class EncryptedReference + { + /// + /// Initializes a new instance of the class. + /// + protected EncryptedReference() + { + } + + /// + /// Initializes a new instance of the class using the specified Uniform Resource Identifier(URI). + /// + /// + protected EncryptedReference(string uri) + { + Uri = uri; + } + + /// + /// Gets or sets the Uniform Resource Identifier(URI) of an object. + /// + public string Uri { get; set; } + + abstract internal void WriteXml(XmlWriter writer); + + internal virtual void ReadXml(XmlDictionaryReader reader) + { + if (reader == null) + throw LogArgumentNullException(nameof(reader)); + + if (reader.IsStartElement(XmlEncryptionConstants.Elements.KeyReference, XmlEncryptionConstants.Namespace) || reader.IsStartElement(XmlEncryptionConstants.Elements.DataReference, XmlEncryptionConstants.Namespace)) + { + Uri = reader.GetAttribute(XmlEncryptionConstants.Attributes.Uri, null); + reader.Skip(); + } + } + } +} diff --git a/src/Microsoft.IdentityModel.Xml/EncryptedType.cs b/src/Microsoft.IdentityModel.Xml/EncryptedType.cs new file mode 100644 index 0000000000..06ab92eb87 --- /dev/null +++ b/src/Microsoft.IdentityModel.Xml/EncryptedType.cs @@ -0,0 +1,175 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; +using System.Xml; +using static Microsoft.IdentityModel.Logging.LogHelper; + +namespace Microsoft.IdentityModel.Xml +{ + /// + /// Represents the abstract base class from which the classes EncryptedData and EncryptedKey derive. + /// + /// + /// http://www.w3.org/TR/xmlenc-core1/#sec-EncryptedType + /// + public abstract class EncryptedType + { + private CipherData _cipherData; + private KeyInfo _keyInfo; + private EncryptionMethod _encryptionMethod; + + /// + /// Gets or sets the value for an instance of an class. + /// + public virtual CipherData CipherData + { + get + { + if (_cipherData == null) + _cipherData = new CipherData(); + + return _cipherData; + } + set + { + _cipherData = value ?? throw new ArgumentNullException(nameof(value)); + } + } + + /// + /// Gets or sets the attribute of an instance in XML encryption. + /// + public virtual string Id { get; set; } + + /// + /// Gets or sets the attribute of an instance in XML encryption. + /// + public virtual string Type { get; set; } + + /// + /// Gets or sets the attribute of an instance in XML encryption. + /// + /// + /// MimeType attribute is ignored while reading and writing an EncryptedAssertion + /// + public virtual string MimeType { get; set; } + + /// + /// Gets the attribute of an instance in XML encryption. + /// + /// + /// Encoding attribute is set to + /// + public virtual string Encoding { get => XmlSignatureConstants.Base64Encoding; } + + /// + /// Gets of sets the element in XML encryption. + /// + public KeyInfo KeyInfo + { + get + { + if (_keyInfo == null) + _keyInfo = new KeyInfo(); + return _keyInfo; + } + set { _keyInfo = value; } + } + + /// + /// Encapsulates the encryption algorithm used for XML encryption. + /// + public EncryptionMethod EncryptionMethod + { + get + { + if (_encryptionMethod == null) + _encryptionMethod = new EncryptionMethod(); + return _encryptionMethod; + } + set { _encryptionMethod = value; } + } + + internal virtual void WriteXml(XmlWriter writer) + { + if (writer == null) + throw LogArgumentNullException(nameof(writer)); + + if (!string.IsNullOrEmpty(Id)) + writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Id, null, Id); + + if (!string.IsNullOrEmpty(Type)) + writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Type, null, Type); + + if (!string.IsNullOrEmpty(MimeType)) + writer.WriteAttributeString(XmlEncryptionConstants.Attributes.MimeType, null, MimeType); + + if (!string.IsNullOrEmpty(Encoding)) + writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Encoding, null, Encoding); + + EncryptionMethod.WriteXml(writer); + KeyInfo.WriteXml(writer); + CipherData.WriteXml(writer); + } + + internal virtual void ReadXml(XmlDictionaryReader reader) + { + if (reader == null) + throw LogArgumentNullException(nameof(reader)); + + Id = reader.GetAttribute(XmlEncryptionConstants.Attributes.Id, null); + Type = reader.GetAttribute(XmlEncryptionConstants.Attributes.Type, null); + MimeType = reader.GetAttribute(XmlEncryptionConstants.Attributes.MimeType, null); + + reader.ReadStartElement(); + + // ? 0 - 1 + if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptionMethod, XmlEncryptionConstants.Namespace)) + { + EncryptionMethod.ReadXml(reader); + } + + // ? 0 - 1 + if (reader.IsStartElement(XmlSignatureConstants.Elements.KeyInfo, XmlSignatureConstants.Namespace)) + { + KeyInfo.ReadXml(reader); + } + + // 1 + CipherData.ReadXml(reader); + + // ? 0 - 1 + // Skip - not supported + if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptionProperties, XmlEncryptionConstants.Namespace)) + { + LogInformation(LogMessages.IDX30301, XmlEncryptionConstants.Elements.EncryptionProperties); + reader.Skip(); + } + } + } +} diff --git a/src/Microsoft.IdentityModel.Xml/EncryptionMethod.cs b/src/Microsoft.IdentityModel.Xml/EncryptionMethod.cs new file mode 100644 index 0000000000..84175f4efd --- /dev/null +++ b/src/Microsoft.IdentityModel.Xml/EncryptionMethod.cs @@ -0,0 +1,122 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System.Xml; +using static Microsoft.IdentityModel.Logging.LogHelper; + +namespace Microsoft.IdentityModel.Xml +{ + /// + /// Represents the element in XML encryption that describes the encryption algorithm applied to the cipher data. This class cannot be inherited. + /// + /// http://www.w3.org/TR/xmlenc-core/#sec-EncryptionMethod + public class EncryptionMethod + { + /// + /// Initializes a new instance of the class. + /// + public EncryptionMethod() + { + } + + /// + /// Initializes a new instance of the class specifying an algorithm Uniform Resource Identifier(URI). + /// + /// + public EncryptionMethod(string algorithm) + { + KeyAlgorithm = algorithm; + } + + /// + /// Gets or sets a Uniform Resource Identifier (URI) that describes the algorithm to use for XML encryption. + /// + public string KeyAlgorithm { get; set; } + + /// + /// Gets or sets the digest method Uniform Resource Identifier (URI) + /// + public string DigestMethod { get; set; } + + internal void WriteXml(XmlWriter writer) + { + if (writer == null) + throw LogArgumentNullException(nameof(writer)); + + // nothing to write - return + if (string.IsNullOrEmpty(KeyAlgorithm)) + return; + + writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.EncryptionMethod, XmlEncryptionConstants.Namespace); + writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Algorithm, null, KeyAlgorithm); + + if (!string.IsNullOrEmpty(DigestMethod)) + { + writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.DigestMethod, XmlSignatureConstants.Namespace); + writer.WriteAttributeString(XmlSignatureConstants.Attributes.Algorithm, null, DigestMethod); + writer.WriteEndElement(); + } + + writer.WriteEndElement(); + } + + internal void ReadXml(XmlDictionaryReader reader) + { + if (reader == null) + throw LogArgumentNullException(nameof(reader)); + + if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptionMethod, XmlEncryptionConstants.Namespace)) + { + KeyAlgorithm = reader.GetAttribute(XmlEncryptionConstants.Attributes.Algorithm, null); + + if (reader.IsEmptyElement) + { + reader.Read(); + return; + } + + reader.ReadStartElement(XmlEncryptionConstants.Elements.EncryptionMethod, XmlEncryptionConstants.Namespace); + + while (reader.IsStartElement()) + { + if (reader.IsStartElement(XmlSignatureConstants.Elements.DigestMethod, XmlSignatureConstants.Namespace)) + { + DigestMethod = reader.GetAttribute(XmlSignatureConstants.Attributes.Algorithm, null); + } + else + { + LogInformation(LogMessages.IDX30302, reader.LocalName, XmlEncryptionConstants.Elements.EncryptionMethod); + } + + reader.Skip(); + } + + reader.ReadEndElement(); + } + } + } +} diff --git a/src/Microsoft.IdentityModel.Xml/KeyInfo.cs b/src/Microsoft.IdentityModel.Xml/KeyInfo.cs index a9c5baedf9..9f34b4f856 100644 --- a/src/Microsoft.IdentityModel.Xml/KeyInfo.cs +++ b/src/Microsoft.IdentityModel.Xml/KeyInfo.cs @@ -30,7 +30,9 @@ using System.Collections.ObjectModel; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; +using System.Xml; using Microsoft.IdentityModel.Tokens; +using static Microsoft.IdentityModel.Logging.LogHelper; namespace Microsoft.IdentityModel.Xml { @@ -101,6 +103,15 @@ public string RetrievalMethodUri set; } + /// + /// Gets or sets the Type associated with the RetrievalMethod + /// + public string RetrievalMethodType + { + get; + set; + } + /// /// Gets or sets the RSAKeyValue. /// @@ -229,5 +240,143 @@ private bool Matches(JsonWebKey key) return false; } + + /// + /// + /// + /// + internal void WriteXml(XmlWriter writer) + { + if (writer == null) + throw LogArgumentNullException(nameof(writer)); + + if (!AnythingToWrite()) + return; + + writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.KeyInfo, XmlSignatureConstants.Namespace); + + if (!string.IsNullOrEmpty(KeyName)) + { + writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.KeyName, null); + writer.WriteValue(KeyName); + writer.WriteEndElement(); + } + + if (!string.IsNullOrEmpty(RetrievalMethodUri)) + { + writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.RetrievalMethod, null); + writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Uri, null, RetrievalMethodUri); + if (!string.IsNullOrEmpty(RetrievalMethodType)) + writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Type, null, RetrievalMethodType); + writer.WriteEndElement(); + } + + if (X509Data.Count != 0) + { + writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.X509Data, null); + + // use only first element from the collection + var enumerator = X509Data.GetEnumerator(); + enumerator.MoveNext(); + var _x509Data = enumerator.Current; + + if (_x509Data.Certificates.Count != 0) + { + foreach (var certificate in _x509Data.Certificates) + { + writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.X509Certificate, null); + writer.WriteValue(certificate); + writer.WriteEndElement(); + } + } + + writer.WriteEndElement(); // + } + + writer.WriteEndElement(); // + } + + internal void ReadXml(XmlDictionaryReader reader) + { + if (reader == null) + throw LogArgumentNullException(nameof(reader)); + + if (reader.IsStartElement(XmlSignatureConstants.Elements.KeyInfo, XmlSignatureConstants.Namespace)) + { + if (reader.IsEmptyElement) + { + reader.Skip(); + return; + } + + reader.ReadStartElement(XmlSignatureConstants.Elements.KeyInfo, XmlSignatureConstants.Namespace); + + while (reader.IsStartElement()) + { + if (reader.IsStartElement(XmlSignatureConstants.Elements.KeyName, XmlSignatureConstants.Namespace)) + { + reader.ReadStartElement(XmlSignatureConstants.Elements.KeyName, XmlSignatureConstants.Namespace); + string __keyName = reader.ReadContentAsString(); + if (!string.IsNullOrEmpty(__keyName)) + { + KeyName = __keyName; + } + + reader.Skip(); + } + else if (reader.IsStartElement(XmlSignatureConstants.Elements.RetrievalMethod, XmlSignatureConstants.Namespace)) + { + string __uri = reader.GetAttribute(XmlEncryptionConstants.Attributes.Uri); + if (!string.IsNullOrEmpty(__uri)) + { + RetrievalMethodUri = __uri; + } + + string __type = reader.GetAttribute(XmlEncryptionConstants.Attributes.Type); + if (!string.IsNullOrEmpty(__type)) + { + RetrievalMethodType = __type; + } + + reader.Skip(); + } + else if (reader.IsStartElement(XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace)) + { + reader.ReadStartElement(XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); + while (reader.IsStartElement(XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace)) + { + reader.ReadStartElement(XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace); + string __x509Cert = reader.ReadContentAsString(); + if (!string.IsNullOrEmpty(__x509Cert)) + { + var __x509Data = new X509Data(); + __x509Data.Certificates.Add(__x509Cert); + X509Data.Add(__x509Data); + } + + reader.ReadEndElement(); + } + + reader.Skip(); + } + else if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptedKey, XmlEncryptionConstants.Namespace)) + { + throw XmlUtil.LogReadException(LogMessages.IDX30030); + } + else if (reader.IsStartElement()) // skipped an unknown element (no support for now) + { + LogInformation(LogMessages.IDX30302, reader.LocalName, XmlSignatureConstants.Elements.KeyInfo); + reader.Skip(); + } + } + + reader.ReadEndElement(); + } + } + + private bool AnythingToWrite() + { + return !(string.IsNullOrEmpty(KeyName) && string.IsNullOrEmpty(RetrievalMethodUri) && X509Data.Count == 0); + } } } diff --git a/src/Microsoft.IdentityModel.Xml/KeyReference.cs b/src/Microsoft.IdentityModel.Xml/KeyReference.cs new file mode 100644 index 0000000000..6da62430fc --- /dev/null +++ b/src/Microsoft.IdentityModel.Xml/KeyReference.cs @@ -0,0 +1,68 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System.Xml; +using static Microsoft.IdentityModel.Logging.LogHelper; + +namespace Microsoft.IdentityModel.Xml +{ + /// + /// Basic implementation of KeyReference element used in XML encryption. This class cannot be inherited. + /// + /// http://www.w3.org/TR/xmlenc-core/#sec-ReferenceList + public sealed class KeyReference : EncryptedReference + { + /// + /// Initializes a new instance of the class. + /// + public KeyReference() : base() + { + } + + /// + /// Initializes a new instance of the class using the specified Uniform Resource Identifier (URI). + /// + /// + public KeyReference(string uri) : base(uri) + { + } + + internal override void WriteXml(XmlWriter writer) + { + if (writer == null) + throw LogArgumentNullException(nameof(writer)); + + // nothing to write - return + if (string.IsNullOrEmpty(Uri)) + return; + + writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.KeyReference, null); + writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Uri, Uri); + writer.WriteEndElement(); + } + } +} diff --git a/src/Microsoft.IdentityModel.Xml/LogMessages.cs b/src/Microsoft.IdentityModel.Xml/LogMessages.cs index dafba8ee55..d8ecda8501 100644 --- a/src/Microsoft.IdentityModel.Xml/LogMessages.cs +++ b/src/Microsoft.IdentityModel.Xml/LogMessages.cs @@ -52,6 +52,7 @@ internal static class LogMessages internal const string IDX30027 = "IDX30027: InnerReader is null. It is necessary to set InnerReader before making calls to DelegatingXmlDictionaryReader."; internal const string IDX30028 = "IDX30028: InnerWriter is null. It is necessary to set InnerWriter before making calls to DelegatingXmlDictionaryWriter."; internal const string IDX30029 = "IDX30029: The Reference '{0}' has exceeded the number of Transforms that will be processed: '{1}'. If there is a need to increase the number of Transforms, the DSigSerializer.MaximumReferenceTransforms can be increased. The default value is 10."; + internal const string IDX30030 = "IDX30030: EncryptedKey element is embedded withing EncryptedData element. This is currently not supported. Place EncryptedKey element next to associated EncryptedData element, within the enclosing Saml parent element."; // XML structure, supported exceptions internal const string IDX30100 = "IDX30100: Unable to process the {0} element. This canonicalization method is not supported: '{1}'. Supported methods are: '{2}', '{3}'."; @@ -76,6 +77,9 @@ internal static class LogMessages // logging messages internal const string IDX30300 = "IDX30300: KeyInfo skipped unknown element: '{0}'."; + internal const string IDX30301 = "IDX30301: Skipped loading element: '{0}'. Currently not supported."; + internal const string IDX30302 = "IDX30302: Skipped loading element: '{0}' under node: '{1}'. Currently not supported."; + internal const string IDX30303 = "IDX30303: Skipped loading unknown reference element: '{0}'."; // XML writing internal const string IDX30401 = "IDX30401: Unable to write XML. {0}.{1} is null or empty."; diff --git a/src/Microsoft.IdentityModel.Xml/XMLEncryptionConstants.cs b/src/Microsoft.IdentityModel.Xml/XMLEncryptionConstants.cs new file mode 100644 index 0000000000..05a7374428 --- /dev/null +++ b/src/Microsoft.IdentityModel.Xml/XMLEncryptionConstants.cs @@ -0,0 +1,57 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; + +namespace Microsoft.IdentityModel.Xml +{ + /// + /// Constants for XML Encryption + /// Definitions for namespace, attributes and elements as defined in http://www.w3.org/TR/xmlenc-core1/ + /// + public static class XmlEncryptionConstants + { +#pragma warning disable 1591 + public const string Namespace = "http://www.w3.org/2001/04/xmlenc#"; + + public const string Prefix = "xenc"; + + public static class Attributes + { + public const string Algorithm = "Algorithm"; + public const string Encoding = "Encoding"; + public const string Id = "Id"; + public const string MimeType = "MimeType"; + public const string Recipient = "Recipient"; + public const string Type = "Type"; + public const string Uri = "URI"; + } + + public static class Elements + { + public const string CarriedKeyName = "CarriedKeyName"; + public const string CipherData = "CipherData"; + public const string CipherReference = "CiperReference"; + public const string CipherValue = "CipherValue"; + public const string DataReference = "DataReference"; + public const string EncryptedData = "EncryptedData"; + public const string EncryptedKey = "EncryptedKey"; + public const string EncryptionMethod = "EncryptionMethod"; + public const string EncryptionProperties = "EncryptionProperties"; + public const string KeyReference = "KeyReference"; + public const string KeySize = "KeySize"; + public const string OaepParams = "OAEPparams"; + public const string Recipient = "Recipient"; + public const string ReferenceList = "ReferenceList"; + } + + public static class EncryptedDataTypes + { + public const string Element = Namespace + "Element"; + public const string Content = Namespace + "Content"; + public const string EncryptedKey = Namespace + "EncryptedKey"; +#pragma warning restore 1591 + } + } +} \ No newline at end of file diff --git a/src/Microsoft.IdentityModel.Xml/XmlSignatureConstants.cs b/src/Microsoft.IdentityModel.Xml/XmlSignatureConstants.cs index c954589fa7..c434f46cf1 100644 --- a/src/Microsoft.IdentityModel.Xml/XmlSignatureConstants.cs +++ b/src/Microsoft.IdentityModel.Xml/XmlSignatureConstants.cs @@ -46,6 +46,7 @@ public static class XmlSignatureConstants public const string XmlNamespaceNamespace = "http://www.w3.org/2000/xmlns/"; public const string XmlNamepspacePrefix = "xmlns"; public const string XmlSchemaNamespace = "http://www.w3.org/2001/XMLSchema-instance"; + public const string Base64Encoding = Namespace + "base64"; public static class Attributes { diff --git a/src/Microsoft.IdentityModel.Xml/XmlUtil.cs b/src/Microsoft.IdentityModel.Xml/XmlUtil.cs index 20bb205615..c2f9f98822 100644 --- a/src/Microsoft.IdentityModel.Xml/XmlUtil.cs +++ b/src/Microsoft.IdentityModel.Xml/XmlUtil.cs @@ -27,6 +27,7 @@ using System; using System.Collections.Generic; +using System.IO; using System.Text; using System.Xml; using static Microsoft.IdentityModel.Logging.LogHelper; @@ -430,5 +431,34 @@ internal static string[] TokenizeInclusiveNamespacesPrefixList(string inclusiveN return result; } } + +#if NET45 || NET451 + private static readonly XmlReaderSettings SafeXmlReaderSettings = new XmlReaderSettings { XmlResolver = null, DtdProcessing = DtdProcessing.Prohibit }; +#else + private static readonly XmlReaderSettings SafeXmlReaderSettings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit }; +#endif + + /// + /// Creates an instance of a default . + /// The caller is responsible for disposing of the returned XmlDictionaryReader. + /// + /// The string to which the underlying should be initialized. + /// An instance of . + public static XmlReader CreateDefaultXmlReader(string input) + { + var stringReader = new StringReader(input); + return XmlReader.Create(stringReader, SafeXmlReaderSettings); + } + + /// + /// Creates an instance of a default . + /// The caller is responsible for disposing of the returned XmlDictionaryReader. + /// + /// The string to which the underlying should be initialized. + /// An instance of . + public static XmlDictionaryReader CreateDefaultXmlDictionaryReader(string input) + { + return XmlDictionaryReader.CreateDictionaryReader(CreateDefaultXmlReader(input)); + } } } \ No newline at end of file diff --git a/test/CrossVersionTokenValidation.Tests/Saml2CrossVersionTokenValidationTests.cs b/test/CrossVersionTokenValidation.Tests/Saml2CrossVersionTokenValidationTests.cs index 88e040d075..1a6079281c 100644 --- a/test/CrossVersionTokenValidation.Tests/Saml2CrossVersionTokenValidationTests.cs +++ b/test/CrossVersionTokenValidation.Tests/Saml2CrossVersionTokenValidationTests.cs @@ -189,7 +189,9 @@ public static TheoryData CrossVersionSaml2TokenTest Expires = Default.Expires, Issuer = Default.Issuer, SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest), + #pragma warning disable 0618 Subject = AuthenticationClaimsIdentity + #pragma warning restore 0618 }, ValidationParameters4x = new TokenValidationParameters4x { diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs index 4c52a539d7..2f5a619638 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs @@ -268,7 +268,9 @@ public static TheoryData CreateJWETheoryData { SigningCredentials = KeyingMaterial.JsonWebKeyRsa256SigningCredentials, EncryptingCredentials = KeyingMaterial.DefaultSymmetricEncryptingCreds_Aes256_Sha512_512, + #pragma warning disable 0618 Subject = new ClaimsIdentity(Default.PayloadClaims), + #pragma warning restore 0618 }, JsonWebTokenHandler = new JsonWebTokenHandler(), JwtSecurityTokenHandler = tokenHandler, @@ -692,7 +694,9 @@ public static TheoryData CreateJWSTheoryData TokenDescriptor = new SecurityTokenDescriptor { SigningCredentials = KeyingMaterial.JsonWebKeyRsa256SigningCredentials, + #pragma warning disable 0618 Subject = new ClaimsIdentity(Default.PayloadClaims) + #pragma warning restore 0618 }, JsonWebTokenHandler = new JsonWebTokenHandler(), JwtSecurityTokenHandler = tokenHandler, @@ -1708,6 +1712,14 @@ public static TheoryData RoundTripJWEKeyWrappingTheoryDat ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256), Payload = Default.PayloadString, SigningCredentials = Default.SymmetricSigningCredentials, + EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes128CbcHmacSha256) + }, + new CreateTokenTheoryData() + { + TestId = "WrongRsaOaepKeyWrapIdentifier-Aes128CbcHmacSha256", + ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256), + Payload = Default.PayloadString, + SigningCredentials = Default.SymmetricSigningCredentials, EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes128CbcHmacSha256) }, new CreateTokenTheoryData() @@ -1716,6 +1728,14 @@ public static TheoryData RoundTripJWEKeyWrappingTheoryDat ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256), Payload = Default.PayloadString, SigningCredentials = Default.SymmetricSigningCredentials, + EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384) + }, + new CreateTokenTheoryData() + { + TestId = "WrongRsaOaepKeyWrapIdentifier-Aes192CbcHmacSha384", + ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256), + Payload = Default.PayloadString, + SigningCredentials = Default.SymmetricSigningCredentials, EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384) }, new CreateTokenTheoryData() @@ -1724,6 +1744,14 @@ public static TheoryData RoundTripJWEKeyWrappingTheoryDat ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256), Payload = Default.PayloadString, SigningCredentials = Default.SymmetricSigningCredentials, + EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes256CbcHmacSha512) + }, + new CreateTokenTheoryData() + { + TestId = "WrongRsaOaepKeyWrapIdentifier-Aes256CbcHmacSha512", + ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256), + Payload = Default.PayloadString, + SigningCredentials = Default.SymmetricSigningCredentials, EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes256CbcHmacSha512) }, new CreateTokenTheoryData() @@ -1748,6 +1776,14 @@ public static TheoryData RoundTripJWEKeyWrappingTheoryDat ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256), Payload = Default.PayloadString, SigningCredentials = Default.SymmetricSigningCredentials, + EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384) + }, + new CreateTokenTheoryData() + { + TestId = "WrongRsaOaepKeyWrapIdentifier-Aes192CbcHmacSha384", + ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256), + Payload = Default.PayloadString, + SigningCredentials = Default.SymmetricSigningCredentials, EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384) } }; diff --git a/test/Microsoft.IdentityModel.TestUtils/Default.cs b/test/Microsoft.IdentityModel.TestUtils/Default.cs index f38266ddfc..95e0877c56 100644 --- a/test/Microsoft.IdentityModel.TestUtils/Default.cs +++ b/test/Microsoft.IdentityModel.TestUtils/Default.cs @@ -776,7 +776,9 @@ public static SecurityTokenDescriptor SecurityTokenDescriptor(EncryptingCredenti IssuedAt = DateTime.UtcNow, NotBefore = DateTime.UtcNow, SigningCredentials = signingCredentials, +#pragma warning disable 0618 Subject = claims == null ? ClaimsIdentity : new ClaimsIdentity(claims) +#pragma warning restore 0618 }; } diff --git a/test/Microsoft.IdentityModel.TestUtils/ExpectedException.cs b/test/Microsoft.IdentityModel.TestUtils/ExpectedException.cs index b1d3e641f4..4e236a8aea 100644 --- a/test/Microsoft.IdentityModel.TestUtils/ExpectedException.cs +++ b/test/Microsoft.IdentityModel.TestUtils/ExpectedException.cs @@ -31,6 +31,7 @@ using System.Reflection; using System.Security.Cryptography; using Microsoft.IdentityModel.Tokens; +using Microsoft.IdentityModel.Tokens.Saml2; namespace Microsoft.IdentityModel.TestUtils { @@ -104,6 +105,21 @@ public static ExpectedException ObjectDisposedException } } + public static ExpectedException Saml2SecurityTokenEncryptedAssertionEncryptionException(string substringExpected = null, Type innerTypeExpected = null) + { + return new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionEncryptionException), substringExpected, innerTypeExpected); + } + + public static ExpectedException Saml2SecurityTokenEncryptedAssertionDecryptionException(string substringExpected = null, Type innerTypeExpected = null) + { + return new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), substringExpected, innerTypeExpected); + } + + public static ExpectedException Saml2SecurityTokenEncryptedAssertionException(string substringExpected = null, Type innerTypeExpected = null) + { + return new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionException), substringExpected, innerTypeExpected); + } + public void ProcessException(Exception exception, CompareContext context) { ProcessException(exception, context.Diffs); diff --git a/test/Microsoft.IdentityModel.TestUtils/KeyingMaterial.cs b/test/Microsoft.IdentityModel.TestUtils/KeyingMaterial.cs index 9f9e597c6f..4bb0376caa 100644 --- a/test/Microsoft.IdentityModel.TestUtils/KeyingMaterial.cs +++ b/test/Microsoft.IdentityModel.TestUtils/KeyingMaterial.cs @@ -224,6 +224,10 @@ public static RsaSecurityKey RsaSecurityKey2 public static byte[] DefaultSymmetricKeyBytes_128 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_128); public static SymmetricSecurityKey DefaultSymmetricSecurityKey_128 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_128) { KeyId = "DefaultSymmetricSecurityKey_128" }; + public static string DefaultSymmetricKeyEncoded_192 = "hf+ctyfSxzcVMn5B5D+u4It4/HHjnh/E"; + public static byte[] DefaultSymmetricKeyBytes_192 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_192); + public static SymmetricSecurityKey DefaultSymmetricSecurityKey_192 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_192) { KeyId = "DefaultSymmetricSecurityKey_192" }; + public static string DefaultSymmetricKeyEncoded_256 = "Vbxq2mlbGJw8XH+ZoYBnUHmHga8/o/IduvU/Tht70iE="; public static byte[] DefaultSymmetricKeyBytes_256 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_256); public static SymmetricSecurityKey DefaultSymmetricSecurityKey_256 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_256) { KeyId = "DefaultSymmetricSecurityKey_256" }; diff --git a/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs b/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs index 9fc2a3fcd8..a095fa588b 100644 --- a/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs +++ b/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs @@ -29,7 +29,7 @@ namespace Microsoft.IdentityModel.TestUtils { public class ReferenceTokens { -#region Saml2 Token + #region Saml2 Token public static string AADJWKS = @"{""keys"":[{""kty"":""RSA"",""use"":""sig"",""kid"":""a3QN0BZS7s4nN-BdrjbF0Y_LdMM"",""x5t"":""a3QN0BZS7s4nN-BdrjbF0Y_LdMM"",""n"":""wESLNTU4mazfVL-vLuJq_8ggJhW1DYxE-EeFiSccia1TTeyBWTVfG5vgYPtHXmL1RYgZvNhIYppS0ZT2U_nnCt8ukONCMSBpeLh8TqZxkHBr2pzbaKzbcHpHrsoxxXLHINZ6L4g_ewqYJwxfshuyD65tlSm8obFdnbtiCoVM-oJPbOcPsrzVgp_L5JWDe5bp6lbXXjJnMKVNCVqum1i4Taa6PGNm3HtlSXBz0CFWLwJ6IvAY7XDNOal3-5y2md6vqhzffmu90mKQ2ZzVwUoIr7aKt7DVuBQke434skDTLmJVcq-iOIpnYiLtApefX1KyDUWgnfHY1YDTrBzQKeu4uw"",""e"":""AQAB"",""x5c"":[""MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD""]},{""kty"":""RSA"",""use"":""sig"",""kid"":""2S4SCVGs8Sg9LS6AqLIq6DpW-g8"",""x5t"":""2S4SCVGs8Sg9LS6AqLIq6DpW-g8"",""n"":""oZ-QQrNuB4ei9ATYrT61ebPtvwwYWnsrTpp4ISSp6niZYb92XM0oUTNgqd_C1vGN8J-y9wCbaJWkpBf46CjdZehrqczPhzhHau8WcRXocSB1u_tuZhv1ooAZ4bAcy79UkeLiG60HkuTNJJC8CfaTp1R97szBhuk0Vz5yt4r5SpfewIlBCnZUYwkDS172H9WapQu-3P2Qjh0l-JLyCkdrhvizZUk0atq5_AIDKRU-A0pRGc-EZhUL0LqUMz6c6M2s_4GnQaScv44A5iZUDD15B6e8Apb2yARohkWmOnmRcTVfes8EkfxjzZEzm3cNkvP0ogILyISHKlkzy2OmlU6iXw"",""e"":""AQAB"",""x5c"":[""MIIDKDCCAhCgAwIBAgIQBHJvVNxP1oZO4HYKh+rypDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMTYxMTE2MDgwMDAwWhcNMTgxMTE2MDgwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChn5BCs24Hh6L0BNitPrV5s+2/DBhaeytOmnghJKnqeJlhv3ZczShRM2Cp38LW8Y3wn7L3AJtolaSkF/joKN1l6GupzM+HOEdq7xZxFehxIHW7+25mG/WigBnhsBzLv1SR4uIbrQeS5M0kkLwJ9pOnVH3uzMGG6TRXPnK3ivlKl97AiUEKdlRjCQNLXvYf1ZqlC77c/ZCOHSX4kvIKR2uG+LNlSTRq2rn8AgMpFT4DSlEZz4RmFQvQupQzPpzozaz/gadBpJy/jgDmJlQMPXkHp7wClvbIBGiGRaY6eZFxNV96zwSR/GPNkTObdw2S8/SiAgvIhIcqWTPLY6aVTqJfAgMBAAGjWDBWMFQGA1UdAQRNMEuAEDUj0BrjP0RTbmoRPTRMY3WhJTAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXOCEARyb1TcT9aGTuB2Cofq8qQwDQYJKoZIhvcNAQELBQADggEBAGnLhDHVz2gLDiu9L34V3ro/6xZDiSWhGyHcGqky7UlzQH3pT5so8iF5P0WzYqVtogPsyC2LPJYSTt2vmQugD4xlu/wbvMFLcV0hmNoTKCF1QTVtEQiAiy0Aq+eoF7Al5fV1S3Sune0uQHimuUFHCmUuF190MLcHcdWnPAmzIc8fv7quRUUsExXmxSX2ktUYQXzqFyIOSnDCuWFm6tpfK5JXS8fW5bpqTlrysXXz/OW/8NFGq/alfjrya4ojrOYLpunGriEtNPwK7hxj1AlCYEWaRHRXaUIW1ByoSff/6Y6+ZhXPUe0cDlNRt/qIz5aflwO7+W8baTS4O8m/icu7ItE=""]}]}"; public static string Saml2Token_InclusiveNamespaces_WithoutPrefix = @@ -97,6 +97,118 @@ public class ReferenceTokens public static string Saml2Token_NoConditions_NoSignature = @"https://sts.windows.net/add29489-7269-41f4-8841-b63c95564420/RrX3SPSxDw6z4KHaKB2V_mnv0G-LbRZdYvo1RQa1L7sadd29489-7269-41f4-8841-b63c95564420d1ad9ce7-b322-4221-ab74-1e1011e1bbcbUser1@Cyrano.onmicrosoft.com1UserUser1https://sts.windows.net/add29489-7269-41f4-8841-b63c95564420/urn:oasis:names:tc:SAML:2.0:ac:classes:Password"; + #region EncryptedAssertion + + public static string Saml2Token_EncryptedAssertion_SessionKey_Valid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_Valid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_ExtraSpaces_Valid = + @" DefaultSymmetricSecurityKey_128 QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w== "; + + public static string Saml2Token_EncryptedAssertion_SessionKey_DifferentPrefixes_Valid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_DataReference_AsNonEmptyElement_Valid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_EncryptionMethod_AsNonEmptyElement_Valid = + @" DefaultSymmetricSecurityKey_128 QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w== "; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_DigestMethod_AsNonEmptyElement_Valid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_KeyInfoAsEmptyElement_Valid = + @"QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_BadContent_Invalid = + @"DefaultSymmetricSecurityKey_128CJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_NoXencNamespace_Invalid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_Invalid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v2_Invalid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v3_Invalid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_Alg_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_EmbeddedEncryptedKey_Invalid = + @"nz36hLUzg1A1ckBxSzJXgvnE0Xhrr7BZvMM8Um+UNK0ttV5+nKK3mFkfpGwi+GPXM7ABMaJ7RKsEDyW2OX3O4+fi33pBeKkOinWPpPwNl66UXFkrc6PDD6p7IqwvDo1VLiqSCWLKYBM+pK0QdjE0FN+R4G+jcjKgvWadlDHmhzt0LJ8Hq2nBDWeptPPXl4tfKpxJFsZQFjyAU2tsJcfpKHEsqDrm+CcTDxNUouWLsX/F4Yr6lSE2UqWnYwU82t/ucMa2yTC6rlLziam2XM0XOTI3U1wAmi8IeGaix/GmJgkaiVDrICV3iRZW77zZhu6ShlELqeSSEe6EmYlPTtbbFw==1mpIqHPpmYaCFB1cPHNhbWw6QXNzZXJ0aW9uIElEPSJfYzU2NTczMjEtYjI4MC00ZTk2LWIxN2YtNWI0N2IwNDhhYWU5IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2M1NjU3MzIxLWIyODAtNGU5Ni1iMTdmLTViNDdiMDQ4YWFlOSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPmJRbmlzZ2dRL1BDeDF3aEU5SkdYc1lRMkFSM01mYmg5ZndCcUJmeG9Wc2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPk45WkhLK3JFbUdlTWdtS004a25zbWVGY3lzc0VEVDZyS2ZKaTdtcjRFRW0weEhrUVVGeUpCOExIaXVjSFYrUzIzaFhkd1Jaci9Yek5EUjhabXdVSjJFaVl6aVdVODRHUjBGcG1JSFRIRG5jcTd5Q05Kd0hzNk56QWlqTFA5cHJLYlgrN0gwYS9Ca1FjRVhycENaMzd4OFBPUFZoMEpRZHMveUlLeGdsUFBoMVZ0RUsvTVN2amVxMEU2WnZoeVFYU3hpRTdpZDhrc1VkY1dqTENGaXkzcmpHWUh6bkVFc3NDcmk3eDNxUG5OTW03aWJjbFplQzVsT2t1UjVIT2hRbS9iWURiQU5TZy9uTmlLdWxadU4vdzlDYkdVWGh5d0paVEh4alVhUDVmN2tMY0hzNzZINmhTTjNpTW5xVlIrdTFvMWIvblZuY0c1bjdRa1RCUm1YcGpwUT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+zlKwErhnIDyzaLOMQF0Nzw=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_Invalid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_v2_Invalid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_EncryptionAlgorithmNotSupported_Invalid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_v2_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_EncryptionAlgorithmNotSupported_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_BadDataReference_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_GoodDataReference_EncryptedData_NoId_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_NoKeyId_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedDataType_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedKeyType_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_NoCipherValue_Invalid = + @"DefaultSymmetricSecurityKey_128"; + + public static string Saml2Token_EncryptedAssertion_SessionKey_NoCipherData_Invalid = + @"DefaultSymmetricSecurityKey_128"; + + public static string Saml2Token_EncryptedAssertion_SessionKey_NoEncryptedData_Invalid = + @""; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_Invalid = + @""; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_v2_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_192_Invalid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_NamespaceMissing_Invalid = + @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + public static string Saml2Token_EncryptedAssertion_KeyWrap_PrefixMissing_Invalid = + @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA=="; + + public static string Saml2Token_EncryptedAssertion_SessionKey_AdditionalKeyInfoClauseValid = + @"""valueToBeSkipped""DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w=="; + + #endregion + public static string Saml2Token_Formated { get diff --git a/test/Microsoft.IdentityModel.TestUtils/TheoryDataBase.cs b/test/Microsoft.IdentityModel.TestUtils/TheoryDataBase.cs index 9eb8afce02..536ab2ecd0 100644 --- a/test/Microsoft.IdentityModel.TestUtils/TheoryDataBase.cs +++ b/test/Microsoft.IdentityModel.TestUtils/TheoryDataBase.cs @@ -53,5 +53,13 @@ public override string ToString() { return $"{TestId}, {ExpectedException}"; } + + /// + /// Structure which holds custom/ad-hoc values. + /// + /// + /// Replacement of existing, 'first-class', properties of classes derived from TheoryDataBase is NOT the intention of this container. + /// + public Dictionary PropertyBag { get; set; } = new Dictionary(); } } diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AESGCMProviderFactory.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AESGCMProviderFactory.cs new file mode 100644 index 0000000000..7069a98a81 --- /dev/null +++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AESGCMProviderFactory.cs @@ -0,0 +1,46 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +#if NET_CORE_3_0 +namespace Microsoft.IdentityModel.Tokens.Saml.Tests +{ + // Helper CryptoProviderFactory which returns AesGcmAuthenticatedEncryptionProvider when creating AuthenticatedEncryptionProvider + // - remove when AES-GCM is released and supported + public class AesGcmProviderFactory : CryptoProviderFactory + { + public override AuthenticatedEncryptionProvider CreateAuthenticatedEncryptionProvider(SecurityKey key, string algorithm) + { + return new AesGcmAuthenticatedEncryptionProvider(key, algorithm); + } + + public override bool IsSupportedAlgorithm(string algorithm, SecurityKey key) + { + return true; + } + } +} +#endif diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AesGcmAuthenticatedEncryptionProvider.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AesGcmAuthenticatedEncryptionProvider.cs new file mode 100644 index 0000000000..3b64cf61bd --- /dev/null +++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AesGcmAuthenticatedEncryptionProvider.cs @@ -0,0 +1,163 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +#if NET_CORE_3_0 + +using Microsoft.IdentityModel.Logging; +using System; +using System.Security.Cryptography; + +namespace Microsoft.IdentityModel.Tokens.Saml.Tests +{ + // Helper AuthenticatedEncryptionProvider class made to mimic AES-GCM + // remove when AES-GCM is released and supported + public class AesGcmAuthenticatedEncryptionProvider : AuthenticatedEncryptionProvider + { + // http://www.w3.org/TR/xmlenc-core/#sec-AES-GCM + private const int AES_GCM_IV_SIZE = 12; + private const int AES_GCM_TAG_SIZE = 16; + + public AesGcmAuthenticatedEncryptionProvider(SecurityKey key, string algorithm) : base(key, algorithm) + { + } + + public override AuthenticatedEncryptionResult Encrypt(byte[] plaintext, byte[] authenticatedData) + { + return Encrypt(plaintext, authenticatedData, null); + } + + public override AuthenticatedEncryptionResult Encrypt(byte[] plaintext, byte[] authenticatedData, byte[] iv) + { + if (IsAesGcmAlgorithm(Algorithm)) + { + + byte[] ciphertext = new byte[plaintext.Length]; + byte[] nonce = new byte[AES_GCM_IV_SIZE]; + byte[] tag = new byte[AES_GCM_TAG_SIZE]; + + using (var aesGcm = new AesGcm(GetKeyBytes(Key))) + { + //random nonce + RandomNumberGenerator rng = RandomNumberGenerator.Create(); + rng.GetBytes(nonce); + + try + { + aesGcm.Encrypt(nonce, plaintext, ciphertext, tag); + } + catch (Exception ex) + { + throw LogHelper.LogExceptionMessage(new SecurityTokenEncryptionFailedException(LogHelper.FormatInvariant("Tokens.LogMessages.IDX10618", Algorithm), ex)); + } + } + + return new AuthenticatedEncryptionResult(Key, ciphertext, nonce, tag); + } + + return null; + } + + public override byte[] Decrypt(byte[] ciphertext, byte[] authenticatedData, byte[] iv, byte[] authenticationTag) + { + if (IsAesGcmAlgorithm(Algorithm)) + { + + int cipherSize = ciphertext.Length - AES_GCM_IV_SIZE - AES_GCM_TAG_SIZE; + + if (cipherSize < 1) + throw LogHelper.LogExceptionMessage(new SecurityTokenDecryptionFailedException(LogHelper.FormatInvariant("Tokens.LogMessages.IDX10620"))); + + byte[] cipher = new byte[cipherSize]; + byte[] nonce = new byte[AES_GCM_IV_SIZE]; + byte[] tag = new byte[AES_GCM_TAG_SIZE]; + + Array.Copy(ciphertext, 0, nonce, 0, AES_GCM_IV_SIZE); + Array.Copy(ciphertext, AES_GCM_IV_SIZE, cipher, 0, cipherSize); + Array.Copy(ciphertext, ciphertext.Length - AES_GCM_TAG_SIZE, tag, 0, AES_GCM_TAG_SIZE); + + byte[] plaintext = new byte[cipher.Length]; + + using (var aesGcm = new AesGcm(GetKeyBytes(Key))) + { + try + { + aesGcm.Decrypt(nonce, cipher, tag, plaintext); + return plaintext; + } + catch (Exception ex) + { + throw LogHelper.LogExceptionMessage(new SecurityTokenDecryptionFailedException(LogHelper.FormatInvariant("Tokens.LogMessages.IDX10619", Algorithm), ex)); + } + } + } + + return null; + } + + protected override bool IsSupportedAlgorithm(SecurityKey key, string algorithm) + { + return IsAesGcmAlgorithm(algorithm); + } + + private bool IsAesGcmAlgorithm(string algorithm) + { + if (!(algorithm.Equals(SecurityAlgorithms.Aes128Gcm, StringComparison.Ordinal) + || algorithm.Equals(SecurityAlgorithms.Aes192Gcm, StringComparison.Ordinal) + || algorithm.Equals(SecurityAlgorithms.Aes256Gcm, StringComparison.Ordinal))) + return false; + + return true; + } + } + + //dummy implementation until AesGcm is released + class AesGcm : IDisposable + { + public AesGcm(byte[] key) + { + } + + public void Dispose() + { + // throw new NotImplementedException(); + } + + public void Encrypt(byte[] nonce, byte[] plaintext, byte[] ciphertext, byte[] tag, byte[] associatedData = null) + { + Array.Copy(plaintext, ciphertext, plaintext.Length); + RandomNumberGenerator rng = RandomNumberGenerator.Create(); + rng.GetBytes(tag); + } + + public void Decrypt(byte[] nonce, byte[] ciphertext, byte[] tag, byte[] plaintext, byte[] associatedData = null) + { + Array.Copy(ciphertext, plaintext, ciphertext.Length); + } + } +} + +#endif diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2EncryptionTests.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2EncryptionTests.cs new file mode 100644 index 0000000000..65747d4953 --- /dev/null +++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2EncryptionTests.cs @@ -0,0 +1,927 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; +using System.Collections.Generic; +using System.Security.Claims; +using Microsoft.IdentityModel.TestUtils; +using Microsoft.IdentityModel.Tokens.Saml.Tests; +using Microsoft.IdentityModel.Xml; +using Xunit; + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + +namespace Microsoft.IdentityModel.Tokens.Saml2.Tests +{ + public class Saml2EncryptionTests + { +#if NET_CORE_3_0 + #region EncryptedAssertion + [Theory, MemberData(nameof(AccessEncryptedAssertionTheoryData))] + public void AccessEncryptedAssertion(Saml2TheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.AccessEncryptedAssertion", theoryData); + + try + { + var token = theoryData.Handler.ReadSaml2Token(theoryData.Token); + + IdentityComparer.AreEqual(token.Assertion.Encrypted, true, context); // saml2 assertion is encrypted hence Assertion.Encrypted should be True + + if (string.IsNullOrEmpty(token.Assertion.EncryptedAssertion)) + context.Diffs.Add("!Assertion.EncryptedAssertion string should not be empty if Saml2Assertion.Encrypted == True"); + + var result = token.Assertion.GetType().GetProperty(theoryData.PropertyBag["AssertionPropertyName"].ToString()).GetValue(token.Assertion, null); + + IdentityComparer.AreEqual(result, theoryData.PropertyBag["AssertionPropertyExpectedValue"], context); + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception ex) + { + theoryData.ExpectedException.ProcessException(ex.InnerException, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData AccessEncryptedAssertionTheoryData + { + get + { + var theoryData = new TheoryData(); + + theoryData.Add(new Saml2TheoryData + { + First = true, + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "Advice" }, { "AssertionPropertyExpectedValue", null } }, + TestId = "EncryptedAssertion_Access_Advice", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "Conditions" }, { "AssertionPropertyExpectedValue", null } }, + TestId = "EncryptedAssertion_Access_Conditions", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "Id" }, { "AssertionPropertyExpectedValue", null } }, + TestId = "EncryptedAssertion_Access_Id", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "IssueInstant" }, { "AssertionPropertyExpectedValue", DateTime.MinValue } }, + TestId = "EncryptedAssertion_Access_IssueInstantConditions", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "Issuer" }, { "AssertionPropertyExpectedValue", null } }, + TestId = "EncryptedAssertion_Access_Issuer", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "InclusiveNamespacesPrefixList" }, { "AssertionPropertyExpectedValue", null } }, + TestId = "EncryptedAssertion_Access_InclusiveNamespacesPrefixList", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "SigningCredentials" }, { "AssertionPropertyExpectedValue", null } }, + TestId = "EncryptedAssertion_Access_SigningCredentials", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "Subject" }, { "AssertionPropertyExpectedValue", null } }, + TestId = "EncryptedAssertion_Access_Subject", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "Statements" }, { "AssertionPropertyExpectedValue", null } }, + TestId = "EncryptedAssertion_Access_Statements", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "Signature" }, { "AssertionPropertyExpectedValue", null } }, + TestId = "EncryptedAssertion_Access_Signature", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "Version" }, { "AssertionPropertyExpectedValue", "2.0" } }, + TestId = "EncryptedAssertion_Access_Version", + }); + + theoryData.Add(new Saml2TheoryData + { + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + PropertyBag = new Dictionary { { "AssertionPropertyName", "EncryptingCredentials" }, { "AssertionPropertyExpectedValue", null} }, + TestId = "EncryptedAssertion_Access_EncryptingCredentials", + }); + + return theoryData; + } + } + + [Theory, MemberData(nameof(ReadEncryptedTokenTheoryData))] + public void ReadEncryptedToken(Saml2TheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.ReadEncryptedToken", theoryData); + + try + { + var saml2EncryptedToken = theoryData.Handler.ReadSaml2Token(theoryData.Token); + IdentityComparer.AreEqual(saml2EncryptedToken.Assertion.Encrypted, true, context); // token should be encrypted + + if (string.IsNullOrEmpty(saml2EncryptedToken.Assertion.EncryptedAssertion)) // if token is encrypted, EncryptedAssertion string should not be empty + context.Diffs.Add("!Assertion.EncryptedAssertion string should not be empty if Saml2Assertion.Encrypted == True"); + + theoryData.Handler.ValidateToken(theoryData.Token, theoryData.ValidationParameters, out SecurityToken validatedToken); // validate/decrypt token + + IdentityComparer.AreEqual(((Saml2SecurityToken)validatedToken).Assertion.Encrypted, false, context); // token should be decrypted + + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception ex) + { + theoryData.ExpectedException.ProcessException(ex, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData ReadEncryptedTokenTheoryData + { + get + { + // list keys + var signingKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256; + var sessionKey = KeyingMaterial.DefaultSymmetricSecurityKey_128; + var wrongSessionKey = KeyingMaterial.DefaultSymmetricSecurityKey_192; + var wrongKeyWrapKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA512; + var cert = KeyingMaterial.DefaultCert_2048; + + var signingCredentials_Valid = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest); + var encryptingCredentials_PreSharedSessionKey_Valid = new EncryptingCredentials(sessionKey, SecurityAlgorithms.Aes128Gcm); + var encryptingCredentials_X509_Valid = new X509EncryptingCredentials(cert); + + //SET HELPER CRYPTO PROVIDER FACTORY - remove when AES-GCM is released and supported + encryptingCredentials_PreSharedSessionKey_Valid.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_X509_Valid.CryptoProviderFactory = new AesGcmProviderFactory(); + + var tokenDescriptor_PreSharedSessionKey_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_PreSharedSessionKey_Valid); + var tokenDescriptor_KeyWrap_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_X509_Valid); + + var tokenHandler = new Saml2SecurityTokenHandler(); + var theoryData = new TheoryData(); + + theoryData.Add(new Saml2TheoryData + { + First = true, + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_ExtraSpaces_Valid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_ExtraSpaces_Valid), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_DifferentPrefixes_Valid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_DifferentPrefixes_Valid), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Valid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Valid), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_DataReference_AsNonEmptyElement_Valid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_DataReference_AsNonEmptyElement_Valid), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_DigestMethod_AsNonEmptyElement_Valid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_DigestMethod_AsNonEmptyElement_Valid), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_EncryptionMethod_AsNonEmptyElement_Valid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_EncryptionMethod_AsNonEmptyElement_Valid), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_KeyInfoAsEmptyElement_Valid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_KeyInfoAsEmptyElement_Valid), + }); + + // Bad content. For AES-GCM: IV takes 12 bytes, Auth Tag 16 bytes => Cipher-text size is less than 1 + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = new ExpectedException(typeof(SecurityTokenDecryptionFailedException), "IDX10620: Decryption failed."), + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadContent_Invalid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadContent_Invalid), + }); + + // namespace missing + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"), + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoXencNamespace_Invalid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoXencNamespace_Invalid), + }); + + // namespace missing or as expected + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"), + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_Invalid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_Invalid), + }); + + // namespace missing or as expected + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"), + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v2_Invalid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v2_Invalid), + }); + + // namespace missing or as expected + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"), + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v3_Invalid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v3_Invalid), + }); + + // Additional KeyInfo clauses (skipped while reading) should result with a valid EncryptedAssertion + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_AdditionalKeyInfoClauseValid, + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_AdditionalKeyInfoClauseValid), + }); + + // EncryptedKey element embedded in EncryptedData element is not supported + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_EmbeddedEncryptedKey_Invalid, + ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30030"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_EmbeddedEncryptedKey_Invalid), + }); + + // Key-wrap algorithm not supported + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Alg_Invalid, + ExpectedException = new ExpectedException(typeof(System.NotSupportedException), "IDX10661"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Alg_Invalid), + }); + + // Encryption algorithm is not provided - currently not supported + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13611"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_Invalid), + }); + + // Encryption algorithm is not provided - currently not supported + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_v2_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13611"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_v2_Invalid), + }); + + // Encryption algorithm is not provided - currently not supported + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13611"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_Invalid), + }); + + // Encryption algorithm is not provided - currently not supported + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_v2_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13611"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_v2_Invalid), + }); + + // DataReference element is not referencing the EncryptedData element + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadDataReference_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13616"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadDataReference_Invalid), + }); + + // DataReference element is correct, but referencing EncryptedData element has no Id + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_GoodDataReference_EncryptedData_NoId_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13615"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_GoodDataReference_EncryptedData_NoId_Invalid), + }); + + // EncryptedData element has a RetreivalUri but the is no EncryptedKey with that Id + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13618"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_Invalid), + }); + + // EncryptedData element has a correct RetreivalUri but the is EncryptedKey has no Id + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_NoKeyId_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13617"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_NoKeyId_Invalid), + }); + + // Type of EncryptedData is not correct + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedDataType_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13613"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedDataType_Invalid), + }); + + // Type of EncryptedKey is not correct + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedKeyType_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13614"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedKeyType_Invalid), + }); + + // There is no CipherValue element + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoCipherValue_Invalid, + ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoCipherValue_Invalid), + }); + + // There is no CipherData element + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoCipherData_Invalid, + ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoCipherData_Invalid), + }); + + // There is no EncryptedData element + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptedData_Invalid, + ExpectedException = new ExpectedException(typeof(XmlReadException)), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptedData_Invalid), + }); + + // There is no CipherValue element (content) + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_Invalid, + ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_Invalid), + }); + + // There is no CipherValue element (KeyWrap) + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_v2_Invalid, + ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_v2_Invalid), + }); + + // incorrect keywrap key + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, wrongKeyWrapKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Valid, + ExpectedException = new ExpectedException(typeof(SecurityTokenKeyWrapException), "IDX10659"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Valid) + "_wrong_keyunwrap_key", + }); + + // some prefixes are missing/wrong + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_PrefixMissing_Invalid, + ExpectedException = new ExpectedException(typeof(System.Xml.XmlException)), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_PrefixMissing_Invalid), + }); + + // namespace is missing/wrong + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NamespaceMissing_Invalid, + ExpectedException = new ExpectedException(typeof(System.Xml.XmlException)), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NamespaceMissing_Invalid), + }); + + // Uncomment tests below - when AES-GCM is released and supported + /* + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, wrongSessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + ExpectedException = new ExpectedException(typeof(SecurityTokenEncryptionFailedException), "IDX10618"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid) + "_wrong_decrypting_session_key", + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_192_Invalid, + ExpectedException = new ExpectedException(typeof(ArgumentOutOfRangeException), "IDX10653"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_192_Invalid) + "_wrong_decrypting_session_key", + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_EncryptionAlgorithmNotSupported_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13623"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_EncryptionAlgorithmNotSupported_Invalid), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey), + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_EncryptionAlgorithmNotSupported_Invalid, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13623"), + TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_EncryptionAlgorithmNotSupported_Invalid), + }); + */ + + // Throws as unsupported AES-GCM is used - remove when AES-GCM is released and supported + var encryptingCredentials_PreSharedSessionKey_AESGCM = new EncryptingCredentials(sessionKey, SecurityAlgorithms.Aes128Gcm); + var validationParams = CreateTokenValidationParameters(signingKey, sessionKey); + validationParams.CryptoProviderFactory = null; + tokenDescriptor_PreSharedSessionKey_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_PreSharedSessionKey_AESGCM); + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13623"), + ValidationParameters = validationParams, + Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid, + TestId = "EncryptedAssertion_PreSharedSessionKey_AESGCM", + }); + + return theoryData; + } + } + + [Theory, MemberData(nameof(WriteEncryptedTokenTheoryData))] + public void WriteEncryptedToken(Saml2TheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.WriteEncryptedToken", theoryData); + + try + { + var token = theoryData.Handler.WriteToken(theoryData.SecurityToken); + var saml2Token = theoryData.Handler.ReadSaml2Token(token); + IdentityComparer.AreEqual(saml2Token.Assertion.Encrypted, true, context); // token should be encrypted + + if (string.IsNullOrEmpty(saml2Token.Assertion.EncryptedAssertion)) // if token is encrypted, EncryptedAssertion string should not be empty + context.Diffs.Add("!Assertion.EncryptedAssertion string should not be empty if Saml2Assertion.Encrypted == True"); + + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception ex) + { + theoryData.ExpectedException.ProcessException(ex, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData WriteEncryptedTokenTheoryData + { + get + { + // list keys used + var key = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256; + var sessionKey = KeyingMaterial.DefaultSymmetricSecurityKey_128; + var cert = KeyingMaterial.DefaultCert_2048; + + var signingCredentials_Valid = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest); + + // encrypting credentials (Pre_Shared for one scenario and KeyWrap for another one) + var encryptingCredentials_PreSharedSessionKey_Valid = new EncryptingCredentials(sessionKey, SecurityAlgorithms.Aes128Gcm); + var encryptingCredentials_X509_Valid = new X509EncryptingCredentials(cert); + var encryptingCredentials_X509_AlgNotSupported = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOAEP, SecurityAlgorithms.Aes128Gcm); + var encryptingCredentials_X509_EncNotSupported = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes128CbcHmacSha256); + var encryptingCredentials_PreSharedSessionKey_AlgNotNone = new EncryptingCredentials(sessionKey, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes128Gcm); + + //SET HELPER CRYPTO PROVIDER FACTORY - remove when AES-GCM is released and supported + encryptingCredentials_PreSharedSessionKey_Valid.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_X509_Valid.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_X509_AlgNotSupported.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_X509_EncNotSupported.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_PreSharedSessionKey_AlgNotNone.CryptoProviderFactory = new AesGcmProviderFactory(); + + // token descriptors (Pre_Shared for one scenario and KeyWrap for another one) + var tokenDescriptor_PreSharedSessionKey_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_PreSharedSessionKey_Valid); + var tokenDescriptor_KeyWrap_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_X509_Valid); + var tokenDescriptor_KeyWrap_AlgotithmNotSupported = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_X509_AlgNotSupported); + var tokenDescriptor_KeyWrap_EncNotSupported = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_X509_EncNotSupported); + var tokenDescriptor_PreSharedSessionKey_AlgotithmNotNone = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_PreSharedSessionKey_AlgNotNone); + + var tokenHandler = new Saml2SecurityTokenHandler(); + var theoryData = new TheoryData(); + + theoryData.Add(new Saml2TheoryData + { + First = true, + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = "EncryptedAssertion_PreSharedSessionKey_Valid", + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken, + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = "EncryptedAssertion_KeyWrap_Valid", + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_AlgotithmNotSupported) as Saml2SecurityToken, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionEncryptionException), "IDX13627"), + TestId = "EncryptedAssertion_KeyWrap_AlgNotSupported", + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_EncNotSupported) as Saml2SecurityToken, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionEncryptionException), "IDX13625"), + TestId = "EncryptedAssertion_KeyWrap_EncNotSupported", + }); + + // when pre-shared session key is being used, Algorithm should be set to None + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_AlgotithmNotNone) as Saml2SecurityToken, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionEncryptionException), "IDX13626"), + TestId = "EncryptedAssertion_PreSharedSessionKey_AlgNotNone", + }); + + // Throws as unsupported AES-GCM is used - remove when AES-GCM is released and supported + var encryptingCredentials_PreSharedSessionKey_AESGCM = new EncryptingCredentials(sessionKey, SecurityAlgorithms.Aes128Gcm); + tokenDescriptor_PreSharedSessionKey_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_PreSharedSessionKey_AESGCM); + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken, + ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionEncryptionException), "IDX13601"), + TestId = "EncryptedAssertion_PreSharedSessionKey_AESGCM", + }); + + return theoryData; + } + } + + [Theory, MemberData(nameof(RoundTripEncryptedTokenTheoryData))] + public void RoundTripEncryptedToken(Saml2TheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.WriteEncryptedToken", theoryData); + context.PropertiesToIgnoreWhenComparing = new Dictionary> + { + { typeof(Saml2Assertion), new List { "IssueInstant", "Signature", "SigningCredentials", "EncryptingCredentials" } }, + { typeof(Saml2SecurityToken), new List { "SigningKey" } }, + }; + + try + { + var token = theoryData.Handler.WriteToken(theoryData.SecurityToken); + var saml2Token = theoryData.Handler.ReadSaml2Token(token); + + IdentityComparer.AreEqual(saml2Token.Assertion.Encrypted, true); // token should be encrypted + if (string.IsNullOrEmpty(saml2Token.Assertion.EncryptedAssertion)) // if token is encrypted, EncryptedAssertion string should not be empty + context.Diffs.Add("!Assertion.EncryptedAssertion string should not be empty if Saml2Assertion.Encrypted == True"); + + theoryData.Handler.ValidateToken(token, theoryData.ValidationParameters, out SecurityToken validatedToken); // validate/decrypt token + IdentityComparer.AreEqual(validatedToken, theoryData.SecurityToken, context); // validated/decrypted token should be equal to the same token which was not encrypted + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception ex) + { + theoryData.ExpectedException.ProcessException(ex, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData RoundTripEncryptedTokenTheoryData + { + get + { + // list keys + var signingKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256; + var sessionKey128 = KeyingMaterial.DefaultSymmetricSecurityKey_128; + var sessionKey192 = KeyingMaterial.DefaultSymmetricSecurityKey_192; + var sessionKey256 = KeyingMaterial.DefaultSymmetricSecurityKey_256; + var cert = KeyingMaterial.DefaultCert_2048; + + var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest); + + // encrypting credentials (Pre_Shared for one scenario and KeyWrap for another one) + var encryptingCredentials128_PreShared = new EncryptingCredentials(sessionKey128, SecurityAlgorithms.Aes128Gcm); + var encryptingCredentials192_PreShared = new EncryptingCredentials(sessionKey192, SecurityAlgorithms.Aes192Gcm); + var encryptingCredentials256_PreShared = new EncryptingCredentials(sessionKey256, SecurityAlgorithms.Aes256Gcm); + var encryptingCredentials_KeyWrap_128_RSAOAEP = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes128Gcm); + var encryptingCredentials_KeyWrap_192_RSAOAEP = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes192Gcm); + var encryptingCredentials_KeyWrap_256_RSAOAEP = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes256Gcm); + var encryptingCredentials_KeyWrap_128_Wrong_RSAOAEP_Identifier = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes128Gcm); + var encryptingCredentials_KeyWrap_192_Wrong_RSAOAEP_Identifier = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192Gcm); + var encryptingCredentials_KeyWrap_256_Wrong_RSAOAEP_Identifier = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes256Gcm); + + //SET HELPER CRYPTO PROVIDER FACTORY - remove when AES-GCM is released and supported + encryptingCredentials128_PreShared.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials192_PreShared.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials256_PreShared.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_KeyWrap_128_RSAOAEP.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_KeyWrap_192_RSAOAEP.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_KeyWrap_256_RSAOAEP.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_KeyWrap_128_Wrong_RSAOAEP_Identifier.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_KeyWrap_192_Wrong_RSAOAEP_Identifier.CryptoProviderFactory = new AesGcmProviderFactory(); + encryptingCredentials_KeyWrap_256_Wrong_RSAOAEP_Identifier.CryptoProviderFactory = new AesGcmProviderFactory(); + + // token descriptors (Pre_Shared for one scenario and KeyWrap for another one) + var tokenDescriptor_128_PreShared = CreateTokenDescriptor(signingCredentials, encryptingCredentials128_PreShared); + var tokenDescriptor_192_PreShared = CreateTokenDescriptor(signingCredentials, encryptingCredentials192_PreShared); + var tokenDescriptor_256_PreShared = CreateTokenDescriptor(signingCredentials, encryptingCredentials256_PreShared); + var tokenDescriptor_KeyWrap_128_RSAOAEP = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_128_RSAOAEP); + var tokenDescriptor_KeyWrap_192_RSAOAEP = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_192_RSAOAEP); + var tokenDescriptor_KeyWrap_256_RSAOAEP = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_256_RSAOAEP); + var tokenDescriptor_KeyWrap_128_Wrong_RSAOAEP_Identifier = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_128_Wrong_RSAOAEP_Identifier); + var tokenDescriptor_KeyWrap_192_Wrong_RSAOAEP_Identifier = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_192_Wrong_RSAOAEP_Identifier); + var tokenDescriptor_KeyWrap_256_Wrong_RSAOAEP_Identifier = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_256_Wrong_RSAOAEP_Identifier); + + var tokenDescriptor_KeyWrap_Signed = new SecurityTokenDescriptor + { + Audience = Default.Audience, + NotBefore = Default.NotBefore, + Expires = Default.Expires, + Issuer = Default.Issuer, + EncryptingCredentials = new X509EncryptingCredentials(KeyingMaterial.DefaultCert_2048), // encrypt with 'one-time-use' session key and wrap a session key using public cert + SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest), +#pragma warning disable 0618 + Subject = new ClaimsIdentity(Default.SamlClaims) +#pragma warning restore 0618 + }; + + var tokenHandler = new Saml2SecurityTokenHandler(); + var theoryData = new TheoryData(); + + // test both scenarios and test all supported combinations (sessionKey-keywrapKey) in KeyWrap scenario + theoryData.Add(new Saml2TheoryData + { + First = true, + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_128_PreShared) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey128), + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = nameof(tokenDescriptor_128_PreShared), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_192_PreShared) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey192), + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = nameof(tokenDescriptor_192_PreShared), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_256_PreShared) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey256), + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = nameof(tokenDescriptor_256_PreShared), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_128_RSAOAEP) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = nameof(tokenDescriptor_KeyWrap_128_RSAOAEP), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_192_RSAOAEP) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = nameof(tokenDescriptor_KeyWrap_192_RSAOAEP), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_256_RSAOAEP) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = nameof(tokenDescriptor_KeyWrap_256_RSAOAEP), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_128_Wrong_RSAOAEP_Identifier) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = nameof(tokenDescriptor_KeyWrap_128_Wrong_RSAOAEP_Identifier), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_192_Wrong_RSAOAEP_Identifier) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = nameof(tokenDescriptor_KeyWrap_192_Wrong_RSAOAEP_Identifier), + }); + + theoryData.Add(new Saml2TheoryData + { + SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_256_Wrong_RSAOAEP_Identifier) as Saml2SecurityToken, + ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId), + ExpectedException = ExpectedException.NoExceptionExpected, + TestId = nameof(tokenDescriptor_KeyWrap_256_Wrong_RSAOAEP_Identifier), + }); + + return theoryData; + } + } + + // helper method to create a common SecurityTokenDescriptor + private static SecurityTokenDescriptor CreateTokenDescriptor(SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials) + { + return new SecurityTokenDescriptor + { + Audience = Default.Audience, + NotBefore = Default.NotBefore, + Expires = Default.Expires, + Issuer = Default.Issuer, + SigningCredentials = signingCredentials, + EncryptingCredentials = encryptingCredentials, +#pragma warning disable 0618 + Subject = new ClaimsIdentity(Default.SamlClaims), +#pragma warning restore 0618 + }; + } + + // helper method to create a common TokenValidationParameters + private static TokenValidationParameters CreateTokenValidationParameters(SecurityKey signingKey, SecurityKey decryptionKey) + { + return new TokenValidationParameters + { + IssuerSigningKey = signingKey, + TokenDecryptionKey = decryptionKey, + ValidAudience = Default.Audience, + ValidIssuer = Default.Issuer, + ValidateLifetime = false, + ValidateTokenReplay = false, + ValidateActor = false, + CryptoProviderFactory = new AesGcmProviderFactory(), // //SET HELPER CRYPTO PROVIDER FACTORY - remove when AES-GCM is released and supported + }; + } + + #endregion +#endif + } +} + +#pragma warning restore CS3016 // Arrays as attribute arguments is not CLS-compliant diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SerializerTests.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SerializerTests.cs index 91c56660c5..31380244f2 100644 --- a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SerializerTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SerializerTests.cs @@ -504,6 +504,11 @@ public static TheoryData ReadSubjectTheoryData private class Saml2SerializerPublic : Saml2Serializer { + public Saml2SerializerPublic() : base(new EncryptedAssertionHandler()) + { + + } + public Saml2Action ReadActionPublic(XmlDictionaryReader reader) { return base.ReadAction(reader); diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2TheoryData.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2TheoryData.cs index c2fe6f927c..cd5b93047c 100644 --- a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2TheoryData.cs +++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2TheoryData.cs @@ -72,7 +72,7 @@ public Saml2TheoryData(TokenTheoryData tokenTheoryData) public string InclusiveNamespacesPrefixList { get; set; } - public Saml2Serializer Saml2Serializer { get; set; } = new Saml2Serializer(); + public Saml2Serializer Saml2Serializer { get; set; } = new Saml2Serializer(new EncryptedAssertionHandler()); public Saml2Subject Subject { get; set; } } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/EncryptingCredentialsTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/EncryptingCredentialsTests.cs index fff9137254..94e21282b6 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/EncryptingCredentialsTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/EncryptingCredentialsTests.cs @@ -81,7 +81,7 @@ public static TheoryData ConstructorATheoryData new EncryptingCredentialsTheoryData { Key = null, - Alg = SecurityAlgorithms.RsaOaepKeyWrap, + Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap, Enc = SecurityAlgorithms.Aes128CbcHmacSha256, ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'key'"), TestId = "NullKey" @@ -97,7 +97,7 @@ public static TheoryData ConstructorATheoryData new EncryptingCredentialsTheoryData { Key = Default.AsymmetricEncryptionKeyPublic, - Alg = SecurityAlgorithms.RsaOaepKeyWrap, + Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap, Enc = String.Empty, ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'enc'"), TestId = "EmptyEncString" @@ -113,7 +113,7 @@ public static TheoryData ConstructorATheoryData new EncryptingCredentialsTheoryData { Key = Default.AsymmetricEncryptionKeyPublic, - Alg = SecurityAlgorithms.RsaOaepKeyWrap, + Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap, Enc = null, ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'enc'"), TestId = "NullEncString" @@ -121,9 +121,16 @@ public static TheoryData ConstructorATheoryData new EncryptingCredentialsTheoryData { Key = Default.AsymmetricEncryptionKeyPublic, - Alg = SecurityAlgorithms.RsaOaepKeyWrap, + Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap, Enc = SecurityAlgorithms.Aes128CbcHmacSha256, TestId = "ValidTest" + }, + new EncryptingCredentialsTheoryData + { + Key = Default.AsymmetricEncryptionKeyPublic, + Alg = SecurityAlgorithms.RsaOaepKeyWrap, + Enc = SecurityAlgorithms.Aes128CbcHmacSha256, + TestId = "ValidTest_WrongRsaOaepKeyWrapIdentifier" } }; } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/X509EncryptingCredentialsTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/X509EncryptingCredentialsTests.cs index 53c3f78a62..c3b8889649 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/X509EncryptingCredentialsTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/X509EncryptingCredentialsTests.cs @@ -66,8 +66,8 @@ public static TheoryData ConstructorsTheory new X509EncryptingCredentialsTheoryData { Certificate = null, - Alg = SecurityAlgorithms.RsaOaepKeyWrap, - Enc = SecurityAlgorithms.Aes128CbcHmacSha256, + Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap, + Enc = SecurityAlgorithms.Aes128Gcm, ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'certificate'"), TestId = "NullCertificate" }, @@ -75,14 +75,14 @@ public static TheoryData ConstructorsTheory { Certificate = Default.Certificate, Alg = String.Empty, - Enc = SecurityAlgorithms.Aes128CbcHmacSha256, + Enc = SecurityAlgorithms.Aes128Gcm, ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'alg'"), TestId = "EmptyAlgString" }, new X509EncryptingCredentialsTheoryData { Certificate = Default.Certificate, - Alg = SecurityAlgorithms.RsaOaepKeyWrap, + Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap, Enc = String.Empty, ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'enc'"), TestId = "EmptyEncString" @@ -91,14 +91,14 @@ public static TheoryData ConstructorsTheory { Certificate = Default.Certificate, Alg = null, - Enc = SecurityAlgorithms.Aes128CbcHmacSha256, + Enc = SecurityAlgorithms.Aes128Gcm, ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'alg'"), TestId = "NullAlgString" }, new X509EncryptingCredentialsTheoryData { Certificate = Default.Certificate, - Alg = SecurityAlgorithms.RsaOaepKeyWrap, + Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap, Enc = null, ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'enc'"), TestId = "NullEncString" @@ -106,8 +106,8 @@ public static TheoryData ConstructorsTheory new X509EncryptingCredentialsTheoryData { Certificate = Default.Certificate, - Alg = SecurityAlgorithms.RsaOaepKeyWrap, - Enc = SecurityAlgorithms.Aes128CbcHmacSha256, + Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap, + Enc = SecurityAlgorithms.Aes128Gcm, TestId = "ValidTest" } }; diff --git a/test/Microsoft.IdentityModel.Xml.Tests/CipherDataTests.cs b/test/Microsoft.IdentityModel.Xml.Tests/CipherDataTests.cs new file mode 100644 index 0000000000..531b520968 --- /dev/null +++ b/test/Microsoft.IdentityModel.Xml.Tests/CipherDataTests.cs @@ -0,0 +1,110 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; +using System.Collections.Generic; +using Microsoft.IdentityModel.TestUtils; +using Xunit; + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + +namespace Microsoft.IdentityModel.Xml.Tests +{ + public class CipherDataTests + { + [Fact] + public void GetSets() + { + var type = typeof(CipherData); + var properties = type.GetProperties(); + Assert.True(properties.Length == 1, $"Number of properties has changed from 1 to: {properties.Length}, adjust tests"); + + var cipherData = new CipherData(); + var context = new GetSetContext + { + PropertyNamesAndSetGetValue = new List>> + { + new KeyValuePair>("CipherValue", new List{null}), + }, + Object = cipherData + }; + + TestUtilities.GetSet(context); + TestUtilities.AssertFailIfErrors($"{this}.GetSets", context.Errors); + } + + [Theory, MemberData(nameof(ConstructorTheoryData))] + public void Constructor(CipherDataTheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.Constructor", theoryData); + try + { + var cipherData = new CipherData(theoryData.CipherValue); + IdentityComparer.AreEqual(cipherData.CipherValue, theoryData.CipherValue, context); + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception exception) + { + theoryData.ExpectedException.ProcessException(exception, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData ConstructorTheoryData() + { + return new TheoryData + { + new CipherDataTheoryData + { + First = true, + CipherValue = null, + ExpectedException = new ExpectedException(typeof(ArgumentNullException)), + TestId = "NullArray" + }, + new CipherDataTheoryData + { + CipherValue = new byte[0], + TestId = "EmptyArray" + }, + new CipherDataTheoryData + { + CipherValue = Guid.NewGuid().ToByteArray(), + TestId = "valid" + }, + }; + } + } + + public class CipherDataTheoryData : TheoryDataBase + { + public byte[] CipherValue; + } +} + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + diff --git a/test/Microsoft.IdentityModel.Xml.Tests/DataReferenceTests.cs b/test/Microsoft.IdentityModel.Xml.Tests/DataReferenceTests.cs new file mode 100644 index 0000000000..7f99fad9fe --- /dev/null +++ b/test/Microsoft.IdentityModel.Xml.Tests/DataReferenceTests.cs @@ -0,0 +1,109 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; +using System.Collections.Generic; +using Microsoft.IdentityModel.TestUtils; +using Xunit; + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + +namespace Microsoft.IdentityModel.Xml.Tests +{ + public class DataReferenceTests + { + [Fact] + public void GetSets() + { + var type = typeof(DataReference); + var properties = type.GetProperties(); + Assert.True(properties.Length == 1, $"Number of properties has changed from 1 to: {properties.Length}, adjust tests"); + + var dataReference = new DataReference(); + var context = new GetSetContext + { + PropertyNamesAndSetGetValue = new List>> + { + new KeyValuePair>("Uri", new List{null, Guid.NewGuid().ToString()}), + }, + Object = dataReference + }; + + TestUtilities.GetSet(context); + TestUtilities.AssertFailIfErrors($"{this}.GetSets", context.Errors); + } + + [Theory, MemberData(nameof(ConstructorTheoryData))] + public void Constructor(DataReferenceTheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.Constructor", theoryData); + try + { + var dataReference = new DataReference(theoryData.Uri); + IdentityComparer.AreEqual(dataReference.Uri, theoryData.Uri, context); + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception exception) + { + theoryData.ExpectedException.ProcessException(exception, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData ConstructorTheoryData() + { + return new TheoryData + { + new DataReferenceTheoryData + { + First = true, + Uri = null, + TestId = "NullUri" + }, + new DataReferenceTheoryData + { + Uri = "", + TestId = "EmptyUri" + }, + new DataReferenceTheoryData + { + Uri = Guid.NewGuid().ToString(), + TestId = "valid" + }, + }; + } + } + + public class DataReferenceTheoryData : TheoryDataBase + { + public string Uri { get; set; } + } +} + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + diff --git a/test/Microsoft.IdentityModel.Xml.Tests/EncryptedDataTests.cs b/test/Microsoft.IdentityModel.Xml.Tests/EncryptedDataTests.cs new file mode 100644 index 0000000000..58c07b8dcf --- /dev/null +++ b/test/Microsoft.IdentityModel.Xml.Tests/EncryptedDataTests.cs @@ -0,0 +1,120 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; +using System.Collections.Generic; +using Microsoft.IdentityModel.TestUtils; +using Xunit; + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + +namespace Microsoft.IdentityModel.Xml.Tests +{ + public class EncryptedDataTests + { + [Fact] + public void GetSets() + { + var type = typeof(EncryptedData); + var properties = type.GetProperties(); + Assert.True(properties.Length == 7, $"Number of properties has changed from 7 to: {properties.Length}, adjust tests"); + + var encryptedData = new EncryptedData(); + + var getSetContext = new GetSetContext + { + PropertyNamesAndSetGetValue = new List>> + { + new KeyValuePair>("Id", new List{null, Guid.NewGuid().ToString()}), + new KeyValuePair>("Type", new List{XmlEncryptionConstants.EncryptedDataTypes.Element, Guid.NewGuid().ToString()}), + new KeyValuePair>("MimeType", new List{null, Guid.NewGuid().ToString()}), + new KeyValuePair>("Encoding", new List{XmlSignatureConstants.Base64Encoding, Guid.NewGuid().ToString()}), + new KeyValuePair>("KeyInfo", new List{new KeyInfo()}), + }, + Object = encryptedData + }; + + TestUtilities.GetSet(getSetContext); + TestUtilities.AssertFailIfErrors($"{this}.GetSets", getSetContext.Errors); + } + + [Theory, MemberData(nameof(ConstructorTheoryData))] + public void Constructor(EncryptedDataTheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.Constructor", theoryData); + try + { + var EncryptedData = new EncryptedData(); + IdentityComparer.AreEqual(EncryptedData.Type, XmlEncryptionConstants.EncryptedDataTypes.Element, context); + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception exception) + { + theoryData.ExpectedException.ProcessException(exception, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData ConstructorTheoryData() + { + return new TheoryData + { + new EncryptedDataTheoryData + { + First = true, + TestId = "valid" + }, + }; + } + } + + public class EncryptedDataTheoryData : TheoryDataBase + { + public IList ReferenceList { get; set; } + + public string Id { get; set; } + + public string Type { get; set; } + + public string MimeType { get; set; } + + public string Encoding { get; set; } + + public KeyInfo KeyInfo { get; set; } + + public EncryptionMethod EncryptionMethod { get; set; } + + public CipherData CipherData { get; set; } + + public IList DataReferenceList { get; set; } + } +} + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + + diff --git a/test/Microsoft.IdentityModel.Xml.Tests/EncryptedKeyTests.cs b/test/Microsoft.IdentityModel.Xml.Tests/EncryptedKeyTests.cs new file mode 100644 index 0000000000..399930cecb --- /dev/null +++ b/test/Microsoft.IdentityModel.Xml.Tests/EncryptedKeyTests.cs @@ -0,0 +1,170 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; +using System.Collections.Generic; +using Microsoft.IdentityModel.TestUtils; +using Xunit; + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + +namespace Microsoft.IdentityModel.Xml.Tests +{ + public class EncryptedKeyTests + { + [Fact] + public void GetSets() + { + var type = typeof(EncryptedKey); + var properties = type.GetProperties(); + Assert.True(properties.Length == 8, $"Number of properties has changed from 8 to: {properties.Length}, adjust tests"); + + var encryptedKey = new EncryptedKey(); + + var getSetContext = new GetSetContext + { + PropertyNamesAndSetGetValue = new List>> + { + new KeyValuePair>("Id", new List{null, Guid.NewGuid().ToString()}), + new KeyValuePair>("Type", new List{XmlEncryptionConstants.EncryptedDataTypes.EncryptedKey, Guid.NewGuid().ToString()}), + new KeyValuePair>("MimeType", new List{null, Guid.NewGuid().ToString()}), + new KeyValuePair>("Encoding", new List{XmlSignatureConstants.Base64Encoding, Guid.NewGuid().ToString()}), + new KeyValuePair>("KeyInfo", new List{new KeyInfo()}), + }, + Object = encryptedKey + }; + + TestUtilities.GetSet(getSetContext); + TestUtilities.AssertFailIfErrors($"{this}.GetSets", getSetContext.Errors); + } + + [Theory, MemberData(nameof(ConstructorTheoryData))] + public void Constructor(EncryptedKeyTheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.Constructor", theoryData); + try + { + var encryptedKey = new EncryptedKey(); + IdentityComparer.AreEqual(encryptedKey.Type, XmlEncryptionConstants.EncryptedDataTypes.EncryptedKey, context); + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception exception) + { + theoryData.ExpectedException.ProcessException(exception, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData ConstructorTheoryData() + { + return new TheoryData + { + new EncryptedKeyTheoryData + { + First = true, + TestId = "valid" + }, + }; + } + + [Theory, MemberData(nameof(AddReferenceTheoryData))] + public void AddReference(EncryptedKeyTheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.AddReference", theoryData); + + try + { + var encryptedKey = new EncryptedKey(); + foreach (var reference in theoryData.KeyReferenceList) + { + encryptedKey.AddReference(reference); + } + + foreach (var reference in theoryData.DataReferenceList) + { + encryptedKey.AddReference(reference); + } + + IdentityComparer.AreEqual(encryptedKey.ReferenceList.Count, theoryData.KeyReferenceList.Count + theoryData.DataReferenceList.Count, context); + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception ex) + { + theoryData.ExpectedException.ProcessException(ex, context.Diffs); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData AddReferenceTheoryData() + { + return new TheoryData + { + new EncryptedKeyTheoryData + { + KeyReferenceList = new List() { new KeyReference(), new KeyReference(Guid.NewGuid().ToString()) }, + DataReferenceList = new List(), + TestId = "valid" + }, + new EncryptedKeyTheoryData + { + KeyReferenceList = new List() { new KeyReference(), new KeyReference(Guid.NewGuid().ToString()) }, + DataReferenceList = new List() { new DataReference(), new DataReference(Guid.NewGuid().ToString()) }, + TestId = "valid_both" + }, + }; + } + } + + public class EncryptedKeyTheoryData : TheoryDataBase + { + public IList ReferenceList { get; set; } + + public string Id { get; set; } + + public string Type { get; set; } + + public string MimeType { get; set; } + + public string Encoding { get; set; } + + public KeyInfo KeyInfo { get; set; } + + public EncryptionMethod EncryptionMethod { get; set; } + + public CipherData CipherData { get; set; } + + public IList KeyReferenceList { get; set; } + + public IList DataReferenceList { get; set; } + } +} + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + + diff --git a/test/Microsoft.IdentityModel.Xml.Tests/EncryptionMethodTests.cs b/test/Microsoft.IdentityModel.Xml.Tests/EncryptionMethodTests.cs new file mode 100644 index 0000000000..9aad6eb901 --- /dev/null +++ b/test/Microsoft.IdentityModel.Xml.Tests/EncryptionMethodTests.cs @@ -0,0 +1,109 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; +using System.Collections.Generic; +using Microsoft.IdentityModel.TestUtils; +using Xunit; + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + +namespace Microsoft.IdentityModel.Xml.Tests +{ + public class EncryptionMethodTests + { + [Fact] + public void GetSets() + { + var type = typeof(EncryptionMethod); + var properties = type.GetProperties(); + Assert.True(properties.Length == 2, $"Number of properties has changed from 2 to: {properties.Length}, adjust tests"); + + var EncryptionMethod = new EncryptionMethod(); + var context = new GetSetContext + { + PropertyNamesAndSetGetValue = new List>> + { + new KeyValuePair>("DigestMethod", new List{null, Guid.NewGuid().ToString()}), + new KeyValuePair>("KeyAlgorithm", new List{null, Guid.NewGuid().ToString()}), + }, + Object = EncryptionMethod + }; + + TestUtilities.GetSet(context); + TestUtilities.AssertFailIfErrors($"{this}.GetSets", context.Errors); + } + + [Theory, MemberData(nameof(ConstructorTheoryData))] + public void Constructor(EncryptionMethodTheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.Constructor", theoryData); + try + { + var EncryptionMethod = new EncryptionMethod(theoryData.KeyAlgorithm); + IdentityComparer.AreEqual(EncryptionMethod.KeyAlgorithm, theoryData.KeyAlgorithm, context); + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception exception) + { + theoryData.ExpectedException.ProcessException(exception, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData ConstructorTheoryData() + { + return new TheoryData + { + new EncryptionMethodTheoryData + { + First = true, + KeyAlgorithm = null, + TestId = "NullAlgorithm" + }, + new EncryptionMethodTheoryData + { + KeyAlgorithm = "", + TestId = "EmptyAlgorithm" + }, + new EncryptionMethodTheoryData + { + KeyAlgorithm = Guid.NewGuid().ToString(), + TestId = "valid" + }, + }; + } + } + + public class EncryptionMethodTheoryData : TheoryDataBase + { + public string KeyAlgorithm { get; set; } + } +} + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant diff --git a/test/Microsoft.IdentityModel.Xml.Tests/EnvelopedSignatureWriterTests.cs b/test/Microsoft.IdentityModel.Xml.Tests/EnvelopedSignatureWriterTests.cs index 0f23b3819d..62187395f8 100644 --- a/test/Microsoft.IdentityModel.Xml.Tests/EnvelopedSignatureWriterTests.cs +++ b/test/Microsoft.IdentityModel.Xml.Tests/EnvelopedSignatureWriterTests.cs @@ -94,7 +94,7 @@ public void RoundTripSaml2(EnvelopedSignatureTheoryData theoryData) try { - var serializer = new Saml2Serializer(); + var serializer = new Saml2Serializer(new EncryptedAssertionHandler()); var samlAssertion = serializer.ReadAssertion(XmlUtilities.CreateDictionaryReader(theoryData.Xml)); var stream = new MemoryStream(); var writer = XmlDictionaryWriter.CreateTextWriter(stream); diff --git a/test/Microsoft.IdentityModel.Xml.Tests/KeyInfoTests.cs b/test/Microsoft.IdentityModel.Xml.Tests/KeyInfoTests.cs index 26ed71c727..e879b8c3dd 100644 --- a/test/Microsoft.IdentityModel.Xml.Tests/KeyInfoTests.cs +++ b/test/Microsoft.IdentityModel.Xml.Tests/KeyInfoTests.cs @@ -39,7 +39,7 @@ public void GetSets() { var type = typeof(KeyInfo); var properties = type.GetProperties(); - Assert.True(properties.Length == 6, $"Number of properties has changed from 6 to: {properties.Length}, adjust tests"); + Assert.True(properties.Length == 7, $"Number of properties has changed from 7 to: {properties.Length}, adjust tests"); var keyInfo = new KeyInfo(); var context = new GetSetContext @@ -49,6 +49,7 @@ public void GetSets() new KeyValuePair>("Id", new List{(string)null, Guid.NewGuid().ToString()}), new KeyValuePair>("Prefix", new List{"", Guid.NewGuid().ToString()}), new KeyValuePair>("RetrievalMethodUri", new List{(string)null, Guid.NewGuid().ToString()}), + new KeyValuePair>("RetrievalMethodType", new List{(string)null, Guid.NewGuid().ToString()}), new KeyValuePair>("RSAKeyValue", new List{(RSAKeyValue)null, new RSAKeyValue(Guid.NewGuid().ToString(), Guid.NewGuid().ToString())}), new KeyValuePair>("X509Data", new List{keyInfo.X509Data, new List()}), new KeyValuePair>("KeyName", new List{(string)null, Guid.NewGuid().ToString()}), diff --git a/test/Microsoft.IdentityModel.Xml.Tests/KeyReferenceTests.cs b/test/Microsoft.IdentityModel.Xml.Tests/KeyReferenceTests.cs new file mode 100644 index 0000000000..806e80e9d2 --- /dev/null +++ b/test/Microsoft.IdentityModel.Xml.Tests/KeyReferenceTests.cs @@ -0,0 +1,108 @@ +//------------------------------------------------------------------------------ +// +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +// +//------------------------------------------------------------------------------ + +using System; +using System.Collections.Generic; +using Microsoft.IdentityModel.TestUtils; +using Xunit; + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant + +namespace Microsoft.IdentityModel.Xml.Tests +{ + public class KeyReferenceTests + { + [Fact] + public void GetSets() + { + var type = typeof(KeyReference); + var properties = type.GetProperties(); + Assert.True(properties.Length == 1, $"Number of properties has changed from 1 to: {properties.Length}, adjust tests"); + + var keyReference = new KeyReference(); + var context = new GetSetContext + { + PropertyNamesAndSetGetValue = new List>> + { + new KeyValuePair>("Uri", new List{null, Guid.NewGuid().ToString()}), + }, + Object = keyReference + }; + + TestUtilities.GetSet(context); + TestUtilities.AssertFailIfErrors($"{this}.GetSets", context.Errors); + } + + [Theory, MemberData(nameof(ConstructorTheoryData))] + public void Constructor(KeyReferenceTheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.Constructor", theoryData); + try + { + var keyReference = new KeyReference(theoryData.Uri); + IdentityComparer.AreEqual(keyReference.Uri, theoryData.Uri, context); + theoryData.ExpectedException.ProcessNoException(context); + } + catch (Exception exception) + { + theoryData.ExpectedException.ProcessException(exception, context); + } + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData ConstructorTheoryData() + { + return new TheoryData + { + new KeyReferenceTheoryData + { + First = true, + Uri = null, + TestId = "NullUri" + }, + new KeyReferenceTheoryData + { + Uri = "", + TestId = "EmptyUri" + }, + new KeyReferenceTheoryData + { + Uri = Guid.NewGuid().ToString(), + TestId = "valid" + }, + }; + } + } + + public class KeyReferenceTheoryData : TheoryDataBase + { + public string Uri { get; set; } + } +} + +#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant diff --git a/test/Microsoft.IdentityModel.Xml.Tests/Microsoft.IdentityModel.Xml.Tests.csproj b/test/Microsoft.IdentityModel.Xml.Tests/Microsoft.IdentityModel.Xml.Tests.csproj index ac405bed86..8c5cfeb079 100644 --- a/test/Microsoft.IdentityModel.Xml.Tests/Microsoft.IdentityModel.Xml.Tests.csproj +++ b/test/Microsoft.IdentityModel.Xml.Tests/Microsoft.IdentityModel.Xml.Tests.csproj @@ -4,12 +4,16 @@ Microsoft.IdentityModel.Xml.Tests + $(MSBuildThisFileDirectory)..\..\build\35MSSharedLib1024.snk + true Microsoft.IdentityModel.Xml.Tests true Microsoft.IdentityModel.Xml.Tests + true + diff --git a/test/System.IdentityModel.Tokens.Jwt.Tests/CreateAndValidateTokens.cs b/test/System.IdentityModel.Tokens.Jwt.Tests/CreateAndValidateTokens.cs index c33d966b50..077cb7599b 100644 --- a/test/System.IdentityModel.Tokens.Jwt.Tests/CreateAndValidateTokens.cs +++ b/test/System.IdentityModel.Tokens.Jwt.Tests/CreateAndValidateTokens.cs @@ -195,6 +195,7 @@ public void EmptyToken() [Theory, MemberData(nameof(RoundTripTokensUsingCacheTheoryData))] public void RoundTripTokensUsingCache(JwtTheoryData theoryData) { +#pragma warning disable 0618 var handler = new JwtSecurityTokenHandler(); handler.InboundClaimTypeMap.Clear(); var encodedJwt1 = handler.CreateEncodedJwt(theoryData.TokenDescriptor); @@ -227,6 +228,7 @@ public void RoundTripTokensUsingCache(JwtTheoryData theoryData) theoryData.TokenDescriptor.IssuedAt, theoryData.TokenDescriptor.SigningCredentials, theoryData.TokenDescriptor.EncryptingCredentials); +#pragma warning restore 0618 var encodedJwt3 = handler.WriteToken(jwtToken3); var encodedJwt4 = handler.WriteToken(jwtToken4); var encodedJwt5 = handler.WriteToken(jwtToken5); @@ -417,6 +419,7 @@ public static TheoryData RoundTripTokensUsingCacheTheoryData() [Theory, MemberData(nameof(RoundTripTokensTheoryData))] public void RoundTripTokens(JwtTheoryData theoryData) { +#pragma warning disable 0618 var handler = new JwtSecurityTokenHandler(); handler.InboundClaimTypeMap.Clear(); var encodedJwt1 = handler.CreateEncodedJwt(theoryData.TokenDescriptor); @@ -449,6 +452,7 @@ public void RoundTripTokens(JwtTheoryData theoryData) theoryData.TokenDescriptor.IssuedAt, theoryData.TokenDescriptor.SigningCredentials, theoryData.TokenDescriptor.EncryptingCredentials); +#pragma warning restore 0618 var encodedJwt3 = handler.WriteToken(jwtToken3); var encodedJwt4 = handler.WriteToken(jwtToken4); var encodedJwt5 = handler.WriteToken(jwtToken5); @@ -713,7 +717,9 @@ public void RoundTripJWETokens(string testId, SecurityTokenDescriptor tokenDescr ( tokenDescriptor.Issuer, tokenDescriptor.Audience, +#pragma warning disable 0618 tokenDescriptor.Subject, +#pragma warning restore 0618 tokenDescriptor.NotBefore, tokenDescriptor.Expires, tokenDescriptor.IssuedAt, @@ -823,7 +829,7 @@ public static TheoryData