diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.net45.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.net45.txt
index 193c1d32ef..bfc71769c5 100644
--- a/Tools/apiCompat/baseline/ApiCompatBaseline.net45.txt
+++ b/Tools/apiCompat/baseline/ApiCompatBaseline.net45.txt
@@ -5,4 +5,5 @@ MembersMustExist : Member 'Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenI
MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.JsonWebKeySet..ctor(System.String, Newtonsoft.Json.JsonSerializerSettings)' does not exist in the implementation but it does exist in the contract.
TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract.
-TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
\ No newline at end of file
+TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
+MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract.
diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.net451.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.net451.txt
index e5728f13c5..f3975a0d02 100644
--- a/Tools/apiCompat/baseline/ApiCompatBaseline.net451.txt
+++ b/Tools/apiCompat/baseline/ApiCompatBaseline.net451.txt
@@ -4,4 +4,6 @@ CannotRemoveAttribute : Attribute 'Newtonsoft.Json.JsonObjectAttribute' exists o
MembersMustExist : Member 'Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage..ctor(Newtonsoft.Json.Linq.JObject)' does not exist in the implementation but it does exist in the contract.
TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract.
-TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
\ No newline at end of file
+TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
+MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract.
+
diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.net452.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.net452.txt
index 527f810622..424e65aac9 100644
--- a/Tools/apiCompat/baseline/ApiCompatBaseline.net452.txt
+++ b/Tools/apiCompat/baseline/ApiCompatBaseline.net452.txt
@@ -1,3 +1,5 @@
TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract.
-TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
\ No newline at end of file
+TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
+MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract.
+
diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.net461.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.net461.txt
index 193c1d32ef..84f0aaed02 100644
--- a/Tools/apiCompat/baseline/ApiCompatBaseline.net461.txt
+++ b/Tools/apiCompat/baseline/ApiCompatBaseline.net461.txt
@@ -5,4 +5,6 @@ MembersMustExist : Member 'Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenI
MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.JsonWebKeySet..ctor(System.String, Newtonsoft.Json.JsonSerializerSettings)' does not exist in the implementation but it does exist in the contract.
TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract.
-TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
\ No newline at end of file
+TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
+MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract.
+
diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard1.4.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard1.4.txt
index 6fb183456e..54c35073a5 100644
--- a/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard1.4.txt
+++ b/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard1.4.txt
@@ -5,4 +5,6 @@ MembersMustExist : Member 'Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenI
MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.JsonWebKeySet..ctor(System.String, Newtonsoft.Json.JsonSerializerSettings)' does not exist in the implementation but it does exist in the contract.
TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract.
-TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
\ No newline at end of file
+TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
+MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract.
+
diff --git a/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard2.0.txt b/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard2.0.txt
index 48f12cbc90..23e4892dd7 100644
--- a/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard2.0.txt
+++ b/Tools/apiCompat/baseline/ApiCompatBaseline.netstandard2.0.txt
@@ -7,4 +7,6 @@ MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.JsonWebKeySet..ctor(Sy
TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy' does not exist in the implementation but it does exist in the contract.
TypesMustExist : Type 'Microsoft.IdentityModel.JsonWebTokens.TokenValidationResult' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken(System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters)' does not exist in the implementation but it does exist in the contract.
-TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
\ No newline at end of file
+TypesMustExist : Type 'Microsoft.IdentityModel.Tokens.TokenContext' does not exist in the implementation but it does exist in the contract.
+MembersMustExist : Member 'Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer..ctor()' does not exist in the implementation but it does exist in the contract.
+
diff --git a/build/commonTest.props b/build/commonTest.props
index 5c7dcb76f1..39a17144f9 100644
--- a/build/commonTest.props
+++ b/build/commonTest.props
@@ -22,7 +22,11 @@
$(DefineConstants);NET_CORE
-
+
+ $(DefineConstants);NET_CORE;NET_CORE_3_0
+
+
+
diff --git a/build/targets.props b/build/targets.props
index 46fbbf0f2e..1bb4d170ef 100644
--- a/build/targets.props
+++ b/build/targets.props
@@ -1,6 +1,6 @@
- net45;net461;netstandard2.0
+ net45;net461;netstandard2.0;netstandard2.1netstandard2.0
diff --git a/build/targetsTest.props b/build/targetsTest.props
index 7d42b4333a..7d8d215101 100644
--- a/build/targetsTest.props
+++ b/build/targetsTest.props
@@ -1,6 +1,6 @@
- net452;net461;netcoreapp2.2
- netcoreapp2.2
+ net452;net461;netcoreapp2.2;netcoreapp3.0
+ netcoreapp2.2;netcoreapp3.0
diff --git a/prototypes/AsyncTokenSample/common/KeyingMaterial.cs b/prototypes/AsyncTokenSample/common/KeyingMaterial.cs
new file mode 100644
index 0000000000..68e48e6116
--- /dev/null
+++ b/prototypes/AsyncTokenSample/common/KeyingMaterial.cs
@@ -0,0 +1,898 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using Microsoft.IdentityModel.Tokens;
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+namespace AsyncCommon
+{
+ static public class KeyingMaterial
+ {
+ public static string AADJWKS { get => @"{""keys"":[{""kty"":""RSA"",""use"":""sig"",""kid"":""a3QN0BZS7s4nN-BdrjbF0Y_LdMM"",""x5t"":""a3QN0BZS7s4nN-BdrjbF0Y_LdMM"",""n"":""wESLNTU4mazfVL-vLuJq_8ggJhW1DYxE-EeFiSccia1TTeyBWTVfG5vgYPtHXmL1RYgZvNhIYppS0ZT2U_nnCt8ukONCMSBpeLh8TqZxkHBr2pzbaKzbcHpHrsoxxXLHINZ6L4g_ewqYJwxfshuyD65tlSm8obFdnbtiCoVM-oJPbOcPsrzVgp_L5JWDe5bp6lbXXjJnMKVNCVqum1i4Taa6PGNm3HtlSXBz0CFWLwJ6IvAY7XDNOal3-5y2md6vqhzffmu90mKQ2ZzVwUoIr7aKt7DVuBQke434skDTLmJVcq-iOIpnYiLtApefX1KyDUWgnfHY1YDTrBzQKeu4uw"",""e"":""AQAB"",""x5c"":[""MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD""]},{""kty"":""RSA"",""use"":""sig"",""kid"":""2S4SCVGs8Sg9LS6AqLIq6DpW-g8"",""x5t"":""2S4SCVGs8Sg9LS6AqLIq6DpW-g8"",""n"":""oZ-QQrNuB4ei9ATYrT61ebPtvwwYWnsrTpp4ISSp6niZYb92XM0oUTNgqd_C1vGN8J-y9wCbaJWkpBf46CjdZehrqczPhzhHau8WcRXocSB1u_tuZhv1ooAZ4bAcy79UkeLiG60HkuTNJJC8CfaTp1R97szBhuk0Vz5yt4r5SpfewIlBCnZUYwkDS172H9WapQu-3P2Qjh0l-JLyCkdrhvizZUk0atq5_AIDKRU-A0pRGc-EZhUL0LqUMz6c6M2s_4GnQaScv44A5iZUDD15B6e8Apb2yARohkWmOnmRcTVfes8EkfxjzZEzm3cNkvP0ogILyISHKlkzy2OmlU6iXw"",""e"":""AQAB"",""x5c"":[""MIIDKDCCAhCgAwIBAgIQBHJvVNxP1oZO4HYKh+rypDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMTYxMTE2MDgwMDAwWhcNMTgxMTE2MDgwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChn5BCs24Hh6L0BNitPrV5s+2/DBhaeytOmnghJKnqeJlhv3ZczShRM2Cp38LW8Y3wn7L3AJtolaSkF/joKN1l6GupzM+HOEdq7xZxFehxIHW7+25mG/WigBnhsBzLv1SR4uIbrQeS5M0kkLwJ9pOnVH3uzMGG6TRXPnK3ivlKl97AiUEKdlRjCQNLXvYf1ZqlC77c/ZCOHSX4kvIKR2uG+LNlSTRq2rn8AgMpFT4DSlEZz4RmFQvQupQzPpzozaz/gadBpJy/jgDmJlQMPXkHp7wClvbIBGiGRaY6eZFxNV96zwSR/GPNkTObdw2S8/SiAgvIhIcqWTPLY6aVTqJfAgMBAAGjWDBWMFQGA1UdAQRNMEuAEDUj0BrjP0RTbmoRPTRMY3WhJTAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXOCEARyb1TcT9aGTuB2Cofq8qQwDQYJKoZIhvcNAQELBQADggEBAGnLhDHVz2gLDiu9L34V3ro/6xZDiSWhGyHcGqky7UlzQH3pT5so8iF5P0WzYqVtogPsyC2LPJYSTt2vmQugD4xlu/wbvMFLcV0hmNoTKCF1QTVtEQiAiy0Aq+eoF7Al5fV1S3Sune0uQHimuUFHCmUuF190MLcHcdWnPAmzIc8fv7quRUUsExXmxSX2ktUYQXzqFyIOSnDCuWFm6tpfK5JXS8fW5bpqTlrysXXz/OW/8NFGq/alfjrya4ojrOYLpunGriEtNPwK7hxj1AlCYEWaRHRXaUIW1ByoSff/6Y6+ZhXPUe0cDlNRt/qIz5aflwO7+W8baTS4O8m/icu7ItE=""]}]}"; }
+ public static JsonWebKeySet AADJsonWebKeySet { get => new JsonWebKeySet(AADJWKS); }
+ public static string AADCertData { get => "MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD"; }
+ public static X509Certificate2 AADSigningCert { get => new X509Certificate2(Convert.FromBase64String(AADCertData)); }
+
+ // .../Certs/SelfSigned1024_SHA256.pfx
+ // password: SelfSigned1024_SHA256
+ public static string SelfSigned1024_SHA256 = @"MIIHBwIBAzCCBscGCSqGSIb3DQEHAaCCBrgEgga0MIIGsDCCA7kGCSqGSIb3DQEHAaCCA6oEggOmMIIDojCCA54GCyqGSIb3DQEMCgECoIICrjCCAqowHAYKKoZIhvcNAQwBAzAOBAiX6QpBO4EGpAICB9AEggKIVVwwasu5VeKCiUPjNbpGaj4r//RbNOUcGhZLlZICCxEwT4S7SvrNIEtw4vP3w2NfEcBaQtL6uu+eSF+xPp8eaVIVaEsysAMpmg3kP2Jt8xT6bTNvaR/5FjKvD/vSAsjDSdm3F3cugjBAq4xw/SdjO0gH8xOtx0vhYvD5ga0SN2JKkFW1xydw0b/pf7qD8t297OSLC+vaCwG4HCPj3t4XzV4SgFp0kWqJ0geAfddwC0EPCgpWEp2y+0Eh29xUVeRn8NHl4bdjv0OyLEyID94j6WQPr1ObmhMu1the7Rt3geWMdqzHQ6QWjCMVElUOGs8lXZU3Riz8AGM8QIuE4jqk20kBe2R59DUHdy7eYRnTHKsUcxjvHbq/jG7M9GB/m6eGk/smToupQEMYqzftydzICI2VAgcUB8YEf6M4ZjQxvjpn1rkTyMj8TcqyhA1fNcWxPAxbLMQEyFt25BvDyUaR0DlRiQN7GVOpXR1WEI25jIYrSFcnm830iyUKLwTxncRH57r+I7uwL65x0ZttvhFqaDAXofZKMw7uB8vy05hc/GvDVF6CVMr19fRCsjSgMH57dwzJTi6UZ6YVLu7ubigo2YM264Shq3aOno6BTgalhh1kkdl8EtPbHI4unvMg4v55B3lQVjL4o5H6vditvDFSyNoM0HazmiyzMrFzkEkj3zy1Es2b/alY5RuJceb8uyZxUhpigrg/B7ZwNIQTc+ZBEZDFWFgf18SjxQfMHq6JItwK9k65RpuC205T8cqwyZy6iY8j85Tt90Hw7OUaCbs/pznKcckktpnDW3Ca7bCstb8nWRFj403za34RREn7WL2ezvJqDt0tanCKVX/zrdjE1x4ADF/MkoTUMYHcMA0GCSsGAQQBgjcRAjEAMBMGCSqGSIb3DQEJFTEGBAQBAAAAMFcGCSqGSIb3DQEJFDFKHkgANwA1ADUAMQBlADAAMgBmAC0AYwBmADIAMQAtADQAOQBmADUALQA5AGUANgA4AC0AYgAzADIAZQBjAGYAYgBjADkAMABmADMwXQYJKwYBBAGCNxEBMVAeTgBNAGkAYwByAG8AcwBvAGYAdAAgAFMAdAByAG8AbgBnACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcjCCAu8GCSqGSIb3DQEHBqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIlEr6OswpVr0CAgfQgIICqJd2Kcz+gOZRXE3j/8XbPBPJq3VKzsLRnCbvOhXLFwqiJAXzQjRpfAebtYhn9FuswQjMDQfYdim2Lg3rYb6VDjt61YDcPc2KTW4LkmPhFaKPMPtCDko3zflcnVODrt4A3/7Ku03WjFQs15n4SHA/rDtv725TwHx3isuUmky/cYfPscgiKv2AI2DLwe9D2BCJuAp4ZmTJ8o8i+XDix7ox8KXngWguIs1B4nomr62uio3u3OKJn0gUlVg2BgIzb4SSgddhCwxyWPF2oAW+pxI51o6QORwRI2yWNGcgnXojmsVG0urZ5pez2l3BE7w5qqT6QQSfktkmRQwi1ofHOIFLB1jhmxo8ANvXDEtB8YOixZ6XZURKyoZz9nqm+JPCBbHGLd62QFTUu+w8xz1eKvM2tAjj2GL9sK0JaZbUke9ijKhyINnB6pfYsmE3ja1VQ4epPRif8fZz8OKqLy+j0D94Opxq9FQgu1+qa5gvSzQ8skBPfeAlfoYlbEd/9QmIpFc5HHYn1puMz+pp46ilBal77FdKTunCRXQPFpfvUJYweJ4mTCJeHDktZb7xj8dl+lHZl5KJWRNEusasSRwzeNW4vZo466zSTUX8gSuU0OJsPo8q7znwKyVYh2dh813IQDd/1aFTKjPzjU5Wt7t5a2GwTr1wkMH4BP7UPlsryi0pv/EOLIEuMBBNDRDpAGEzkwCD/AECwv49SzFz3oGt3pzMReRB+NuRoIpJ6mw6aLmgJ9UoYAmMSRUL5VDTlLt2xP+ex3CRIpTa0NXhSYBPa37yTNP3ID7PWqXpECoY5w+QlYLTr+BMpp0L1F1D74punzjZc2pFnOgH+TPsTrVtrkWsk1iA+RHQ/AlC2JLnR+FVJSzktyrVC34j70cMYSqY4ev5A+fs2zgGp/4cMDcwHzAHBgUrDgMCGgQUUG+ZhmoN/MaNkyP3EWNX81zZoQQEFAuZPgiZ8hZN0m3+o4CLhQk4Uu6R";
+ public static string SelfSigned1024_SHA256_Public = "MIICWTCCAcKgAwIBAgIQPq8RWqoOL51G/qUxq7tBizANBgkqhkiG9w0BAQsFADA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAxADAAMgA0AF8AUwBIAEEAMgA1ADYwHhcNMTQxMjI2MTUyNzAwWhcNMzkxMjMxMjM1OTU5WjA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAxADAAMgA0AF8AUwBIAEEAMgA1ADYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMl0ubbO3e3FpeMN2/gjz0YElurF0UCT25777CmNfzpvxtuvziUxa/ALMxmz+sVLzKb6kMuLNagU12cYZS3ksgntqxz8R/VyZO33hysNAMeMcdeOMhMm6ubTXEqqdHAb4TUPhme6o7Bvpcx3yPlxECoy6XE5A0VlYBgWzqMJN6F5AgMBAAGjajBoMGYGA1UdAQRfMF2AEKiIeaB2ShCC/Mrhyxg2Lf+hNzA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAxADAAMgA0AF8AUwBIAEEAMgA1ADaCED6vEVqqDi+dRv6lMau7QYswDQYJKoZIhvcNAQELBQADgYEAaqChtfN/l6xTcMItwFG9jhDPuWeLDXAplM0vSwbia1fIaAXdcFRSaH+5QwqoQSDROcfiWRbPNWhFXfzOj7FEBmtbGifiqDvHislRHYrqnz9FRKiay0KYn0tJ2RUsTlKxZNz0WVu9M05wJjYH4TB04ad5FhgxJZ2h/y1X+An4a/o=";
+ public static X509Certificate2 CertSelfSigned1024_SHA256 = new X509Certificate2(Convert.FromBase64String(SelfSigned1024_SHA256), "SelfSigned1024_SHA256", X509KeyStorageFlags.PersistKeySet);
+ public static X509SecurityKey X509SecurityKeySelfSigned1024_SHA256 = new X509SecurityKey(CertSelfSigned1024_SHA256);
+ public static X509Certificate2 CertSelfSigned1024_SHA256_Public = new X509Certificate2(Convert.FromBase64String(SelfSigned1024_SHA256_Public), "SelfSigned1024_SHA256");
+ public static X509SecurityKey X509SecurityKeySelfSigned1024_SHA256_Public = new X509SecurityKey(CertSelfSigned1024_SHA256);
+
+ // .../Certs/SelfSigned2048_SHA256.pfx
+ // password: SelfSigned2048_SHA256
+ public static string SelfSigned2048_SHA256 = @"MIIKYwIBAzCCCiMGCSqGSIb3DQEHAaCCChQEggoQMIIKDDCCBg0GCSqGSIb3DQEHAaCCBf4EggX6MIIF9jCCBfIGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAhxE338m1L6/AICB9AEggTYMrXEnAoqfJTuvlpJieTu8LlJLL74PWG3GJmm+Rv45yMFjm332rVZKdLEOFmigUGGMfjk7uFBBLSpm3L/73g2LdNBFhMFnmdWlw0Nzs/Q4pxmHN+b9YPWv8KpiFc/CIUl30Nqf7NHk1CdM026iuY/eJlIO6eM8jWz/NP4pK+kZav5kvQIrZ6n1XYstw7Fw8Ils4pCGUsiFwNGFuSVLCRwxHqvEUgVmV3npUbCwKATSRNcs23LGHo4oZO1sj4u7cT66ke5Va/cGLrIPz4d+VelRkrPCcbgFi4bo24aA9b8dayMV7olDF+hbHTH9pYfPV5xUejsfGeX4BM7cH6Kp7jKKXJQq9MD26uEsrK9Bt4eoO1n4fK59+u0qSI7329ExsPA76uL9E5Xd+aDUpOUyJRCtnjY/Nz9IO/6zR5wdL72ux8dEzJAYqRgpmwIgyaXE7CYqmc9VHE65zddcpOFicVIafXfftAmWAPuyvVxkij04uAlSH2x0z+YbHG3gSl8KXpzfRmLeTgI1FxX6JyIV5OV8sxmvd99pjnosT7Y4mtNooDhx3wZVuPSPb7RjIqFuWibEyFLeWbCZ418GNuTS1CjpVG9M+i1n3P4WACchPkiSSYD5U9bi/UiFIM2yrAzPHpfuaXshhorbut3n/WBXLHbW/RAqOWMeAHHiJNtyq2okTM6pqp09HGjc3TbDVzyiA5EgfEdMPdXMNDZP7/uVFk+HQAm35Mrz+enMHjnLh4d8fy2yRuMs1CTLrQrS3Xh1ZbUn6EJ5EaZCMjoGd4siBIOuQvrxRwYfpnRB+OYMetkpUtMFCceMTS809zAS+rXxZ9Nfnk1q5c73+f0p9UZTLzajwNhPMhtQL1xYA2tVobVA+6hSxb7bgiH7+2qhoTBkmwzEkfXg7ALL2erBWHJJn5Hr8e4C3OdDFo/qCfA1E9IK3qIyLTzbhQnNRD+6KKTPP2ynGCJz2oIn6gmh29jKLwZc69FHMHdikevk58EXzKmHK9sy6YAFXQ4pBRKpaNwiQiNbUJsO/WYQ9CSoKRQjBOs7l1UbB2roYRXuUyZ+pLjOXnzaHOjF4nrNL8PP6XnCfJUXfmpQpaY/Q0zT4R1Zw+lXjfKoVd5JFPoWjoHGNQyFnvlyyUldB3jHQptbtUjV4fkeKXPhqcjn3QMSwN9nbwqiig88fiItVJFmDHemywfyiEtsDwc5yann0vNquegT/W9G0dq/7+z3e8V9e8040RpdepKiHH4o9cmyIT8gUNkXkJXsN9ZNaekUCGuhTqpzM2K3+zW1K7lTLq9/w3malhfIYw0mdHx2bz6nkyf6XezCQt7Fwc263r+YbAV16hjJJaTZcIqggoe5Al8B48mcCmGwNBF+Le/4/yoArzxlLbbljG3xIODJa+Vh01lWqK09mRbNpUjUtHswLuve48vabA2aZZmoxlsN3e7wLywrZ+Tvg4zg8R2ZzjjCXHkBI7qtZZZxMe+x2w3NbTnN54Gk1U/Pg3nVj242qCWR43A1Cp6QRrhi2fsVoNZCuHSUkykhH6q3Y/06OdgVyCyboXh0XnttlLbNLp3Wd8E0Hzr0WEm/Tdv1VDNu5R3S73VX1WIJ6z3jyTvm9JkzJFAxrk0mwAzBOSS34eYRQnhWFCT8tqHWIAzHyH+YJ9RmTGB4DANBgkrBgEEAYI3EQIxADATBgkqhkiG9w0BCRUxBgQEAQAAADBbBgkqhkiG9w0BCRQxTh5MAHsANwBBADIAMABDAEMAOQAzAC0AOABFAEEAMQAtADQAQQA2ADYALQA4AEEAMwA4AC0AQQA2ADAAQwAyADUANAA2ADEANwA3ADAAfTBdBgkrBgEEAYI3EQExUB5OAE0AaQBjAHIAbwBzAG8AZgB0ACAAUwB0AHIAbwBuAGcAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByMIID9wYJKoZIhvcNAQcGoIID6DCCA+QCAQAwggPdBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBBjAOBAhbuVGIv2XFPQICB9CAggOwUo/TgmdO5qDdDqOguXP1p5/tdAu8BlOnMbLQCB4NJ+VU3cnmzYAJ64TlkLqXGCww+z6aKVqtEODud5KMwVuUkX1Eu9Q+kLpMF1y6chkCVmfmMOzU0PsfMWghYSp4FEtWuYNzVQ869qrMCpVDoX8jUroUVkX3BV8sVUV7ufFYdFbwo++c/yCtrHxw4/oagjkXZXV9QBns+fLraJU/mO7isZJwHjscAZhckTdHGEr7hOqD/sHLPXYAgYCmkplH6aSNdyc6VmFXxmpKYFwlGnSA+xlJNcwrfyrljg5iUjpFMCcUuuOhjDCkIgTYsyT48uOgkoBLQzuQ8Oua3tpG1DQ6x2HJSHhQaILpNMZ6nWUrt9YRjdJHdCtdZGN/FPrASd8Vi68XIHu4dAy9zXKSL7GxsBCXXTE/XYca0v3rOnpvye1yt3zxssKPoMlgSUxsoUj9Moqyt+bjYJqV8tJwGt1xpB3k+QgpkmJnMY2i18r9sm59q2t+mWFfFwq/bIozNbzPBNzqq1q4fl80/7qEX046+KybgjaUrIAPiBYsTlAGNMfUAPuO/vb/FTq5Pk9SXepEqc+NkXrkOGzskOALefD9+DWDOy4j1loCvIXjLb1B9e4C5AIqzU4Sxq9YaDgVIVSK9GoVriaq8WQUSBktPruQD1rgPiHr94LZ0RgEBAReO9x3ljCXon6/sJEFUR024zbmEKol+HuY7HMPRzY5113nodOMYsYMFK5G+g4x5WtANN/qnoV16laBqJvQJ0iCj3LH8j0ljCPEMFUl87/Yp1I6SYrD9CycVNo3GuXdNFxKlKCUlf5CVjPWEhfM1vEvUSqwQuPEJ8gj9zK2pK9RpCV3E3Jo+47uNKYQQlh/fJd5ONAkpMchs303ojw7wppwQPqXavaHWX3emiZmR/fMHpVH812p8pZDdKTMmlk2gHjN7ysY3eBkWQTRTNgbrR2cJ+NIZjU85RA7/5Nu8630y1zBEe24RShio7yQjFawF1sdzySyWAl+qOMm7/x488qpfMQet7BzSuFPXqt3HCcH2vH2h2QFLgSA6/6Wx5XVeSQJ0R0rmS0cqAKlh9kqsX2EriG/dz2BxXv3XRymN2vMC9UOWWwwaxRh6DJv/UTHLL+4p6rLDC1GXZ/O4TVqKxNe9ShpzJx2JGwBl5VW4Rqo4UNTZTMn/L6xpfcdtVjpV+u5dD6QGBL57duQg9zqlJgMRbm/zjbC80fMjHpjbEUkf9qkl3mqEFp/vtrFiMCH4wH7bKswNzAfMAcGBSsOAwIaBBTjZISkPzPwKqSDK4fPHZMa83IUXgQUt9xlRgPPpTLoO5CUzqtQAjPN124=";
+ public static string SelfSigned2048_SHA256_Public = @"MIIDXjCCAkagAwIBAgIQY9+BvEWchJpAX/tDKzHwFDANBgkqhkiG9w0BAQsFADA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMgA1ADYwHhcNMTQxMjI2MTUyNzM2WhcNMzkxMjMxMjM1OTU5WjA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMgA1ADYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWE7VB3zRniE3CsYLy9sCLAdFB7AsGKMkZsJxiwKD1uv+OKshPN9Epm7ZJQWjm6YGeQYKGQUaNs5Z1NaapKLaT52jqcTLRbOC5g331GkXTPICkjDHsR+NPyd7J4O4Hl2ls8q1+mcYhHSJOoamWOGZqtpCfpqqOhHhG75Rn282kA90Ybc6xY+rTgBIYgSt+/l3/muI3XTU6wghifYwZfID1IngBEb+MD346QgpiJcWObL+WIXPGpLNmDjwJZ8IlXvgO5JPSz1wxCyb8EJHUp4hQUc778RtKB82UXbckhL3eW49v1jpuJoqeNm924vlMX3IYAwYDBF93K6F8yu2otpwvAgMBAAGjajBoMGYGA1UdAQRfMF2AEM2V/dQqCNOhP9VPwFcAubuhNzA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMgA1ADaCEGPfgbxFnISaQF/7Qysx8BQwDQYJKoZIhvcNAQELBQADggEBAKSksE7/5TOc5ngnD54poNnaPWrw4kolFzqYdw1/s/evScT4tgFYR1FrmPB50KYoZ0c8FzDY7PK4SkB7x7xFbjPYZwcEzeHqZ+WsHO3UxI2nU94CUsBmNR09CMMIwt/1A1yfzSNTJE452YtycdLVJUC6NBR30Di5YOFWPwIEO5XE0J7Os1xuhZc6AEKy2STp0I3FL27gHu3R+3Xhqru6fQIOw52Pcp1axXsuE9cQ/HKyeNTvM02FZmjlx/Vy3lC5I/2xiUJrhqzczOMRRB8clpsAp2uNWfrzJ0aLCprQO62pN9L/51PWbSMsNfnfuUo4eZHv2noQ3mGzJPXyK43Omn0=";
+ public static X509Certificate2 CertSelfSigned2048_SHA256 = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA256), "SelfSigned2048_SHA256", X509KeyStorageFlags.PersistKeySet);
+ public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA256 = new X509SecurityKey(CertSelfSigned2048_SHA256);
+ public static X509Certificate2 CertSelfSigned2048_SHA256_Public = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA256_Public), "SelfSigned2048_SHA256");
+ public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA256_Public = new X509SecurityKey(CertSelfSigned2048_SHA256_Public);
+
+ // .../Certs/SelfSigned2048_SHA384.pfx
+ // password: SelfSigned2048_SHA384
+ public static string SelfSigned2048_SHA384 = @"MIIKVwIBAzCCChcGCSqGSIb3DQEHAaCCCggEggoEMIIKADCCBgEGCSqGSIb3DQEHAaCCBfIEggXuMIIF6jCCBeYGCyqGSIb3DQEMCgECoIIE9jCCBPIwHAYKKoZIhvcNAQwBAzAOBAimOH6XHIwwJgICB9AEggTQO7zeX7cwUppTcNJb/h85952ZPTI5nmlnTZ9AcPrmdoL7qldCZf0Vbs7J09Jk0erO5b3p21EZJdVZlTvvkdOd+OKYgFlzxgu934iNC1YL9mVp4Nb7Gd9H/kcBkwpzxB7fjx4hZtuAENA6mau9ZyNfdIJ6EoiG3KE2nC0fpKGFGiEngchmb88YPEU4g8RTPo+dl+P4WeNn5Fk7unIrn4ehtpGlqgu99cePRr1tk22gekDsEf4tD0ongqH54XJwOX+RkuCAWm+Z7s1TmAt2gf8kOyQV8gn+ydLdrHc4/TaWCHa6tshvoclaY468BRYUEnPxSmY0owHzhPPt6qfuIgsjT8ZJ0xyPW5BEDq0bM8xKq1/WWx0GE0fWFNfozU+5a17UCjmqBxltivVqXSQ4LXS+os1ryGFSODXjQmR2DnZAbPBSrZI+DHKdz53E/xjEjzov+vwxC9B5N/VOoG04Qcb9cvsilKDCuQTLF4kyUUWnXUntwL+DKppjEw3rOsumqPXkJbiAukOiVaQPxx5nLLDBqNHwumfxywXPfD+mv7Ki4+iJ3lN3oCSecQBrcr9PfnFV3f5X1fP2hg0JI2tdhKrShxBUtC3N/vBdX4fYOjANEEQYMhD7pBSU9TEz0ReVkjI7I1WMJKtCFBgK0Bcu26HyL3vhoK7tYzuiolmAKbBTQiFv4puELFM8LBsNqX01kaW9pstONaM52GvBbucGN8MEYbpVGuBVqXj8QIXeGDc3AYbJXzvUORhxxY0UTtDVLs67zsWhSe4qnCugrOiUajNE9MUlE1Wz8Ejqgqa6W+SAwDvtKCVtq0bCdzNinKJM8+vMLYmqSndY79e6mXyR09kqb3Vwr+UTdn3Q74J21tnA6Jh3Kyq27TK/muIfCu43LBdItSds0ZzPwVIYpdOKn4a6eA6G6BalsXv6qZAK5bkpybBINkHHkHxe/aXYecz22XR+krLjsp0CIG1HyNjF591dSuFFUKlKR+09Fn0eQJ0c0VJZrFvwj50UK8eJW3oi0cc1rxIzj2tZFRHO7g/p4hwhM8zVgn2/q5za7vNdvnasLLpab1i24YIqUwzjC3ezE6b/Zo65RMsrDbtFZv0aMuRmumUmQ4iOBMdat6edQnHmQ+OVRGRPeyYacNt7xHbTN1YmNKLwmjC9q31SmCuBMfe19eOybuffeFFT5RV91f/+EmYhGkqppqxIY7AW8FtuD0bknYHqziyHPzoKTiIDkpmm6UXEHDSt996otvBASS35XHBLjH1cevgo88SxVdq2ZqtDKd4fJcSHeEzggyqanWX7miZ0/bkkfOOkf3I/Shvb8J0SoqROUPvEo5cixt9E/QhDNUIVuRMVkUUkK59kKs23JhD/mKZbMQoTe75pb2JpAH0eqIWmQ4RYUBBLZjz3p38cKq2o6MjRgxXtRDnclUj59P9QIsb83lygYUBP1JKVaH8wooFM7NmMdUT9UAYA9i4uhEaLsCU3CxzUuzRcldUX99974dOqchEYx+cqwnXcZTJr2V99qBOHGn2jGDB7KRAaaBcstPAroQWlcJEAABEA2YLojY4QfD4RAFIT6HZCpQv1jVJYgdA07flv64fWRr/pgZrewJhx3cfdYaFT8A/iyLaLMWuN6T6WMXHtaqnYmfUxgdwwDQYJKwYBBAGCNxECMQAwEwYJKoZIhvcNAQkVMQYEBAEAAAAwVwYJKoZIhvcNAQkUMUoeSABkAGIAMgA2AGEAOQAwAGIALQBhADUANABjAC0ANAA3AGIAZAAtAGEAZAAxADAALQAwADIAYQBhADAAMwAwAGQAZAAwADUAZDBdBgkrBgEEAYI3EQExUB5OAE0AaQBjAHIAbwBzAG8AZgB0ACAAUwB0AHIAbwBuAGcAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByMIID9wYJKoZIhvcNAQcGoIID6DCCA+QCAQAwggPdBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBBjAOBAiJsSkTo/Zj8QICB9CAggOwP05BzfDoMDJJ4aJEPzx23cyiO2YOP/poicVIwwi5MueDb9uQoS8LlYjInaku31aCx+3722cl5RLm1EwSC6UuMmqMYXEf7iED2bNCjP5MxCCbhZi/9sbHBD4rMqPF0fq6JRTlCWJ2utNHxDPh5T41kztUezR+l44IUkxjyRjOzu2XfG2/5c4rdotpCtZGez0NSuirCpDF8sNmwW8tiIUorj1Yjp/d3XYhdw/Yj+2cJiAkDWve1UMH3Wg8NFsANm7EWAwh7tp4i0nJhtWy7Ml1VBdsstpKGIJVZKGdfZTGESO11aZkeR8qLQb8QM73woANVP073GunpC43vn/CFjdyKNIlJgXHHyYNNJ3uGyBZgRBhPXBktz32pzvWHQ5xtBnVqi+ZOR5XVb5nGQ2b7F6GDuBXqWz3Bdw5Pp7JHjDpp26QUQyxiAPRGuyN20panWiiXHuObu617JLQDUKciqtTjlPmd836H7CTofMWzGi4btUjmchnjd+s3Eg/hRa8Lqej49dQoK2dMMAzKa/wrQ1yNREQqVvjs8nXUlCRsREz79fok+P6NUxQkMOfMPOsRvjhgvRHhfIZ5h3bRlKT6yRfwzQdF6KaiChdZOjKAz8DOjk3v4digcNGpvn+a/lqF5TsizjoP/9ZEI5//1kNm3Fi2Ai3YmLpu2IEI3DiWca45kULLfUkIu3Uep7HUED+kGTPfNYzJFhmPCgGQjRrMj9iNziMG0eJ8nY3uIqYRQnNYE3W9ho1ch1sgKVVXsWggHuzx0a05IIMCnQFDMJo7SK1Kzg8fQJxqmt3I9PaONEgbMUEYojVHMKWXF4Bh3dt7lZGPIovIgO2qogXVB10gNuyO+VFZBvrfFmnAwqXs2Un3HYBoxDq6EE25IKibyIVuaGKNaZP2WlVl2PHKmN4PoeHKKHfcuIoMJivZy+HD97AC/3ww+NmXCBzfdejpmBETyacc1TmwVlPmgkIBtrrX0PBwF9g/egE7u4QV0f/wiQ4PpkkmYYG1E8+8twVa8/fgFXluE5F7/6f0Oe/X0JYcJgoB3lar/hUvQxww5yswy1Aes4w+YzO0tMhS+N4gJWAHpPnlunBOKafz9Zf2CbX/M+JPHXL11vILX4ZF59KKm80w/o4P7R07K5bEkfDitJIw2XGpV8TF7213rTSSo4xtZwsHVjG5/r25kYpA+xmGlWOSfLSAl83TUEs33xUrsrudNvk9PeMgvOF6YZqTUi5tsoYOVj87BqDM84rhOW0gecdLA0wNzAfMAcGBSsOAwIaBBSVpDdkQOc/Mg8FaDRq0NMdAIqdPgQUeCXwWCZpqd30w2f+ucNlOFAPkcg=";
+ public static string SelfSigned2048_SHA384_Public = "MIIDXjCCAkagAwIBAgIQmT68AQ3vPa9NmlShoEZVVjANBgkqhkiG9w0BAQwFADA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMwA4ADQwHhcNMTQxMjI2MTUyODExWhcNMzkxMjMxMjM1OTU5WjA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMwA4ADQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdtHnoaSiqQy+hBEmLnxgOy2euwvtpC0CHnzIJILsoyBdGELQ8cuPCTKT1JNBluphBtFF3oB3xoxRJWrAzNgvDqm09yS57rFXbV9jK9j8zP/QdEr9j4i1CckwNVY4PNCerF3bDpRDD00IHD+NObLLcaadFBjlzMxRjqd4D8ko8Jxl0g+gO15QwlXNQW83H058Qcd20chiifr1nILcJKEdV25fhfPIqvQny39zaydEDMnfAGo7Puj6ODjYbjZ50U8mUhtYdVtye8tP7g2C8lhwUT4N2B+sJCbInApT3ONTa9clPT23Fif/2JsNMRISt5bnDJpBCtP29l0i2Z7+5PUnfAgMBAAGjajBoMGYGA1UdAQRfMF2AEGd1geu132c0YEEInmdrMdehNzA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEAMwA4ADSCEJk+vAEN7z2vTZpUoaBGVVYwDQYJKoZIhvcNAQEMBQADggEBAGrxk6od8vgHb/tRoFgGcGfubMlZMRvH2Ly+4cdLpgIYKqvEWTnze0KVrd/y7qyoJc3pbAqs3XRrhAFiB6NACP5PeOFV+WvA2PF45qSO7kXwACXlYqvHQcnEo33BWfLiBpKY2zXUZzUOyZAOpNYM8SDLNH4wj0PH8F4pU18i6Q/E2t5cVUR11PpHCpKoUlMNClx8sCW4/Pamvn3BQw+NyrMpCz9NmeY5k46h8smPB2Z8hflLUc9zcJ8fv+dvun87bLa0S8Y3pM/gMrbVswsfkQ4uZY6iAKN4hGQw+SLb8KG8vYRGI726S8h99el0kRJBLZv7JD6oBbUI+92s2KN7I7A=";
+ public static X509Certificate2 CertSelfSigned2048_SHA384 = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA384), "SelfSigned2048_SHA384", X509KeyStorageFlags.PersistKeySet);
+ public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA384 = new X509SecurityKey(CertSelfSigned2048_SHA384);
+ public static X509Certificate2 CertSelfSigned2048_SHA384_Public = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA384_Public), "SelfSigned2048_SHA384");
+ public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA384_Public = new X509SecurityKey(CertSelfSigned2048_SHA384);
+
+ // .../Certs/SelfSigned2048_SHA512.pfx
+ // password: SelfSigned2048_SHA512
+ public static string SelfSigned2048_SHA512 = @"MIIKXwIBAzCCCh8GCSqGSIb3DQEHAaCCChAEggoMMIIKCDCCBgkGCSqGSIb3DQEHAaCCBfoEggX2MIIF8jCCBe4GCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAj5j6Q6YCZ3pgICB9AEggTYMipPiUmsOaVV/nfJ8XtkdY3OcLyfMBYVPxur3NuPre10EZq3NkxsxbigO/kPcKJPEjZ/ekb7/h6jEPQRFNXTHVpJCxcc3JdPl0PniitQGUgFIPCgtL60GG0XjcDQPPkOwPOicYIysNu7WO3maQ3FTuht6gO0VQKKTZTBjysmWO1QrKts66vKMAFZ7zlJcBa8kk8BNkAgzRYfwaZHEOhmTi3clR5FdgZbbhlJfHDNOCVOqbHDWJ6rr5PW5brJpIKhinbfIrfya+osqM8EGcIrt3TdC4/aIte/ALigcc4+zXdwcAYTzNIm4mLLKsbm/bAR5twubXmo9qbtgO2lD23uPJ8Rf5K7JSwjbgxCWSjzWoLyTBYdTQBGtlbux2K4M7iqlf+SWGkjexlgMZLFXPljroRyXq/qdj/zGeIln0Ec0WS2Mdq5a8uzxCIqaOH1GMw61YjJbUlRtA0ZguG7oLuI8cDDuIKhxBpgbyXG9hkyPAsNlPQLqPvl8H40DQVqlw8B2QS9Q0Io8WexE6YnhuutPS14tn7a6UbUqNI8MUzjYX6lKG5R8pmUjdk8gMN2g9cY5JVEzLe+AtoYrpX+69+Z52uUFXRVvB5CltdFtpupX9ZZzoAO+9QPx3xSC6D0bbeCfTa8mJ8H4rDRYzDdMyObmBKevHFPsOUrUY6An0Vu6dBrgAG3z4EjFP83o2LJnQzRb+zbrF9w5Kc8qIDY/7HFcDD85YgMyn1IiQr3RqP6Puen/HQNvjXJxy2+M2etRkRLCIyRhJf/4gLm8YbKR+7kMWGy/BBjIZ/8pc0JNe71bpjwtT3ngQ+Zw7hoKoZ4DxfkowXfqAFoaPWx8hbVBpc2mrg2YYF4DE7JlQId72UXAOgUiQzyWZ5TepXrzbjude8FXAIhEJA/nz9jvSf0zWyHbMS0iHfsKsREnCu9u4RgX3tuQL3TyT6HOHNOpCFbHB9nBYgM4k1BkcJGaUGeCm2P1zxE4J/CQ41vw4J5w8oTccMzIYQZEXhHnGmd2x54B4nTWVGWlWb5hg0cqvapvgrACfNjHyV6SMQRBtrxlw5mVTtY3It+w3Xn64PVOt2A4cLSYyTWNQ5m9cdI8/QTmfNk7VEvAUFJ50B/SZYKKQi/Inbq014G8caB7amr6IFf8GphS1dgGOIc8qnSSmSK5c7xpcAGtafdPWl9mTK7ZWRG6ClsEHWo5YpViRtZdJkohk5EKajKeR0enwI3v7oyGqkOfKEk0BlDc3zhCpOSspbBr08SRxUzGtGmMOHmNAMWJ6ay8AEJ0gRyj6saJ1MIzjW70M4o/9x3kHo3BiWqVVaDtxpyOObJxx1ze26d/G/9HCuf3nuM8m9TikngHsQl+zT6Bvb08ChVRjAT6sDzbvB/FGiKyux7wX0wCqkTHmfYOqWeJyCHDndgFhpt3J+HX//OMunmkpEXBdq4afqL5h4nzqyIfwL5VtXN3kW5muvMLZjOkM1xQd1bZgO3iZzOPwXOvWITlcG5OTJWEjHE+bD7uq9FvjdiWrGx26Ym9oEqef8zdBddGHyFlZ1SCtg371LyvsUUkm0TVUGdOrm3Ii56g/FhU8vtsUtY1m19hZYAPkMBT2LfUwddL62sZqY3RMJOpa98BSfi2N+AJiiKOLLWOzeldsGBixYOBjGB3DANBgkrBgEEAYI3EQIxADATBgkqhkiG9w0BCRUxBgQEAQAAADBXBgkqhkiG9w0BCRQxSh5IADkANQA1AGUANgAyAGYANgAtADkAMQA1ADAALQA0AGMAMgBjAC0AOQAzAGIANwAtAGEAYwBjADMAOAA5ADIAOAAyADkAZgAxMF0GCSsGAQQBgjcRATFQHk4ATQBpAGMAcgBvAHMAbwBmAHQAIABTAHQAcgBvAG4AZwAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIwggP3BgkqhkiG9w0BBwagggPoMIID5AIBADCCA90GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECGY+WNOUhlCtAgIH0ICCA7DoQ3i+xoibf75j7DQek7tg7MrlhV2R9+urbPhMKyoUodhmNOT7HAwx21tBwTw7i81G+fPQ+1qJB0JcRvRryXqXo9n1PlWhT+5zDM+7e+3NBKhA+obJUCqNwtbO8le6wauodpphMPT6/btVi6ehAbhXCPl4Ul3nbzzquEOQA1ynpBjfCJdNc9FWGuDwyDEWuxu/TX0y17GJmBDCjzqEaE7yFV0RBjtRhlCNWHXdj72oxLOftG8ibO/4V2QuLls//9Y165gIgMkEnmJ723NI7Nems3CVuB1TvzAb2Pv6wd7bL6rsmujviWP0BzqjNP1+KMheJ5JiUYKEBE3xQlPNq+CaqaznIM2A9EBnJoTHOPsVqn+wlXfIwnERpq7+toJmSDlfwiexIWXZ6BSoU6BJDEU1NOGMwHOyv3+NwQonXgPbx7aU4z15tTj5R7bHyaNJR+5ad5ApCcESzISYCgx+lnllgdkOVN1IA8SVioUkkV7TpWMKi7KvB9tNp2+8zpcQQ5XDSUGUmVZP4ouLY+QUUMtFZ39cB2+jSF72ZlY7QWBTKwg1UWhZcLYYSIe5VdagxUauf1bYvKvPlCCIXfHrqzta0rH93HMryyKcPlIvpr3X2jr9BzDhbaCp/flqeDLJoH0SMNinMI1oq4Eh5HotVrq81mSRmaBE+fnr1gpVPKUNw4Yj/tG5TRgycSauB7gmYgetZwRxL1PrjA5R2ZuFBdq1JnOMwLDgqj0mroaK+r2XjVkK16AlbFjvaEBQtFB4n166ignG6s5T4OCcBnWa8PJJU8kFu2nLPGlJGPtiGYpXyfJjuMkCD/VCfSj5F1VD24Aw256IY6dCig2tNO/31CmW7+Q0ZlX/y15uuN+zQp7iZQvH3+cyhQkMap0r/7i0Wge+uFpRLQmsZba1pIksJ6fcD3cCyuyXdV2LflBsSCRBqohHgbrk9Pzcb/7t1C6oONLM7saAw6gosoxTPTKagZzb4guHVdKyNTVnKSI8FVDdP4C7MGp4kqPbaVEKvYXbvAnjpRqcWLQMLhqoxxeMoLRflcR3wabGuj3jbu5ANXfIuCkenSkfQYymqXF0d5mo3l4Ak0Wv/nAnx6t9wr5ZMI4+OpXgAHUCZ0kTs924hxRQglpi7i2lQUFrt/TAcp52DCPMst4YlhBP90JFXT/kEvUNLaKahqSKxLbrDHNgFZVVm5+foU0Cb9qKXxobTytIKMzqOUQ5JOERYnDvL2fgascWOfn9mkVuhfd+MpayBCQXrjA3MB8wBwYFKw4DAhoEFBNPLaPVF8m94SxtpthICain/6n7BBSIrBaNgWE4o5NiBKid9L1c9R1m8A==";
+ public static string SelfSigned2048_SHA512_Public = "MIIDXjCCAkagAwIBAgIQzTfvf7ABYLxKOErOiooMIjANBgkqhkiG9w0BAQ0FADA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEANQAxADIwHhcNMTQxMjI2MTUyODMxWhcNMzkxMjMxMjM1OTU5WjA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEANQAxADIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzk2XIZKwGbblamSyJ3l+Co+SzCqSV4X7COoJM0R7UwgYT12hD30xhvDUpQrhuHc2ecF5SPggpG/Z63BXsIaqSMCcmzOoV9igFDqWzecbj5Mz/xSm/ZjJ7HXxiklSekWFG1q/8crd1HfdHjaCm+hMxpfXFSH+h3bSxv+2XBkT+Y35wUXnnw6Q/rE+ieW5+xn0MUvh1UkFCl7+ZDOhIzbXkzM/BKUAPxbJBjXeAr0Cum/IVFStavxi21Sgj1XoMuW6tlFX+eG6wUvmh4LjVTlIVdrV8bqxDIm/w/vCwlyvcQxERlP3TVlusUkc157pXKvhqNlPdEGG9kUumMVaziNxNAgMBAAGjajBoMGYGA1UdAQRfMF2AEMQYtKMfx+sbsi5bQ7l/LTShNzA1MTMwMQYDVQQDHioAUwBlAGwAZgBTAGkAZwBuAGUAZAAyADAANAA4AF8AUwBIAEEANQAxADKCEM0373+wAWC8SjhKzoqKDCIwDQYJKoZIhvcNAQENBQADggEBAAvM9kCf8fpwiLYtEQK6ryHmg6MC5L2BNGsuRUOZNDkp+/LZF48tkfL6dTYslj3kPeEBGAA9ggIjDinTbPEveEpPUoZTllkMj9A9T963yhaLlsVAJDPbJw8XlHO+c01VjUtIjaVtIvJaCNoXF0S+TfbRDKceiEXYcDS+ySyssCi4x23nd2fylRvpiaOrFAMDXHF440vR/I18VEqKuPa/NWj/JbVdaXAmyjjtHi7GIcL6rQQFpbDDfrzKmNCc/SXLkNQ97ArngEkOzZhOmP2aZ7ZqdX/h3mRQ3wo91+WfVfFfbhKc4qTUQHr9rop2JeEhu8WaRwVoqz6PtXB6WtIX8hk=";
+ public static X509Certificate2 CertSelfSigned2048_SHA512 = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA512), "SelfSigned2048_SHA512", X509KeyStorageFlags.PersistKeySet);
+ public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA512 = new X509SecurityKey(CertSelfSigned2048_SHA512);
+ public static X509Certificate2 CertSelfSigned2048_SHA512_Public = new X509Certificate2(Convert.FromBase64String(SelfSigned2048_SHA512_Public), "SelfSigned2048_SHA512");
+ public static X509SecurityKey X509SecurityKeySelfSigned2048_SHA512_Public = new X509SecurityKey(CertSelfSigned2048_SHA512_Public);
+ public static SigningCredentials X509SigningCreds_SelfSigned2048_SHA512 = new SigningCredentials(X509SecurityKeySelfSigned2048_SHA512, SecurityAlgorithms.RsaSha512);
+
+ // all asymmetric material has private key unless public is included in variable name
+ public const string CertPassword = "abcd";
+ public const string X509Data_AAD_Public = @"MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng";
+ public static X509Certificate2 Cert_AAD_Public = new X509Certificate2(Convert.FromBase64String(X509Data_AAD_Public));
+ public static X509SecurityKey X509SecurityKey_AAD_Public = new X509SecurityKey(Cert_AAD_Public);
+ public static SigningCredentials X509SigningCreds_AAD_Public = new SigningCredentials(X509SecurityKey_AAD_Public, SecurityAlgorithms.RsaSha256Signature);
+
+ public const string X509Data_LocalSts = @"MIIG/wIBAzCCBrsGCSqGSIb3DQEHAaCCBqwEggaoMIIGpDCCA8UGCSqGSIb3DQEHAaCCA7YEggOyMIIDrjCCA6oGCyqGSIb3DQEMCgECoIICtjCCArIwHAYKKoZIhvcNAQwBAzAOBAgxJ3VQ0iw/xwICB9AEggKQpGXp1k8GPfQoWaPJ0laxuR3wjejEWhAIHFOeeYiV4d0LJJ1rl1QwlnaArY7hDbL2KxMuDXQpa4vRVAuze2uW/BfxXGK8mFkClDkLa90zYWl7Bgn+I1dq5ngGjefaZ1Jecm12aMDdm2KgCtDCZMypJroa53ixrfah7PoF39vFOP9EELugF/HbGHbJrqGQlJxHhL3A7TCTt2B6DwhsoNupqhYKjt0W6W3p8mLrNKjM7DDJehMSN+RJKXit6p/XnncRsaML0NHoz8Ubys9+2zWVEc3daUc1AQV5W01WDENxC9JerDnwLhwv+JW8d0Y6I02tHvZJnEHSSPQLyZ5xGAg0AlcEjcN6+AbPKbl7hRM3mKyvzBuInA5Dpr9D1dOaa+FrzoxF5TkaWjH2XKpbv0zL4bpSqPq23IgWT1Xgr9mqBojig5jKrHO9K3eGC/UxVcdIymbaovgNY2mAG64FmCTgKc0HFGkjY6q8TxgTzLSOQgdoZjL3FQN85urlpKLd4LVSoxJAy0lCTlJFsZGdv2XOoNwWUGkGllEWkAGQHvUGSkPCW9S3R8zMrb/7L0q35Npk+owVETCqsm/+uHwDrhKHhDmEDaLbdgC6G16oMsctmqPoARcW8+5RoD3pT6jnPYGZbukcOzVzGFjLO70umpTmk8aw/8Y2jY5TStnMqdOw21RuSTPepv36Vk7EG3fd3rmddtyY+tr5wmpJyXFJjgavKMR45TqOBXC+/I59xbO9H40BvTkvlwqs7v825xNDHVZaDnfULpeAixNrt2rr8puhqlSiY7bE5V3RATSZF/FMUliaZd2b+XYcwEdaoKcQ/QFPTQj3IXBNvwtx3lZniiGaVCDoR1v0yc+ViUVg2RtXibMxgeAwDQYJKwYBBAGCNxECMQAwEwYJKoZIhvcNAQkVMQYEBAEAAAAwWwYJKoZIhvcNAQkUMU4eTAB7ADEARQAxADYANQBCAEYAQQAtADUAMwA1AEIALQA0AEEAOABEAC0AOABEADkAMgAtADIANwAzAEEANQA1ADgAMQBCADIAQQBCAH0wXQYJKwYBBAGCNxEBMVAeTgBNAGkAYwByAG8AcwBvAGYAdAAgAFMAdAByAG8AbgBnACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcjCCAtcGCSqGSIb3DQEHBqCCAsgwggLEAgEAMIICvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIziGrBRDWdnQCAgfQgIICkIlezl4wsBhEcM0r4tXf3gpVSHQ242FsqqJGR6lGl97TIbC7lBHShbnpVqZLkHdem57rMtHMsQu0TEr18zU81E6rJ620734KWfc2cCXN9z6ec03TKimjrYpJLo8Aw+3nShJ/e9BeXstVMWuf1PU4NCrBIxcRUA4dNL5Z56u6uV8FmHztfBqzoTWkm0KpFrHILShWphKvhMLcwtp+XyC17WgbXNxvXn9dyarC9XuygGySKlJaapLRYKqR1PCIFz7X/mn0DO4P69nkJGEvEFORNKBYoGS2+rufxMniA1O/+58/FXHGf9HfhAvYuAThyZCyqRFvc4cfd03aYYVwbN+/+9e8ryXfqO9rCaEdc4HygVNhiChjoM8NMlZL5+R4L9tHr78uCPIzN0gyzL3wcWipmBNWYaG0bffbCyY4gILMvZGD1bEFpPL9wS+VRiLm3tmpLcrhJgCBGYgdkFL6WCWzHQy2tk4yqp+3nTm+8MjV2IafLquzICeqq3aplWkDlFU0IEVfPI8eMi62YsBhVpez4cn6tee3DyVoIYTFuX1qAVUs9JJFmbec12gO2UI2X/f2Iu/iTD655Kpshm3FiyanBrXlTJUGa6mUGbI3YP5Uwgxupyh1YH3uuhNFaejRQ4T1fS3n0MEN3Th27FaH7jDA7wNenfctvokIQv2h4Sa06vcwFkzMRp02GCC/kyD8+7fqkEFAQGdOv0Gt+a97qs9IAVUNN/wOIkAkQ8Yn6lloowps70oOATE8ht3Z5+mVJDXQe5w7kzUVHOxjWxS8rW8CosHshHbKzDdwNsx0syQ33C+vasdE5PeMktbglvHNEg2AzdnH5yoNkf77+R6fLNbX8xVJXKX/nGBYN+u+3+iTVH1NMDswHzAHBgUrDgMCGgQUiwmNMPt0QB2eI9Jb0gi6nqnmEOIEFNY15fRBiXJYAwaPVCRLqAaQYuDAAgIH0AAA";
+ public static X509Certificate2 Cert_LocalSts = new X509Certificate2(Convert.FromBase64String(X509Data_LocalSts), CertPassword, X509KeyStorageFlags.MachineKeySet);
+ public static X509SecurityKey X509SecurityKey_LocalSts = new X509SecurityKey(Cert_LocalSts);
+ public static SigningCredentials X509SigningCreds_LocalSts = new SigningCredentials(X509SecurityKey_LocalSts, SecurityAlgorithms.RsaSha256Signature);
+
+ // 1024 bit RSA
+ public const string X509Data_1024 = @"MIIG1AIBAzCCBpQGCSqGSIb3DQEHAaCCBoUEggaBMIIGfTCCA7YGCSqGSIb3DQEHAaCCA6cEggOjMIIDnzCCA5sGCyqGSIb3DQEMCgECoIICtjCCArIwHAYKKoZIhvcNAQwBAzAOBAgku/0+xvwIuQICB9AEggKQKj2X13Ln4Nxc3dvy+pr8VaN1GiUNk2O6Of6nT2dxbzH3eLpOudxrzjahD3bP46M+DhP66gw0495W1LVhkpZpvM7rQ0xkmfj6wMKYPCzPpCM2cwuyKWlKWYilkuZKicYtgxLRbaFG3zUQBjl2wiTEe0GCjltkHDQXDfhhRnlnYubVptPiiIFj1erGM9EOoPNSXwUiPqK6McWPE7UwK8f0pvpOncFrorWX607NbgGrgM2Uee9RPBDg7LNX0MV1McWVUBAOCaZiC30CxVuT4hSb4MFubTnwjvjQHcCadE83DBY1LvWZYwd586xSiOkLWlXtpG+96m7CWyJ+QVK/XUDUPn6PYWsMP0BqfAlgy0XWXiYc157FFl25PEaYHrMdqAMiOdDFfn1oKFnbTEaho00VqI30seqA6Yr9psp7G2fBe7bDKnwEe0fCcyzf31bnRjCWZ44reTX9fH3W0n1BFnbJ/64pXDfKSfH6lHWiUUAeiU76qhq40OaybiyodQ09F8rK7eHjmKAdz+6/jAO3h+I1okp22C+nks0T4ousKSTNlSadeMo+K0UxFO3GBgV7umnkdgOGGdh50FBdak/ujn5DR5hsag27NTPgm5ElMM3EE5r5+dsLCyv0cV+v4vZk6dCC+Bu7kfw8Es3iLurPP8rQHKo+pHZovBI3WB3XvT4phQkUdsU3bH7B5Csf1owPLIaHrb4jU+onEdUMaRzV412QCoEDXZhMCRpaB7cCRt/6YUncAytPjaSdhmRJihFPraxYGr+QcPb5gt4oTEe7znE1Cr/52BvNco3Q5CoumjcfH1sTICYI4boWYq+6KVQEhPmSMLaGq1Bh8ZQOLadENbfD7V2oK1CLwCBwcA001ZK8m9QxgdEwEwYJKoZIhvcNAQkVMQYEBAEAAAAwWwYJKoZIhvcNAQkUMU4eTAB7ADEAQQBDADIAMABEADgARAAtAEEARAA4ADMALQA0ADYAQwAyAC0AOQBGADgARgAtAEYARgA5ADIANgA3ADUARAA2ADcAQQA2AH0wXQYJKwYBBAGCNxEBMVAeTgBNAGkAYwByAG8AcwBvAGYAdAAgAFMAdAByAG8AbgBnACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcjCCAr8GCSqGSIb3DQEHBqCCArAwggKsAgEAMIICpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIKTLShXSwFbUCAgfQgIICeGtlT3KSaK3KeU9WooHDN853C3yE6EbsEM5bj/aoO0axyUxPLgpzRWf9U4D3tpNVE3oXRu4nZcEUL6cRk1sK0r77NKhMMjx/fUDEZtfMCk79ocuwH8VKFKmn+jcPGPNk8ChcOdyZtQLlt4G9e+ZwY4WLA20dhN4tzsNMgFIBknhF+p28PRIRFAt1DjkSJ+3vsJtRjqQ9Qu54rH+at7Qkbalg3052MCG/oKvzFIscKCmOcIM4sNrNzlbexQqSqBGIXaFGYIJVvu3RUs9LZH/rMaytwmMczWO858L95lw9nBLrsyOad4dq//DRG2bDjtVIS70iskrwiDhn7GsKubh+EbX9+Tc5FWea9qUtaX+O6Q9422dNzFXDwPNzsDbAzp5PB9TzzWMaYDkhfZgXpJ8IFYgNf6JxuoPjpP65+w3vcGrOvy1KZjMv82wNqoOqkkaKZ4kVtbPSRsfai54Mwy6S9etcSuG3IHIR530layLJDIwj3vErlmdQeyT8ViQ9g3WHrr0/TgFR/pN4Y9qGt6BCj7gom88aI5nocKyi9btfrGjLgM9YxLupUYUh7msDDXMPIfFCN5kgY5ntBQjH1ZfvEMtB44sYJCkeMojNDcexs+GB8tjeg8HGI6J0T4aMwqIyaZIr/+/QJ5QqMOqCC3hbLsuVj+GFEpWc1rT1nxW3L5GH2pMgotJD+CuSTUgKpEUeBFiDvpSnwYicto6Xe381kwhXbhjPktdOo410/roZMdm8bbiNVi2eZzXtgDc8JpzmcnRJbfEQJQ3eRUMjoNRmbqtdNtgkzOLMdH4I+KAEy1TutJuJw2oQ4PZ0IcWKBP3DJ9Zj4YwbloI8MDcwHzAHBgUrDgMCGgQU2EdATfKXox0hdIYBapLH2vR+ezoEFEnnlk54jkqT7wyahd8rSwT+vezP";
+ public static X509Certificate2 Cert_1024 = new X509Certificate2(Convert.FromBase64String(X509Data_1024), CertPassword, X509KeyStorageFlags.MachineKeySet);
+ public static X509SecurityKey X509SecurityKey_1024 = new X509SecurityKey(Cert_1024);
+ public static SigningCredentials X509SigningCreds_1024_RsaSha2_Sha2 = new SigningCredentials(X509SecurityKey_1024, SecurityAlgorithms.RsaSha256Signature);
+
+ // 2048 bit RSA
+ public const string DefaultX509Data_2048 = @"MIIKHAIBAzCCCdwGCSqGSIb3DQEHAaCCCc0EggnJMIIJxTCCBf4GCSqGSIb3DQEHAaCCBe8EggXrMIIF5zCCBeMGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAivxX2ENGkqRwICB9AEggTYFn22METHTeg0HaAP8Abvg7vjXbyVReMNsR0dBiY0waqF69lXGECwKMZL75biisgxx2y16ek2n/jIidyB/3pQwJLXr8DeIcRguiUi3edMaBel8fOOUbg4CpeHiLmEriKf/g1p1d7uLz5cGGpNKgAI5Xe9eYoisF06UnS+Sg9l4Z6FFs14YvkTRpn/QhllN0Oshy0TxaQtA6EylZPZ3QetvcS3Cl4BjXey0Q1vn6Cm7S1xP8HwBQ2uJRMzYeACFnDCwrASMxaNhIKhGJIfHwxzk/peuJix91wjCOPx6R1JTZRpSMKcyg8I/MO4CfII0wzutBpxGRjq5zQTkeg5nfJgye66RLxbDsyA2YMsEDGkQWbRVGRVq/R0d3MTt2b/mY6nmhbGSY24suHjY05A67BBTURjCO1u9fXFrvdaq+WrcEtjcdo75DWfOzCqtxQ2nRaA6qF48CX8LF6GX05meTug5Zl7Cixa8jOw+M88OxM2R0TayAV6AxO/hBTFq5WcLmHl/gGcjLY8ypWj3i8HB3akQYUoqV/mCwILhdQwfG/E8UcjRA5yplWRnz346RA7NJ/Ae84VY4hR7Fxrgam765uLl063GAQhW+M3lctJL3Xooo7rduXeVL6RDQhYdz6cOkEIyyH+4ftArhesgGUECQxQTibWiXeLTQbJfc/g4+BG4iQTBgl599LjfR044THpH20y3gNm2bYe8VAcJgVrwlQOgFQAGAVLSQKFNvznHPfWGPFMuK1xfsNVdaTugOE9YGQv16CDcCJMTgeYqVPXm9Hq1TKL7nqRR3FqkNCaE1aMn2v3TOmv4TuCfepe+CxR5WFJin06PMjaBibUTQ520H1eIudjUJSN5VQ+Rfh05HQVagBPT4dkcjLNZtKPZJSNC72HhEdxLO1+s12mLN2ZdBtbPVBfXHtrfHrXYVhk1vcvztoA6Wq92Z9x+ZMlJZuhXk45xWsH/dL4H0S+f/keakpLSCRB9zBdXMhyixSN3gyE/YHcbc6XHuIdhMDOEDwINmZJBG29FTrG7F2QUrPfRLlRYLD3xgDJHH/p2BgpGyAN3FlwSQjhNW6UCLTsKl24qaDVwJ60+9SpypJbJra0o3l+6gc4CxGuLY9TBR6jrSToaE476uyyoYWUn2hCzlOOtedd6hGZQECh8fh5rf93nfhCQghKtUakdjSJUW8XWSnouv+Z5dNoYlqflkGQ/AfCkWj3jgO+MYLriJVf5tDxcYyj+trfV7HWI3GgL4fPXsrc740/AesDUrf+JqK36Hm2s3GQe9eqeUg9+ohxVY5QO3QBkUMbvaMHqlXYo0EbW91SyLZQBlcx97q9YFkAtwp3311hoP2bl7+N/T5XMw1EoA89GutLkzIVuE+AQk94eEcIJwmjb9pYKl58tZLlqfDBS6sV+j95Dh83dwMG+8gRCwS8qFYRyXO0UVcjWPv/qeHVEEorgyhJveLrjimdEzheFlQrBit8YAS+akXOBVQC4QQ42biCWsz2qO1sQIMZndN6dVke88Br7Ilh9UJ0qojXR0mc6BPUKl3Zh9d32WyFbKm3Qj6AS2vnmkZCdjBO9PTT5oY/j17ClLTshps2B5ruysXotcrGNjuOhPE05fkYUFzknfSv7HhrjMvQYQNulHxGijTvksey1NedbDGB0TATBgkqhkiG9w0BCRUxBgQEAQAAADBbBgkqhkiG9w0BCRQxTh5MAHsAMwA1AEEAQgBFADcAOQBBAC0AOQA3ADIAQwAtADQAOAAxAEYALQA4AEIAMQA3AC0AQQBDADAAOQAxAEEANwAwADgAQwA2AEYAfTBdBgkrBgEEAYI3EQExUB5OAE0AaQBjAHIAbwBzAG8AZgB0ACAAUwB0AHIAbwBuAGcAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByMIIDvwYJKoZIhvcNAQcGoIIDsDCCA6wCAQAwggOlBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBBjAOBAg6DCoLVPw6qAICB9CAggN4Xykvk2tPB1lZ00HE84x0B0384ZMGb8UgjGbjr7fMnSMUXDgHijcevFNmdeP/II/Ltd+F73MbEsaA1d1CEH72cPk4wdoDsgrTt/Fg9xL+jja9HB35HuitgmLsfF1NJ6NdPZZK+0yfvlIKbz/MmKRrGfAwNuWtOVU3bnOv0myfXmfLg5O4mp/JdHJ5kjG4O81nUq6+OCyFbARuDVkrlIZbLO1ck3TPA7Dd2a8ujayY8mtFzMBrGV7U5LJH1V/LprpEA1dZmqt3kmXdLvIwSzNUub23wJDFWc0wQZ2/CJp33RiulZIe9na5bj7S0adOj/Jloot0V9Rxf46sevvsMM/M9rQXVAz0rquwW2o4yRUJxQgajntn75/Dridu+hj++j+Nq5Fs3pII5yjv517YzTZihoWB1xhO9yZhmMUq6OtJQFgQlB9YQTvCvleeC0AoU2lRZ5dvyrzxEMFEbHN72vG7Sps5vyyz/joF1RVNZw/hP4/hoFGuGcIFkI3Dsz+JSi0iZEqgmAaq2LUihT2rx40r49aSCU1VXs7DDnBLhh3w20Z1hx2IQmc2wp0YGKSbQDjA4hItRG6xXapMrlizaIp0LzWtmgV+qRbZN39xvXOkc0kITFdbyWILA04WgNwGeAlwtiSeO+C2c/EVXFOLOH+ibJ/OCUexw6yDTtIBqsk8oUCTMvJNNKguJCC2pSEKPhH606HAnuYTbWqUxY9GWK6wNIFAJaQnHD2pprq9j4va69qq0xy9rn7pfiEB7GeGlRb7QtOd5myfG1SZ5S/oP0Pnx+G6tA1Xkx8vMVeZhzH128+zApqVLd/xtMGJ24RlTgViyJsN1Z5k77Ces5YdwTZjAnJ6kyMbiVhZIpwzlKiJ23Aq00RpinF7ZvzPK0L3RDWbahU1eM98zhokRW3c5dKKBEAGePzyCVUnyoCCBpLUWkSXhL58Qm6Us1IfsoiYGnE/YtWwpArHXqndDnArrqTECUxf4VAqZ3Sj3CDRQN54aLBPgllNB2VjzmS4qKbyT7VP1HkxAbE5B1PRLqKCSzgeIJTMpGbHkaacz9Kme+O99d6OOdLr2OyogX5g6FkEc32n+lwnDww5VgbfdLV8JBjgS1WeEQk2UgJqXzwlNEjLvtX6RReLljUi7QLDeEaC2WKJFGnRlbX0JYL+ugggUY5UhXnJ6BvYv6P2MDcwHzAHBgUrDgMCGgQUPN6zb4ZCGV3dy3+JzgHFLCrHlGIEFNnQRFK67cH21VJ27RcK5qgEvQfh";
+ public static X509Certificate2 DefaultCert_2048 = new X509Certificate2(Convert.FromBase64String(DefaultX509Data_2048), CertPassword, X509KeyStorageFlags.MachineKeySet);
+ public static string DefaultX509Key_2048_KeyId = "DefaultX509Key_2048_KeyId";
+ public static string DefaultX509Key_2048_Thumbprint = "pqoeamb2e5YVzR6_rqFpiCrFZgw";
+ public static X509SecurityKey DefaultX509Key_2048 = new X509SecurityKey(DefaultCert_2048);
+ public static X509SecurityKey DefaultX509Key_2048_With_KeyId = new X509SecurityKey(DefaultCert_2048) { KeyId = DefaultX509Key_2048_KeyId };
+ public static SigningCredentials DefaultX509SigningCreds_2048_RsaSha2_Sha2 = new SigningCredentials(DefaultX509Key_2048, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest);
+ public static X509Certificate2 DefaultAsymmetricCert_2048 = new X509Certificate2(Convert.FromBase64String(DefaultX509Data_2048), CertPassword, X509KeyStorageFlags.MachineKeySet);
+
+ public static string DefaultX509Data_2048_Public = @"MIICyjCCAbKgAwIBAgIQJPMYqnyiTY1GQYAwZxadMjANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDExZBREZTIFNpZ25pbmcgLSBTVFMuY29tMB4XDTEyMTAwOTIyMTA0OVoXDTEzMTAwOTIyMTA0OVowITEfMB0GA1UEAxMWQURGUyBTaWduaW5nIC0gU1RTLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmeVPJz8o7ayB3AS2dJtsIo/eXqeNhZ+ZqEJgHVHc0JAAgNNwR++moMt8+iIlOKZiAL8dvQBKOuPms+FfqrG1HshnMiLcuadtWUqOntxUdyQLcEKvdaFOqOppqmasqGFtRLPwYKIkZOkj8ikndNzI6PZV46mw18nLaN6rTByMnjVA5n9Lf7Cdu7lmxlKGJOI5F0IfeaW68/kY1bdw3KAEb1aOKHj0r7RJ2joRuHJ+96kw1bA2T6bGC/1LYND3DFsnQQtMBl7LlDrSG1gGoiZxCoQmPCxfrTCrYKGK6y9j6IQ4MCmJpnt0l/INL5i88TjctF4IkJwbJGn9iY2fIIBxMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAq/SyHGCLpBm+Gmh5I7BAWJXvtPaIelt30WgKVXRHccxRVIYpKOfAA2iPuD/CVruFz6pnP4K7o2KLAs+XJptigYzLEjKw6rY4836ZJC8m5kfBVanu45OW39nxzxp1udbxQ5gAdmvnY/2agpFhCFR8M1BtWON6G3SzHwo2dXHh+ettOO2LtK38e1+Uy+KGowRw/m4gprSIvgN3AAo7e0PnFblZn6vRgMsK60QB5D8f+Kxdg2I3ZGQcPBQI2fpjEDQCZVc2LV4ywPX4QDPfmYjn+1IaU9w7unbh+oUGQsrdKw3gsdzWEsX/IMXTDf46FEOjV+JqE7VilzcNuDcQ0x9K8gAA";
+ public static X509Certificate2 DefaultCert_2048_Public
+ {
+ get => new X509Certificate2(Convert.FromBase64String(DefaultX509Data_2048_Public));
+ }
+
+ public static X509SecurityKey DefaultX509Key_2048_Public
+ {
+ get => new X509SecurityKey(DefaultCert_2048_Public);
+ }
+
+ public static SigningCredentials DefaultX509SigningCreds_2048_RsaSha2_Sha2_Public = new SigningCredentials(DefaultX509Key_2048_Public, SecurityAlgorithms.RsaSha256Signature);
+
+ public static string ExpiredX509Data_Public = @"MIIDKTCCAhGgAwIBAgIQWYE2RAW22K1AwRf9VBgsLDANBgkqhkiG9w0BAQsFADAkMSIwIAYDVQQDDBlodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tMB4XDTE3MTEwMjIyNTMwNloXDTE3MTEwMjIzMDI0NVowJDEiMCAGA1UEAwwZaHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK79bBjoH2zMR2poFZDm7wJjzgp+Nidk8jkrps3iqzqqf1YVFtEtFBng4KE+2jfyaQxS4FO3dnd1Nh7wdCBH/60A0e6uROEBe4L/kydyJS3u2wsz+aabCBJ2M8FVUWziGZ4o2NKwAvRbCWFbsA9irhXTEw3hjqP7DDdjAayztmczG7vgeU10GnEPcYanyrraNRWkVaZGAI6EeFOy4QEYtFLd7N7gb84ScW/h2edVKm5VoYaVXF6KE7gfbMp+uflqJ8hBaLXjFSoXxN3Y6BQqxUGxX4qdAnpuRqDJzYQjDUm81MtD2XIfY46duJDDZOwpRPyXRe2YeJp5rVG5Pr0i7gECAwEAAaNXMFUwDgYDVR0PAQH/BAQDAgWgMCQGA1UdEQQdMBuCGWh0dHA6Ly9EZWZhdWx0Lklzc3Vlci5jb20wHQYDVR0OBBYEFJI/4wsmVjLpK1tRYJ96zKoBULBzMA0GCSqGSIb3DQEBCwUAA4IBAQBUToqoMJ0QJciKd+GRzivq3idPzCEyo4/V2V7B/H5czwzVx+lhn2e/EwCaMBPk3x9C5DQbJdmSp6DoX9VvD2XNOiFFeabBu/w9jhkRiDpOtNnWMJwzjHMAD0f4z8fSO5ZXcvFr2Ze3zGDTEY1vdXkAK2k9WuKu7c9kcoZO55Tads5T15vg4e8OmBq9kcGNEZRt2xBHkjlef0v6gBZ/lFeJHe0qTuKNCiTxJvUfAPnP0sTAdFdsDBt9bqLBHx+Wz/ALj535dUpCi5tXv4bI/t6qgh8toQNvJ7lNMv34W4+CiRYAPR9fK5bGsua+tb1FvfEqXx17yOLLgHgsu8oOsaZo";
+ public static X509Certificate2 ExpiredX509Cert_Public = new X509Certificate2(Convert.FromBase64String(ExpiredX509Data_Public));
+ public static X509SecurityKey ExpiredX509SecurityKey_Public = new X509SecurityKey(ExpiredX509Cert_Public);
+ public static SigningCredentials ExpiredX509SigningCreds_Public = new SigningCredentials(ExpiredX509SecurityKey_Public, SecurityAlgorithms.RsaSha256Signature);
+
+ public static string NotYetValidX509Data_Public = @"MIIDLTCCAhWgAwIBAgIQeLKUcfFgAJVLmqR629EXJTANBgkqhkiG9w0BAQsFADAkMSIwIAYDVQQDDBlodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tMCIYDzIwNTAxMjMxMTgxMTEyWhgPMjA1MTEyMzExODIxMTJaMCQxIjAgBgNVBAMMGWh0dHA6Ly9EZWZhdWx0Lklzc3Vlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDayOgzHzuXRq830o1TbBQcMcTlh5aG1OfyM8SSOwvTf8VBliOaYsIvWmmPDuhZou4o2TyAm0/HGwtHJ14F9IMxADtkkGBUXp8KRWCCeGMBWS3ipTdZRguLORD+UMctZzuYAi+vvfYKnwk3NVhZ9zNeXN9WctXtNCV0//mOh7YswukCm1Dc4YuU0fKWMI+dh2kK6K8or2g435WQ9UhYPvcV7KVp8CXkpXelcY7VXQ3/lXEkPoTHnWPaoHNo2eFFxWJHh0FYmXv/FMK16t8VIhA8Di0GJCH8bdIgDz6FKDAMotHP2AFwCvi7TUnvSCxarW8zQhPs7hL0X9/6sJwvIO1FAgMBAAGjVzBVMA4GA1UdDwEB/wQEAwIFoDAkBgNVHREEHTAbghlodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tMB0GA1UdDgQWBBTw+jeDZzRQuc9JvralcWgaFsLq/DANBgkqhkiG9w0BAQsFAAOCAQEAb0Jj0CjkyVfftMJQt6hezCxcQhg2WXoNU1RynOGsWxqjZkcfSgowrBgOjxkkCKbHtCkBt/hA/PSCfW6cpKcT03GV2X1nxrW6QraozOP7rFHR0Pyzjq9V9ipz38/5W0V93vujYCDci7pGk8t2c++wZHBMXDp6nvUCY4GvdQ0sxVc4bcMHJa3S0hX1VyJboK9qoz0X0wvEexPP+u9Li+2rWgogE+LeRU6ew78fqxBJTG3ucVaA1pwt8M60RHsUiZaoi5URV+lGSvS1iqHE234fHkob0Xl7PWbMSDCzno7xYZbzEdVwYz0fK4P6xLAoltV63SGGen+JkcyjwuYXPydS/g==";
+ public static X509Certificate2 NotYetValidX509Cert_Public = new X509Certificate2(Convert.FromBase64String(NotYetValidX509Data_Public));
+ public static X509SecurityKey NotYetValidX509SecurityKey_Public = new X509SecurityKey(NotYetValidX509Cert_Public);
+ public static SigningCredentials NotYetValidX509SigningCreds_Public = new SigningCredentials(NotYetValidX509SecurityKey_Public, SecurityAlgorithms.RsaSha256Signature);
+
+ public static SecurityKey DefaultAADSigningKey
+ {
+ get
+ {
+ var certData = "MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD";
+ var aadCert = new X509Certificate2(Convert.FromBase64String(certData));
+ return new X509SecurityKey(aadCert);
+ }
+ }
+
+ // RSA securityKey
+
+ public static RSAParameters RsaParametersFromPing1;
+ public static RSAParameters RsaParametersFromPing2;
+ public static RSAParameters RsaParametersFromPing3;
+ public static RSAParameters RsaParameters_1024;
+ public static RSAParameters RsaParameters_1024_Public;
+ public static RSAParameters RsaParameters_2048;
+ public static RSAParameters RsaParameters_2048_Public;
+ public static RSAParameters RsaParameters_4096;
+ public static RSAParameters RsaParameters_4096_Public;
+ public static RSAParameters RsaParameters_2048_MissingModulus;
+ public static RSAParameters RsaParameters_2048_MissingExponent;
+
+ public static RSAParameters RsaParameters1
+ {
+ get => new RSAParameters
+ {
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ Modulus = Base64UrlEncoder.DecodeBytes("rCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVw==")
+ };
+ }
+
+ public static RsaSecurityKey RsaSecurityKey1
+ {
+ get => new RsaSecurityKey(RsaParameters1)
+ {
+ KeyId = "NGTFvdK-fythEuLwjpwAJOM9n-A"
+ };
+ }
+
+ public static RSAParameters RsaParameters2
+ {
+ get => new RSAParameters
+ {
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ Modulus = Base64UrlEncoder.DecodeBytes("kSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuw==")
+ };
+ }
+
+ public static RsaSecurityKey RsaSecurityKey2
+ {
+ get => new RsaSecurityKey(RsaParameters2)
+ {
+ KeyId = "kriMPdmBvx68skT8-mPAB3BseeA"
+ };
+ }
+
+ public static RsaSecurityKey RsaSecurityKeyFromPing1;
+ public static RsaSecurityKey RsaSecurityKeyFromPing2;
+ public static RsaSecurityKey RsaSecurityKeyFromPing3;
+ public static RsaSecurityKey RsaSecurityKey_1024;
+ public static RsaSecurityKey RsaSecurityKey_1024_Public;
+ public static RsaSecurityKey RsaSecurityKey_4096;
+ public static RsaSecurityKey RsaSecurityKey_4096_Public;
+
+ public static SigningCredentials RsaSigningCreds_1024;
+ public static SigningCredentials RsaSigningCreds_1024_Public;
+ public static SigningCredentials RsaSigningCreds_2048;
+ public static SigningCredentials RsaSigningCreds_2048_Public;
+ public static SigningCredentials RsaSigningCreds_2048_FromRsa;
+ public static SigningCredentials RsaSigningCreds_2048_FromRsa_Public;
+ public static SigningCredentials RsaSigningCreds_4096;
+ public static SigningCredentials RsaSigningCreds_4096_Public;
+
+ // ECDSA Cng security keys
+ public static readonly ECDsaSecurityKey Ecdsa256Key;
+ public static readonly ECDsaSecurityKey Ecdsa384Key;
+ public static readonly ECDsaSecurityKey Ecdsa521Key;
+ public static readonly ECDsaSecurityKey Ecdsa256Key_Public;
+ public static readonly ECDsaSecurityKey Ecdsa384Key_Public;
+ public static readonly ECDsaSecurityKey Ecdsa521Key_Public;
+
+ // SymmetricKeys
+
+ public static string DefaultSymmetricKeyEncoded_56 = "bd0Q+Z6Ydw==";
+ public static byte[] DefaultSymmetricKeyBytes_56 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_56);
+ public static SymmetricSecurityKey DefaultSymmetricSecurityKey_56 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_56) { KeyId = "DefaultSymmetricSecurityKey_56" };
+
+ public static string DefaultSymmetricKeyEncoded_64 = "bd0Q+Z6Yd34=";
+ public static byte[] DefaultSymmetricKeyBytes_64 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_64);
+ public static SymmetricSecurityKey DefaultSymmetricSecurityKey_64 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_64) { KeyId = "DefaultSymmetricSecurityKey_64" };
+
+ public static string DefaultSymmetricKeyEncoded_128 = "00FBopST3JAf7QHhMFFXkg==";
+ public static byte[] DefaultSymmetricKeyBytes_128 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_128);
+ public static SymmetricSecurityKey DefaultSymmetricSecurityKey_128 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_128) { KeyId = "DefaultSymmetricSecurityKey_128" };
+
+ public static string DefaultSymmetricKeyEncoded_192 = "hf+ctyfSxzcVMn5B5D+u4It4/HHjnh/E";
+ public static byte[] DefaultSymmetricKeyBytes_192 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_192);
+ public static SymmetricSecurityKey DefaultSymmetricSecurityKey_192 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_192) { KeyId = "DefaultSymmetricSecurityKey_192" };
+
+ public static string DefaultSymmetricKeyEncoded_256 = "Vbxq2mlbGJw8XH+ZoYBnUHmHga8/o/IduvU/Tht70iE=";
+ public static byte[] DefaultSymmetricKeyBytes_256 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_256);
+ public static SymmetricSecurityKey DefaultSymmetricSecurityKey_256 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_256) { KeyId = "DefaultSymmetricSecurityKey_256" };
+ public static SigningCredentials DefaultSymmetricSigningCreds_256_Sha2 = new SigningCredentials(DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256);
+ public static EncryptingCredentials DefaultSymmetricEncryptingCreds_Aes128_Sha2 = new EncryptingCredentials(DefaultSymmetricSecurityKey_256, "dir", SecurityAlgorithms.Aes128CbcHmacSha256);
+
+ public static string DefaultSymmetricKeyEncoded_384 = "Q6o4CQLPygAD+Dj6psJNJjCadf1+ZA6ggW2OzqAJ1Kq9orrXZmXUi8mMrYI4T3u8";
+ public static byte[] DefaultSymmetricKeyBytes_384 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_384);
+ public static SymmetricSecurityKey DefaultSymmetricSecurityKey_384 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_384) { KeyId = "DefaultSymmetricSecurityKey_384" };
+ public static SigningCredentials DefaultSymmetricSigningCreds_384_Sha2 = new SigningCredentials(DefaultSymmetricSecurityKey_384, SecurityAlgorithms.HmacSha256Signature);
+ public static EncryptingCredentials DefaultSymmetricEncryptingCreds_Aes256_Sha512_384 = new EncryptingCredentials(DefaultSymmetricSecurityKey_384, "dir", SecurityAlgorithms.Aes256CbcHmacSha512);
+
+ public static string DefaultSymmetricKeyEncoded_512 = "/N8zPTrtwbh1ftQH4frI74akNpRAiJDWssebaGWGit7kwj/4RF/3tGXQppRAvQGMe2CFhXXCN3NOXYpyUVlT7w==";
+ public static byte[] DefaultSymmetricKeyBytes_512 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_512);
+ public static SymmetricSecurityKey DefaultSymmetricSecurityKey_512 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_512) { KeyId = "DefaultSymmetricSecurityKey_512" };
+ public static EncryptingCredentials DefaultSymmetricEncryptingCreds_Aes256_Sha512_512 = new EncryptingCredentials(DefaultSymmetricSecurityKey_512, "dir", SecurityAlgorithms.Aes256CbcHmacSha512);
+
+ public static string DefaultSymmetricKeyEncoded_768 = "bEgppKgpryhZigwgV2u/gzS4t8DE0JZBFny3nO6A9kYwA0s5/lU8Bp5ZmbhRmQss3sTJcwxJHZyy6I0scRM62ZTF71QghYXee7Aiazfe8Hxwir0ptoI65+WuhxbHEJSK";
+ public static byte[] DefaultSymmetricKeyBytes_768 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_768);
+ public static SymmetricSecurityKey DefaultSymmetricSecurityKey_768 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_768) { KeyId = "DefaultSymmetricSecurityKey_768" };
+ public static EncryptingCredentials DefaultSymmetricEncryptingCreds_Aes256_Sha512_768 = new EncryptingCredentials(DefaultSymmetricSecurityKey_768, "dir", SecurityAlgorithms.Aes256CbcHmacSha512);
+
+ public static string DefaultSymmetricKeyEncoded_1024 = "3bIgChZlnpg9lkM5zdy1F+HMOOxIGJuseTDSz3Z6Yq99RFZ7uUuCWNbii9tidRbNQSkNYqPPA8UWc5Hmks4hwzSUu4mFOl6WSt8WZoy/SgMZBY5NbAALrkCQZEW5nMYIwMenzbmNRwfKdxjEuZ04VimNzIw/01YziA1J9NUZ3K0=";
+ public static byte[] DefaultSymmetricKeyBytes_1024 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_1024);
+ public static SymmetricSecurityKey DefaultSymmetricSecurityKey_1024 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_1024) { KeyId = "DefaultSymmetricSecurityKey_1024" };
+ public static EncryptingCredentials DefaultSymmetricEncryptingCreds_Aes256_Sha512_1024 = new EncryptingCredentials(DefaultSymmetricSecurityKey_1024, "dir", SecurityAlgorithms.Aes256CbcHmacSha512);
+
+ public static string SymmetricKeyEncoded2_56 = "pzPUY9YbfA==";
+ public static byte[] SymmetricKeyBytes2_56 = Convert.FromBase64String(SymmetricKeyEncoded2_56);
+ public static SymmetricSecurityKey SymmetricSecurityKey_56 = new SymmetricSecurityKey(SymmetricKeyBytes2_56) { KeyId = "SymmetricSecurityKey2_56" };
+
+ public static string SymmetricKeyEncoded2_64 = "pzPUY9YbfLI=";
+ public static byte[] SymmetricKeyBytes2_64 = Convert.FromBase64String(SymmetricKeyEncoded2_64);
+ public static SymmetricSecurityKey SymmetricSecurityKey2_64 = new SymmetricSecurityKey(SymmetricKeyBytes2_64) { KeyId = "SymmetricSecurityKey2_64" };
+
+ public static string SymmetricKeyEncoded2_128 = "ZQIzxyEZ1gZGV1kY5QOqkg==";
+ public static byte[] SymmetricKeyBytes2_128 = Convert.FromBase64String(SymmetricKeyEncoded2_128);
+ public static SymmetricSecurityKey SymmetricSecurityKey2_128 = new SymmetricSecurityKey(SymmetricKeyBytes2_128) { KeyId = "SymmetricSecurityKey2_128" };
+
+ public static string SymmetricKeyEncoded2_256 = "ZQIzxyEZ1gZGV1kY5QOqkp0zUtYKhLRl5mZKU0RNjGU=";
+ public static byte[] SymmetricKeyBytes2_256 = Convert.FromBase64String(SymmetricKeyEncoded2_256);
+ public static SymmetricSecurityKey SymmetricSecurityKey2_256 = new SymmetricSecurityKey(SymmetricKeyBytes2_256) { KeyId = "SymmetricSecurityKey2_256" };
+
+ public static string SymmetricKeyEncoded2_384 = "ZQIzxyEZ1gZGV1kY5QOqkp0zUtYKhLRl5mZKU0RNjGUYQDrTFPFqIlUpGjMqfKpV";
+ public static byte[] SymmetricKeyBytes2_384 = Convert.FromBase64String(SymmetricKeyEncoded2_384);
+ public static SymmetricSecurityKey SymmetricSecurityKey2_384 = new SymmetricSecurityKey(SymmetricKeyBytes2_384) { KeyId = "SymmetricSecurityKey2_384" };
+
+ public static string SymmetricKeyEncoded2_512 = "ZQIzxyEZ1gZGV1kY5QOqkp0zUtYKhLRl5mZKU0RNjGUYQDrTFPFqIlUpGjMqfKpVW9stSYtqfOFNzeC6z4PC+Q==";
+ public static byte[] SymmetricKeyBytes2_512 = Convert.FromBase64String(SymmetricKeyEncoded2_512);
+ public static SymmetricSecurityKey SymmetricSecurityKey2_512 = new SymmetricSecurityKey(SymmetricKeyBytes2_512) { KeyId = "SymmetricSecurityKey2_512" };
+
+ public static string SymmetricKeyEncoded2_768 = "ZQIzxyEZ1gZGV1kY5QOqkp0zUtYKhLRl5mZKU0RNjGUYQDrTFPFqIlUpGjMqfKpVW9stSYtqfOFNzeC6z4PC+cr0/6XI1n2syC+A4GqBO2q79PdoIEParcRZhkcQr1PS";
+ public static byte[] SymmetricKeyBytes2_768 = Convert.FromBase64String(SymmetricKeyEncoded2_768);
+ public static SymmetricSecurityKey SymmetricSecurityKey2_768 = new SymmetricSecurityKey(SymmetricKeyBytes2_768) { KeyId = "SymmetricSecurityKey2_768" };
+
+ public static string SymmetricKeyEncoded2_1024 = "ZQIzxyEZ1gZGV1kY5QOqkp0zUtYKhLRl5mZKU0RNjGUYQDrTFPFqIlUpGjMqfKpVW9stSYtqfOFNzeC6z4PC+cr0/6XI1n2syC+A4GqBO2q79PdoIEParcRZhkcQr1PSZiFpNXwFjIRdgIFb6Zt3zJF2/9uLWdiHGlHhb1A2nBg=";
+ public static byte[] SymmetricKeyBytes2_1024 = Convert.FromBase64String(SymmetricKeyEncoded2_1024);
+ public static SymmetricSecurityKey SymmetricSecurityKey2_1024 = new SymmetricSecurityKey(SymmetricKeyBytes2_1024) { KeyId = "SymmetricSecurityKey2_1024" };
+
+ // These signingCreds have algorithms and hashs that are not supported
+ public static SigningCredentials SymmetricSigningCreds_256_Rsa256_Sha2 = new SigningCredentials(DefaultSymmetricSecurityKey_256, SecurityAlgorithms.RsaSha256Signature);
+
+ public static X509Certificate2 X509Certificate1;
+ public static X509Certificate2 X509Certificate2;
+
+ public static X509SecurityKey X509SecurityKey1;
+ public static X509SecurityKey X509SecurityKey2;
+
+ static KeyingMaterial()
+ {
+ X509Certificate1 = new X509Certificate2(Convert.FromBase64String("MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng"));
+ X509Certificate2 = new X509Certificate2(Convert.FromBase64String("MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZ"));
+ X509SecurityKey1 = new X509SecurityKey(X509Certificate1);
+ X509SecurityKey2 = new X509SecurityKey(X509Certificate2);
+
+ byte[] cspbytes_1024 = Base64UrlEncoder.DecodeBytes("BwIAAACkAABSU0EyAAQAAAEAAQAlur35vBYFooH0yfB3G919joyz-7xD8LcoQLRIqV7DdEicgTkJWD8sfDvxHRf18w2bA2kx_Bg89855uR3yDvIqtcZ-vq6Gv6yvx7iSjuXW_SNV4gVSjShBuCMelyU-dsHK-IuLcyMcms93fQ3Gh13_AFeyGuT2P0g7LUEEdz8K099x6CCApMROhY261NbN-d5uDE33bypd8tfLCWj2jlSZUNX__O7OUCVqegyI3rAPCpbtB5V7jw7uKD2lR6OeZfN7fPlPPtQEXyaIzYQHo8td6ASYcIFAUjxkBhN8lMUG2FXe-jH3tYYf3FMywf6GA6bo1LfVMW1Sb935YrGAt_fd-8YFoKDUoZgMTjcEiM0Koq80DM8Hy0rb1F4KnzKpXPy2XeGAxIEM-6MMINuh2aY-gZ6oMUomEcw9uSW1hBNk5mtPAdUqHfud8RBYvTH5yx-Cipu6wDLoQl4UTZcop-tVLpJGWJpDYkeLsda2pKJpJcITs3_gRq-QjUIG7-M2OMEvKwBd3tMfIHNkVA-RBk6v_dEHH8cRHvPZC2wna7FQztJqN5ybOSWcpqCX5RvbMkfK38hdGo6oPUkQ3YmtFLFOialpsJo-c_HDOlI32fCnjTLRsR9B-JbSDRLEHg0bVmgVyL1oZaLPYAMyUH6grtel2enOiUODgX9YZbynGtHjvGMn0-3nbz2TRUlchl5b-mQqPbM673WnddAUeaaqNc7gopo5Zofsd6-YV1Z0nL-XzLad2Ax9aAHpVoejevXGz1w");
+ byte[] cspbytes_1024_Public = Base64UrlEncoder.DecodeBytes("BgIAAACkAABSU0ExAAQAAAEAAQAlur35vBYFooH0yfB3G919joyz-7xD8LcoQLRIqV7DdEicgTkJWD8sfDvxHRf18w2bA2kx_Bg89855uR3yDvIqtcZ-vq6Gv6yvx7iSjuXW_SNV4gVSjShBuCMelyU-dsHK-IuLcyMcms93fQ3Gh13_AFeyGuT2P0g7LUEEdz8K0w");
+
+ RsaParametersFromPing1 = new RSAParameters
+ {
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ Modulus = Base64UrlEncoder.DecodeBytes("mhupHfUtg_gHIqwu2wm8CprXY-gKqbPMV6tEYVqkyYrHugzQ_YDYAHr7vWo5Pe_3gIujSFwpqIfXaP8-Fl3O5fQhMo1lMv4DdRabyDLEpv7YO9qoVKTmDOZqYZx-AYBr5x1Zh2xWByI6_0dsPtCjD1pFZfg_SxNEcLPyH1aY6dT8CWYu32qG4O0WF4EihZzMkzSn8fyh8RXbMf5U9Wm2kgb0g8jK62S7MoF4IlhFaJreq898wgUohhPwR8P3X-gk0XQJAFcogEf04Fw4UmKo3z1B6mcNbPRfImhWw4wtLkhp_KIqKNOkMsSpYGSLrCvqQpgK56EJZExrmb7WozjwHw")
+ };
+
+ RsaParametersFromPing2 = new RSAParameters
+ {
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ Modulus = Base64UrlEncoder.DecodeBytes("wY2KNRyiEvyBFkr1IC_1UGWMPInkzVYpoap_-Zw5fYAXLVxKMSPdZVVLt9AVhuNtagOOQqlZ_Y32e4l19REHym6RGV9Sm1noKRxDUjkz7U8OVeUew7D7h4Dk6E2rrlIYpy9OmhhzWSS68pBTf0_ESdekKv3OQbEs99avEXOPK5uH3V-NHsy1YP3DAvl7HJaV6fn-1Nch1quLrg1G7ohBuTb4Zr-499TJ6bkfabaACz8bf-RHuPezFBjoY0LHNNu6-KQ-qqHVkoki_1OQwj2s_Lui3qYWOmLoaVN9ZzO90rBdhhg8t0JZv6pSlc7o0XT4fie5RRjiqCuOpuGQvNYKpQ")
+ };
+
+ RsaParametersFromPing3 = new RSAParameters
+ {
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ Modulus = Base64UrlEncoder.DecodeBytes("tgLZUXY8mo2Y1TaXHjOYrFGs23jZxgpzEKfBz004AEeOMHFbEP1h1Lrqf2B7f49mOpXRkBgEm4tnSYzX7pDWrMvNeRVkTFXSXwHYvda1R1kmwiTxnrC9IWjvizrr22DtzHhSSpL_7xuXtmaid2orOF8mUoXnKesPQVfq33pCKm1QUV6oFNSVxAiOKJkzFmxjYvcqzryjYi10glxPSx3cmSI8RGqlxolJr0negfLmI9bNxuAvStf_L6zXB5NFqccmkCQXn_QC3P1N3j-HgwwHTVFxkrS8kZQOMTw3TMXbtTFNrVAx1QC_3M0ze4cVncr2zTSECS_2qXM5RS7xBTEDvQ")
+ };
+
+ RsaSecurityKeyFromPing1 = new RsaSecurityKey(RsaParametersFromPing1)
+ {
+ KeyId = "20am7"
+ };
+
+ RsaSecurityKeyFromPing2 = new RsaSecurityKey(RsaParametersFromPing2)
+ {
+ KeyId = "20am3"
+ };
+
+ RsaSecurityKeyFromPing3 = new RsaSecurityKey(RsaParametersFromPing3)
+ {
+ KeyId = "20alz"
+ };
+
+ RsaParameters_1024 = new RSAParameters
+ {
+ D = Base64UrlEncoder.DecodeBytes("XM_G9Xqjh1bpAWh9DNidtsyXv5x0VleYr3fsh2Y5mqLgzjWqpnkU0HWnde86sz0qZPpbXoZcSUWTPW_n7dMnY7zj0RqnvGVYf4GDQ4nO6dml166gflAyA2DPomVovcgVaFYbDR7EEg3SlvhBH7HRMo2n8Nk3UjrD8XM-mrBpqYk"),
+ DP = Base64UrlEncoder.DecodeBytes("5mQThLUluT3MESZKMaiegT6m2aHbIAyj-wyBxIDhXbb8XKkynwpe1NtKywfPDDSvogrNiAQ3TgyYodSgoAXG-w"),
+ DQ = Base64UrlEncoder.DecodeBytes("wTg24-8GQo2Qr0bgf7MTwiVpoqS21rGLR2JDmlhGki5V66col00UXkLoMsC6m4qCH8v5Mb1YEPGd-x0q1QFPaw"),
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ InverseQ = Base64UrlEncoder.DecodeBytes("TrEUrYndEEk9qI4aXcjfykcy2xvll6CmnCU5m5w3atLOULFrJ2wL2fMeEccfB9H9r04GkQ9UZHMgH9PeXQArLw"),
+ Modulus = Base64UrlEncoder.DecodeBytes("0wo_dwRBLTtIP_bkGrJXAP9dh8YNfXfPmhwjc4uL-MrBdj4llx4juEEojVIF4lUj_dbljpK4x6-sv4auvn7GtSryDvIduXnO9zwY_DFpA5sN8_UXHfE7fCw_WAk5gZxIdMNeqUi0QCi38EO8-7OMjn3dG3fwyfSBogUWvPm9uiU"),
+ P = Base64UrlEncoder.DecodeBytes("82Weo0elPSjuDo97lQftlgoPsN6IDHpqJVDO7vz_1VCZVI72aAnL1_JdKm_3TQxu3vnN1tS6jYVOxKSAIOhx3w"),
+ Q = Base64UrlEncoder.DecodeBytes("3fe3gLFi-d1vUm0x1bfU6KYDhv7BMlPcH4a19zH63lXYBsWUfBMGZDxSQIFwmAToXcujB4TNiCZfBNQ-T_l8ew"),
+ };
+
+ RsaParameters_1024_Public = new RSAParameters
+ {
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ Modulus = Base64UrlEncoder.DecodeBytes("0wo_dwRBLTtIP_bkGrJXAP9dh8YNfXfPmhwjc4uL-MrBdj4llx4juEEojVIF4lUj_dbljpK4x6-sv4auvn7GtSryDvIduXnO9zwY_DFpA5sN8_UXHfE7fCw_WAk5gZxIdMNeqUi0QCi38EO8-7OMjn3dG3fwyfSBogUWvPm9uiU"),
+ };
+
+ byte[] cspbytes_2048 = Base64UrlEncoder.DecodeBytes("BwIAAACkAABSU0EyAAgAAAEAAQCP7GdRPSJ5_SDCM4mQsuRP72_P19sw7w7qStb9CXj4aun9iY81bhXI8YjGHZPDrhaSi4bwhGIx5JTNsxBejBTU0QOsLqb8IvlabEHD7T2J4GfIsNwh5u_u8chKMRWeUkxqLzaXdVwickmtvG7t7BjghMzl6Ubwv1DL9prH-pkH56fTqbsu1EwEF4DxWS6RBg1DKNzlmtt5SYYmNksH89yXUV5118YY0UMxJZd3a4Ir_r8wNq4ZtotCAyTfLnCKryTLPrJUcduPlTnjXeegPTFH57fK_UQjq3RGOeTkiDLvKrjQ2FRgXtLdHhXDbAqjQPX0_oruXb78kBxMf0sWa-HrmZTz2hg-VrxNsnJPS-2f-4_MIa8q2dOfGgbxQxLZM19_3VHG_qcn3sXPiVzEwjTvR8edj6wCQ96SYAOkSWByuMplbrzFMfq37u0x6JhOrbkBKWgnU0FO8JvMnAO6jpxNifsWjLkk-ca-JDbzX1L_5u54pHNE76rlEe6oKwvCq_1nG3MI3d_X623S9aQwFw94UGseJfma-6tRAj95LniiXBD7ifjLpCeZvO2W_iLHOOp2WB7DSrNQ_rLfRoStq9DxQY8To4O2SMYPQT7To6tRhRV7lsVuzoGrJIlurXjGXeGBD2gvBTy2_7qhE8ZKiYun67JpIsrN84LkM2pKRtgL7gG1kwCRFEPH_7Pl4JUMCV6kv1DeWCdKlz6fFMatcvN_MUQDBdzjpkgabhc7O_-gBCJp71gnIKsQeMNG_LBxKP0wVZBOtCW3bBmNUSHNZF5CMr7TD7TxXNP6K5sDafOc9_vHz2lkxDDaurY659PrXifpdYFKheHeGPB4nZs697MS-3AARGqCDdoekJft6mF613pzUTOBEc00hm0ehVWVent58JU3ThmcIkImGKxgWaCpaEunlcGVgmpJG562zYPWPTUzsmDnTjciCSZMw_F8PdKzN5kU73JX1yY8k0Oh3ETOxl-uFRGPOiucAeCmvw-9_Mkmyjcrv4Xsk9ftE7ZssGH-F3_O4CMGbQVnsBSpAnO8Yi0f3a9vhipydlTzqpUK7LCoRn4gWVDdsbSmlv-2zjypk_BpgoB4L6ASJOyRySk4KoYSSs38yLEg8SQyNSR95GWZJPEmZhxi5R_03TZcaicn_YCMyfNf9hLmNy8zHetIz8An2qLoZv8w-FglW2O5lXFdKgRb_W-Af2GcjyWGWsMywGEsE6p7A8Ytm8RrwZueTcib_YPFG6_Q4rHHGxcbA_fbz6GKLXrx9oY3xZfNi_3ebPE2aci3CXtoWkH3FRW6kZvGnQsHxxfBww3dogWdV9a0nVdBkfVOD8gfTdCLO8RfARUt1UYwdO22aUqSbxlnxdSgrzFKePsGp_iHCNDZlWeQOIXCIjg2oQLPPT8LYKJrxeWMsyhUw3KlK7cuU_STNLO8CmFD7p025xCrzpK1cC4VeODjur7nB-zuLdmjn-JbLSv0ky9eTNyTkkguhcBbpejM8wEuE3R-HKmV6SrgL8OlhAYBneVIpFP9h2UGoQs");
+ byte[] cspbytes_2048_Public = Base64UrlEncoder.DecodeBytes("BgIAAACkAABSU0ExAAgAAAEAAQCP7GdRPSJ5_SDCM4mQsuRP72_P19sw7w7qStb9CXj4aun9iY81bhXI8YjGHZPDrhaSi4bwhGIx5JTNsxBejBTU0QOsLqb8IvlabEHD7T2J4GfIsNwh5u_u8chKMRWeUkxqLzaXdVwickmtvG7t7BjghMzl6Ubwv1DL9prH-pkH56fTqbsu1EwEF4DxWS6RBg1DKNzlmtt5SYYmNksH89yXUV5118YY0UMxJZd3a4Ir_r8wNq4ZtotCAyTfLnCKryTLPrJUcduPlTnjXeegPTFH57fK_UQjq3RGOeTkiDLvKrjQ2FRgXtLdHhXDbAqjQPX0_oruXb78kBxMf0sWa-Hr");
+
+ RsaParameters_2048 = new RSAParameters
+ {
+ D = Base64UrlEncoder.DecodeBytes("C6EGZYf9U6RI5Z0BBoSlwy_gKumVqRx-dBMuAfPM6KVbwIUuSJKT3ExeL5P0Ky1b4p-j2S3u7Afnvrrj4HgVLnC1ks6rEOc2ne5DYQq8szST9FMutyulcsNUKLOM5cVromALPz3PAqE2OCLChTiQZ5XZ0AiH-KcG-3hKMa-g1MVnGW-SSmm27XQwRtUtFQFfxDuL0E0fyA9O9ZFBV5201ledBaLdDcPBF8cHC53Gm5G6FRX3QVpoewm3yGk28Wze_YvNl8U3hvbxei2Koc_b9wMbFxvHseLQrxvFg_2byE2em8FrxJstxgN7qhMsYcAyw1qGJY-cYX-Ab_1bBCpdcQ"),
+ DP = Base64UrlEncoder.DecodeBytes("ErP3OpudePAY3uGFSoF16Sde69PnOra62jDEZGnPx_v3nPNpA5sr-tNc8bQP074yQl5kzSFRjRlstyW0TpBVMP0ocbD8RsN4EKsgJ1jvaSIEoP87OxduGkim49wFA0Qxf_NyrcYUnz6XSidY3lC_pF4JDJXg5bP_x0MUkQCTtQE"),
+ DQ = Base64UrlEncoder.DecodeBytes("YbBsthPt15Pshb8rN8omyfy9D7-m4AGcKzqPERWuX8bORNyhQ5M8JtdXcu8UmTez0j188cNMJgkiN07nYLIzNT3Wg822nhtJaoKVwZWnS2ipoFlgrBgmQiKcGU43lfB5e3qVVYUebYY0zRGBM1Fzetd6Yertl5Ae2g2CakQAcPs"),
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ InverseQ = Base64UrlEncoder.DecodeBytes("lbljWyVY-DD_Zuii2ifAz0jrHTMvN-YS9l_zyYyA_Scnalw23fQf5WIcZibxJJll5H0kNTIk8SCxyPzNShKGKjgpyZHsJBKgL3iAgmnwk6k8zrb_lqa0sd1QWSB-Rqiw7AqVqvNUdnIqhm-v3R8tYrxzAqkUsGcFbQYj4M5_F_4"),
+ Modulus = Base64UrlEncoder.DecodeBytes("6-FrFkt_TByQ_L5d7or-9PVAowpswxUe3dJeYFTY0Lgq7zKI5OQ5RnSrI0T9yrfnRzE9oOdd4zmVj9txVLI-yySvinAu3yQDQou2Ga42ML_-K4Jrd5clMUPRGMbXdV5Rl9zzB0s2JoZJedua5dwoQw0GkS5Z8YAXBEzULrup06fnB5n6x5r2y1C_8Ebp5cyE4Bjs7W68rUlyIlx1lzYvakxSnhUxSsjx7u_mIdywyGfgiT3tw0FsWvki_KYurAPR1BSMXhCzzZTkMWKE8IaLkhauw5MdxojxyBVuNY-J_elq-HgJ_dZK6g7vMNvXz2_vT-SykIkzwiD9eSI9UWfsjw"),
+ P = Base64UrlEncoder.DecodeBytes("_avCCyuo7hHlqu9Ec6R47ub_Ul_zNiS-xvkkuYwW-4lNnI66A5zMm_BOQVMnaCkBua1OmOgx7e63-jHFvG5lyrhyYEmkA2CS3kMCrI-dx0fvNMLEXInPxd4np_7GUd1_XzPZEkPxBhqf09kqryHMj_uf7UtPcrJNvFY-GNrzlJk"),
+ Q = Base64UrlEncoder.DecodeBytes("7gvYRkpqM-SC883KImmy66eLiUrGE6G6_7Y8BS9oD4HhXcZ4rW6JJKuBzm7FlnsVhVGro9M-QQ_GSLaDoxOPQfHQq62ERt-y_lCzSsMeWHbqOMci_pbtvJknpMv4ifsQXKJ4Lnk_AlGr-5r5JR5rUHgPFzCk9dJt69ff3QhzG2c"),
+ };
+
+ RsaParameters_2048_Public = new RSAParameters
+ {
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ Modulus = Base64UrlEncoder.DecodeBytes("6-FrFkt_TByQ_L5d7or-9PVAowpswxUe3dJeYFTY0Lgq7zKI5OQ5RnSrI0T9yrfnRzE9oOdd4zmVj9txVLI-yySvinAu3yQDQou2Ga42ML_-K4Jrd5clMUPRGMbXdV5Rl9zzB0s2JoZJedua5dwoQw0GkS5Z8YAXBEzULrup06fnB5n6x5r2y1C_8Ebp5cyE4Bjs7W68rUlyIlx1lzYvakxSnhUxSsjx7u_mIdywyGfgiT3tw0FsWvki_KYurAPR1BSMXhCzzZTkMWKE8IaLkhauw5MdxojxyBVuNY-J_elq-HgJ_dZK6g7vMNvXz2_vT-SykIkzwiD9eSI9UWfsjw"),
+ };
+
+ RsaParameters_2048_MissingModulus = new RSAParameters
+ {
+ D = Base64UrlEncoder.DecodeBytes("C6EGZYf9U6RI5Z0BBoSlwy_gKumVqRx-dBMuAfPM6KVbwIUuSJKT3ExeL5P0Ky1b4p-j2S3u7Afnvrrj4HgVLnC1ks6rEOc2ne5DYQq8szST9FMutyulcsNUKLOM5cVromALPz3PAqE2OCLChTiQZ5XZ0AiH-KcG-3hKMa-g1MVnGW-SSmm27XQwRtUtFQFfxDuL0E0fyA9O9ZFBV5201ledBaLdDcPBF8cHC53Gm5G6FRX3QVpoewm3yGk28Wze_YvNl8U3hvbxei2Koc_b9wMbFxvHseLQrxvFg_2byE2em8FrxJstxgN7qhMsYcAyw1qGJY-cYX-Ab_1bBCpdcQ"),
+ DP = Base64UrlEncoder.DecodeBytes("ErP3OpudePAY3uGFSoF16Sde69PnOra62jDEZGnPx_v3nPNpA5sr-tNc8bQP074yQl5kzSFRjRlstyW0TpBVMP0ocbD8RsN4EKsgJ1jvaSIEoP87OxduGkim49wFA0Qxf_NyrcYUnz6XSidY3lC_pF4JDJXg5bP_x0MUkQCTtQE"),
+ DQ = Base64UrlEncoder.DecodeBytes("YbBsthPt15Pshb8rN8omyfy9D7-m4AGcKzqPERWuX8bORNyhQ5M8JtdXcu8UmTez0j188cNMJgkiN07nYLIzNT3Wg822nhtJaoKVwZWnS2ipoFlgrBgmQiKcGU43lfB5e3qVVYUebYY0zRGBM1Fzetd6Yertl5Ae2g2CakQAcPs"),
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ InverseQ = Base64UrlEncoder.DecodeBytes("lbljWyVY-DD_Zuii2ifAz0jrHTMvN-YS9l_zyYyA_Scnalw23fQf5WIcZibxJJll5H0kNTIk8SCxyPzNShKGKjgpyZHsJBKgL3iAgmnwk6k8zrb_lqa0sd1QWSB-Rqiw7AqVqvNUdnIqhm-v3R8tYrxzAqkUsGcFbQYj4M5_F_4"),
+ P = Base64UrlEncoder.DecodeBytes("_avCCyuo7hHlqu9Ec6R47ub_Ul_zNiS-xvkkuYwW-4lNnI66A5zMm_BOQVMnaCkBua1OmOgx7e63-jHFvG5lyrhyYEmkA2CS3kMCrI-dx0fvNMLEXInPxd4np_7GUd1_XzPZEkPxBhqf09kqryHMj_uf7UtPcrJNvFY-GNrzlJk"),
+ Q = Base64UrlEncoder.DecodeBytes("7gvYRkpqM-SC883KImmy66eLiUrGE6G6_7Y8BS9oD4HhXcZ4rW6JJKuBzm7FlnsVhVGro9M-QQ_GSLaDoxOPQfHQq62ERt-y_lCzSsMeWHbqOMci_pbtvJknpMv4ifsQXKJ4Lnk_AlGr-5r5JR5rUHgPFzCk9dJt69ff3QhzG2c"),
+ };
+
+ RsaParameters_2048_MissingExponent = new RSAParameters
+ {
+ D = Base64UrlEncoder.DecodeBytes("C6EGZYf9U6RI5Z0BBoSlwy_gKumVqRx-dBMuAfPM6KVbwIUuSJKT3ExeL5P0Ky1b4p-j2S3u7Afnvrrj4HgVLnC1ks6rEOc2ne5DYQq8szST9FMutyulcsNUKLOM5cVromALPz3PAqE2OCLChTiQZ5XZ0AiH-KcG-3hKMa-g1MVnGW-SSmm27XQwRtUtFQFfxDuL0E0fyA9O9ZFBV5201ledBaLdDcPBF8cHC53Gm5G6FRX3QVpoewm3yGk28Wze_YvNl8U3hvbxei2Koc_b9wMbFxvHseLQrxvFg_2byE2em8FrxJstxgN7qhMsYcAyw1qGJY-cYX-Ab_1bBCpdcQ"),
+ DP = Base64UrlEncoder.DecodeBytes("ErP3OpudePAY3uGFSoF16Sde69PnOra62jDEZGnPx_v3nPNpA5sr-tNc8bQP074yQl5kzSFRjRlstyW0TpBVMP0ocbD8RsN4EKsgJ1jvaSIEoP87OxduGkim49wFA0Qxf_NyrcYUnz6XSidY3lC_pF4JDJXg5bP_x0MUkQCTtQE"),
+ DQ = Base64UrlEncoder.DecodeBytes("YbBsthPt15Pshb8rN8omyfy9D7-m4AGcKzqPERWuX8bORNyhQ5M8JtdXcu8UmTez0j188cNMJgkiN07nYLIzNT3Wg822nhtJaoKVwZWnS2ipoFlgrBgmQiKcGU43lfB5e3qVVYUebYY0zRGBM1Fzetd6Yertl5Ae2g2CakQAcPs"),
+ InverseQ = Base64UrlEncoder.DecodeBytes("lbljWyVY-DD_Zuii2ifAz0jrHTMvN-YS9l_zyYyA_Scnalw23fQf5WIcZibxJJll5H0kNTIk8SCxyPzNShKGKjgpyZHsJBKgL3iAgmnwk6k8zrb_lqa0sd1QWSB-Rqiw7AqVqvNUdnIqhm-v3R8tYrxzAqkUsGcFbQYj4M5_F_4"),
+ Modulus = Base64UrlEncoder.DecodeBytes("6-FrFkt_TByQ_L5d7or-9PVAowpswxUe3dJeYFTY0Lgq7zKI5OQ5RnSrI0T9yrfnRzE9oOdd4zmVj9txVLI-yySvinAu3yQDQou2Ga42ML_-K4Jrd5clMUPRGMbXdV5Rl9zzB0s2JoZJedua5dwoQw0GkS5Z8YAXBEzULrup06fnB5n6x5r2y1C_8Ebp5cyE4Bjs7W68rUlyIlx1lzYvakxSnhUxSsjx7u_mIdywyGfgiT3tw0FsWvki_KYurAPR1BSMXhCzzZTkMWKE8IaLkhauw5MdxojxyBVuNY-J_elq-HgJ_dZK6g7vMNvXz2_vT-SykIkzwiD9eSI9UWfsjw"),
+ P = Base64UrlEncoder.DecodeBytes("_avCCyuo7hHlqu9Ec6R47ub_Ul_zNiS-xvkkuYwW-4lNnI66A5zMm_BOQVMnaCkBua1OmOgx7e63-jHFvG5lyrhyYEmkA2CS3kMCrI-dx0fvNMLEXInPxd4np_7GUd1_XzPZEkPxBhqf09kqryHMj_uf7UtPcrJNvFY-GNrzlJk"),
+ Q = Base64UrlEncoder.DecodeBytes("7gvYRkpqM-SC883KImmy66eLiUrGE6G6_7Y8BS9oD4HhXcZ4rW6JJKuBzm7FlnsVhVGro9M-QQ_GSLaDoxOPQfHQq62ERt-y_lCzSsMeWHbqOMci_pbtvJknpMv4ifsQXKJ4Lnk_AlGr-5r5JR5rUHgPFzCk9dJt69ff3QhzG2c"),
+ };
+
+ byte[] cspbytes_4096 = Base64UrlEncoder.DecodeBytes("BwIAAACkAABSU0EyABAAAAEAAQCZrcZ3JOjYvkjBZwkC_ukZook4u8se9AjHSP6bySfv69VLwlQLAREu-qz13lsoylKxVT4Abz2TxI4oLKKogKAdinRoNRYrIidsbOe6wHbsxreV6Qt4aiU_YdR0PnisyIx9jnheWtcO-_PCW5dQv9-OnjbnKxgy1A5XhHaj-MhL-uVOBKHmk1cXTMcAOzt1XL_oYjxiftg_InHBBT7hG6HrPyritd_np1TckPnuJq5GeajEcwmSIxGNtR4WlTyGD-5MyIVxxWvQgvWjXHDCXp01eA_R-3KImaE62cAULabdKHbNzQFAfJOb-nmAiZU9bhKw7TdZb9Omjr7DadZ8WrqlY7kYmk73IczxX3Vnvm67_Haj7hBrKewJfvQ3SPyqF85CpyNLCrLXzLxVNqEg-YxNkg5Zlf62-t3BA-QHUW7mOIi87iuwvp6WmoZ_o_JEcAl7DY1XlsMVF5v5KrhsAm9FeUQTjFpZkkrFWkgVzBYZ0RpJbDtREgTJXy8764Gq0qcgk7CvC7RkYAtUXj_0rME6nbooLDpKhiQNl9-OLGas-kh9MtR76jTbteToQz2XsIZI3gnJjzpb_BNSvABRqbSgWJ8mVTkGmIc-YImXUqxriE5P4EdulcX5orRkD1LTWiS5tnLqLCUlK-v9SEC0raKx99H5CXl4xv_EDsM2qubzvZXWPbz3kSQY1zhwdKcemx4iIUg69JK7v9PAApf136EVRX3wjVhLUHJfBVAZ0H_VGSCosxmbUuyyh1akiLwzaH1crZz0M9uJ1iS1HZrxpVGn4DuI0A-2ZTP7GAA_q2PjVcNR65LJxAsQmQLHESnWxqA4RZxcxtCukB158isSW6cpxgnsVG2hSHh9spBUaRjzqzejAgh2lrknSJEDSxrfCusdlLmTwbQvOUANAWEpyyVUAnHToFFY6lg6jkJqlAKUdAXw-zPuE3gDaC4fwZL9pCyY-0V2kVW_xusGKg-peiAPGAdaqnL9O0l_tcHrXLNxjySMHPY925ywNf21gTHVfM_1zfc66A_8qv7bAPFMZ-9X0c2Fxq8sGbKDwwj4mnuwB5zRR1wg7YqsvR6XT29h2j7O1VtzJWAfkoMRO_g0cqQP6c9GHPIO9kmLua0KzxRD-KTaQthvgt3x8cn7Ru_NJ3UNDh5cdzt2ieuQFvTGsyoctrRWta9rzb_C0BisBWw-PejJ5yUbFaTi1pJvLOoZTZZ7lCMw5DyRMS3r59Fv7hCY2MI9uIrr4HGOgCdDtYq5Xq4TkKolf887HkuFnUrPsaqk8N-eib1XOlvdyN4YUTlJx6uLTU-kruwEJBZxZ-IRwKDRTG73dVGgf61FSFmD5jpuWNoVkzx2f1UMCYmQhF3qGRIBar0gA7EQCl7IB2TXKuC746nismR2GhlRzktUloCMrzn9OqTgLu39okB4aE_ik1PElT7NDSZNVR41rQtXhHKKOO--Ch4fFv4zlpxErAIB1hu8w4stBx0ZXOyZegHsG0b6JAq0dVjqE357GzypgrrnwvBBDwAW3hPHyHbbKFcjH2N3RRCAHZlsafa_dBHkeevcktWiEarVAhRf0dGjAapoacrL8izb5mr7NGCmg2cwF_F6WvZJhjG5SPSj2HbfLoEkLGUMtDewYK7717_JRFOUEW2OHBfdL0GB0w6hTgLMoKfYXt_rYZw87Bzim5xXLNCZ5BTiWQO4LA8-O3-8oWkHNpNAAPKLXQaGpqopBHa3ujIUQCsINKZuaMMOnl_PFALxGiVY5f9JpHMGtjAVplAZZ4vPZsW7X7O478pwejNRR3_Y4SWNWZglyBamKRxeSz007lwtnbQoywtX72QNvNgpd6jY6zf4h5hNxhZqVg0FVrQUZUBnrA2TkFP3xUDoUOA26IlSf-qKYUus36wxNet-nyoMrAunQ0RubAwE7WWlGmBX-AQ5hXew7Cb-vjhjaZtGecJxQvVIcSBsvBK9Zfp7T85TaRFsHYH_Em8Eysb3grTTNnw6tkx2n43AOML3zyQiSgO4TxwzIINKrDwx94hH4tgBlph636eQLySS3nH0bSUw0pbBZurtkeX3IKYHdsCZfMtmhJUZxLMSLlZILQLm_6GD3I6kHINvGTdhHnZSoS4BecS3vBL3tXa-p_UAvhra8u7YLuGBkM8ZUV3a7OifB0R5TKhf_nyPsJg9_W5HnFvdv1wRsL1u8vdQOFHu4O9iCbLtDs2yTmRo0UTuWBItAqOhDqcU2wA6blptT-t7KhZvfOApK10kvEeDov6ch49JXX0CIQqUe2uzWh7Hc1xVI48ahK9aautS0EpaplbPuipNp1qIGSOOeVkDYPGd0KtjtlI2ZZdvxHu1UDsfZBBc-ngZWPp8IbGFMLIvv_ZnaCwn9hzCBT87WHg9dAEbudMxNw7mBBkjDJWqNFZVWDdeZk-dx2rAC5cM09CCkjjHjX2_eCpztb65lvM0ir1l8tq3SPaz2N9OLwipLRdm8vjWwSRGYaApXqxC4ZgxzSgTm-9Yd4o60zE5JdHyyCZ0DIuHieJ437ut-ozQ5-cV8d2yUrOQWjx97ehixruKZlf8PnOn-0Q48mGtqOJ2gQNiULIpksv7AGxORmRHKoBGQtzjiGfViOxk6hf62-ilAbz7fLeSLVZhG1ixaQWXkWeSf9G27mgEvt3IfrSJLmb4tMsspeYFYdjlTtkz1XBbpuv-F6-vhbgRnQQeR9OAa5BAtsFHvDU2KSOfkJfqWVQ9ffxriCTY3R1og4U52-Jdt64IlA-7-ZBbourBEbuCti8wC0UsjgtH4uAhhu4I7Td8ja-l2MJAGu5kvOoGRvg09ClyW3Top7Bmr7YkKchSjwyrPwhJtn5edl_N9p7i_1uHTrzTmNW7z4_g8NZl1oy2F14KQXCrjo8Kw_gt7D43nu9A2MXEYvIxEoaRu6SJJh8dL-Wfjo4dNsNS6iq-RxGtlJigMRV_lAG6n9U2YPws3xj6cTRiAnRcJcpRm8QyHoE-BlxWV739ENQXcno-qpYOT6UMO-wwCTU0x92rrDAL9ow4TkjX3VrMV9B1BLUFakDfj_pRp5P4bBMtMah20CZEXgc");
+ byte[] cspbytes_4096_Public = Base64UrlEncoder.DecodeBytes("BgIAAACkAABSU0ExABAAAAEAAQCZrcZ3JOjYvkjBZwkC_ukZook4u8se9AjHSP6bySfv69VLwlQLAREu-qz13lsoylKxVT4Abz2TxI4oLKKogKAdinRoNRYrIidsbOe6wHbsxreV6Qt4aiU_YdR0PnisyIx9jnheWtcO-_PCW5dQv9-OnjbnKxgy1A5XhHaj-MhL-uVOBKHmk1cXTMcAOzt1XL_oYjxiftg_InHBBT7hG6HrPyritd_np1TckPnuJq5GeajEcwmSIxGNtR4WlTyGD-5MyIVxxWvQgvWjXHDCXp01eA_R-3KImaE62cAULabdKHbNzQFAfJOb-nmAiZU9bhKw7TdZb9Omjr7DadZ8WrqlY7kYmk73IczxX3Vnvm67_Haj7hBrKewJfvQ3SPyqF85CpyNLCrLXzLxVNqEg-YxNkg5Zlf62-t3BA-QHUW7mOIi87iuwvp6WmoZ_o_JEcAl7DY1XlsMVF5v5KrhsAm9FeUQTjFpZkkrFWkgVzBYZ0RpJbDtREgTJXy8764Gq0qcgk7CvC7RkYAtUXj_0rME6nbooLDpKhiQNl9-OLGas-kh9MtR76jTbteToQz2XsIZI3gnJjzpb_BNSvABRqbSgWJ8mVTkGmIc-YImXUqxriE5P4EdulcX5orRkD1LTWiS5tnLqLCUlK-v9SEC0raKx99H5CXl4xv_EDsM2qubzvQ");
+
+ RsaParameters_4096 = new RSAParameters
+ {
+ D = Base64UrlEncoder.DecodeBytes("B15EJtB2qDEtE2z4k6dR-o_fQGoFtQR10FfMWt3XSE44jPYLMKyr3cc0NQkw7DsMpU8Olqo-enIX1BD9vVdWXAY-gR4yxJtRyiVcdAJiNHH6GN8s_GA21Z-6AZR_FTGgmJStEUe-KupSwzYdjo6f5S8dHyaJpLuRhhIx8mLExdhA7543Puwt-MMKj46rcEEKXhe2jNZl1vDgj8-71ZjTvE6HW__invbNX3ZefrZJCD-rDI9SyCkktq9msKfodFtyKfQ0-EYG6rxk7hpAwtilr418N-0I7oYh4OJHC44sRQswL7aCuxHB6qJbkPm7D5QIrrdd4ts5hYNoHd3YJIhr_H09VFnql5CfIyk2NbxHwbZAkGuA00ceBJ0RuIWvrxf-66ZbcNUz2U7l2GEF5qUsy7T4Zi6JtH7I3b4EaO620X-SZ5GXBWmxWBthVi2St3z7vAGl6Nv6F-pk7IjVZ4jj3EJGgCpHZEZObAD7y5IpslBiA4F24qitYfI4RPuncz78V2aKu8Zi6O19PFqQs1Ky3fEV5-fQjPqtu9944omHiwx0Jsjy0SU5MdM6indY75sTKM0xmOFCrF4poGFGJMHW-PJmFy2pCC9O39iz9ki32vJlvYo085a5vrVzKni_fY3HOJKC0NMMlwvAasedT2ZeN1hVVjSqlQwjGQTmDjcx07k"),
+ DP = Base64UrlEncoder.DecodeBytes("obx_Oz4PLLgDWeIU5JnQLFecm-Ic7DycYevfXtinoMwCTqEO04FBL90XHI5tEZRTRMm_1_uuYLA3tAxlLCSBLt922KP0SLkxhkn2WnrxFzBng6ZgNPtq5tss8svKaWiqAaPR0V8UAtWqEaLVktzreeQRdL_2aWyZHYAQRXdjHyNXKNt2yMcT3hYAD0Hwwue6gqk8G3t-E-pYdbQKJPpGG-wBepnsXBkdBy2Lw7wb1gECrEScljP-Fh8eCr7vOIpyhFcLrTUeVU0mDc0-lcRTk-JPaHhAov3tLuCkOv05r4yAllRLzlEZGnZksuKp47vgKtdkB8heChCxAyC9agESGQ"),
+ DQ = Base64UrlEncoder.DecodeBytes("cd6SJC-Qp996mJYB2OJHiPcxPKxKgyAzHE-4A0oiJM_3wjjAjZ92TLY6fDbTtIL3xsoEbxL_gR1sEWlTzk97-mW9ErxsIHFI9UJxwnlGm2ljOL7-Juywd4U5BPhXYBqlZe0EDGxuREOnC6wMKp9-6zUxrN-sS2GK6n9Sieg24FDoQMX3U5CTDaxnQGUUtFYFDVZqFsZNmIf4N-vYqHcp2LwNZO9XC8sotJ0tXO40PUteHCmmFsglmFmNJeHYf0dRM3pwyu-4s1-7xWbPi2cZUKYVMLYGc6RJ_-VYJRrxAhTPX54Ow2hupjQIK0AUMrq3dgQpqqaGBl2L8gBAkzYHaQ"),
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ InverseQ = Base64UrlEncoder.DecodeBytes("GwF0PXhYOz8Fwhz2JyxoZ_a_L7IwhbEhfPpYGXj6XBBkHztQtXvEb5dlNlK2Y6vQnfFgA1l5jiMZiFqnTSq6z1amWkrQUutqWq-EGo8jVVxzxx5as2t7lAohAn1dSY-HnP6ig0e8JF0rKeB8bxYqe-tPbVpuOgDbFKcOoaMCLRJY7kTRaGROss0O7bIJYu_g7lE4UPfybr2wEVy_3VucR279PZiwj3z-X6hMeUQHn-js2l1RGc-QgeEu2O7y2hq-APWnvna19xK8t8R5AS6hUnYeYTcZb4McpI7cg6H_5gItSFYuErPEGZWEZst8mcB2B6Yg9-WR7epmwZbSMCVt9A"),
+ Modulus = Base64UrlEncoder.DecodeBytes("vfPmqjbDDsT_xnh5CfnR97GirbRASP3rKyUlLOpytrkkWtNSD2S0ovnFlW5H4E9OiGusUpeJYD6HmAY5VSafWKC0qVEAvFIT_Fs6j8kJ3kiGsJc9Q-jktds06nvUMn1I-qxmLI7flw0khko6LCi6nTrBrPQ_XlQLYGS0C6-wkyCn0qqB6zsvX8kEElE7bEka0RkWzBVIWsVKkllajBNEeUVvAmy4KvmbFxXDlleNDXsJcETyo3-GmpaevrAr7ryIOOZuUQfkA8Hd-rb-lVkOkk2M-SChNlW8zNeyCksjp0LOF6r8SDf0fgnsKWsQ7qN2_Ltuvmd1X_HMIfdOmhi5Y6W6WnzWacO-jqbTb1k37bASbj2ViYB5-puTfEABzc12KN2mLRTA2TqhmYhy-9EPeDWdXsJwXKP1gtBrxXGFyEzuD4Y8lRYetY0RI5IJc8SoeUauJu75kNxUp-ffteIqP-uhG-E-BcFxIj_YfmI8Yui_XHU7OwDHTBdXk-ahBE7l-kvI-KN2hFcO1DIYK-c2no7fv1CXW8Lz-w7XWl54jn2MyKx4PnTUYT8langL6ZW3xux2wLrnbGwnIisWNWh0ih2ggKiiLCiOxJM9bwA-VbFSyihb3vWs-i4RAQtUwkvV6-8nyZv-SMcI9B7LuziJohnp_gIJZ8FIvtjoJHfGrZk"),
+ P = Base64UrlEncoder.DecodeBytes("z3zVMYG1_TWwnNs99hyMJI9xs1zrwbV_STv9cqpaBxgPIHqpDyoG68a_VZF2RfuYLKT9ksEfLmgDeBPuM_vwBXSUApRqQo46WOpYUaDTcQJUJcspYQENQDkvtMGTuZQd6wrfGksDkUgnuZZ2CAKjN6vzGGlUkLJ9eEihbVTsCcYpp1sSK_J5HZCu0MZcnEU4oMbWKRHHApkQC8TJkutRw1XjY6s_ABj7M2W2D9CIO-CnUaXxmh21JNaJ2zP0nK1cfWgzvIikVoey7FKbGbOoIBnVf9AZUAVfclBLWI3wfUUVod_1lwLA07-7kvQ6SCEiHpsep3RwONcYJJH3vD3WlQ"),
+ Q = Base64UrlEncoder.DecodeBytes("6l2EkIkJDFV_djyTFdpYbjrmg1lIRa1_oFF1925M0aDAEeJncRYkBOyupE9Ni6vHSTlRGN7I3Vs6V72Jnt_wpKqxz0qdhUseO89_JaqQE65euYq1QyeAjnHg64q4PcLYmBDub9Hn6y0xkTzkMCOUe5ZNGeosb5LW4qQVGyXnyeg9PmwFrBjQwr_Na6-1VrS2HCqzxvQWkOuJdjt3XB4ODXUnze9G-8nx8d2Cb9hC2qT4QxTPCq25i0n2DvIcRs_pD6RyNPg7EYOSH2Alc1vVzj7aYW9Plx69rIrtIFxH0ZwHsHua-AjDg7IZLK_Ghc3RV-9nTPEA2_6q_A_oOvfN9Q"),
+ };
+
+ RsaParameters_4096_Public = new RSAParameters
+ {
+ Exponent = Base64UrlEncoder.DecodeBytes("AQAB"),
+ Modulus = Base64UrlEncoder.DecodeBytes("vfPmqjbDDsT_xnh5CfnR97GirbRASP3rKyUlLOpytrkkWtNSD2S0ovnFlW5H4E9OiGusUpeJYD6HmAY5VSafWKC0qVEAvFIT_Fs6j8kJ3kiGsJc9Q-jktds06nvUMn1I-qxmLI7flw0khko6LCi6nTrBrPQ_XlQLYGS0C6-wkyCn0qqB6zsvX8kEElE7bEka0RkWzBVIWsVKkllajBNEeUVvAmy4KvmbFxXDlleNDXsJcETyo3-GmpaevrAr7ryIOOZuUQfkA8Hd-rb-lVkOkk2M-SChNlW8zNeyCksjp0LOF6r8SDf0fgnsKWsQ7qN2_Ltuvmd1X_HMIfdOmhi5Y6W6WnzWacO-jqbTb1k37bASbj2ViYB5-puTfEABzc12KN2mLRTA2TqhmYhy-9EPeDWdXsJwXKP1gtBrxXGFyEzuD4Y8lRYetY0RI5IJc8SoeUauJu75kNxUp-ffteIqP-uhG-E-BcFxIj_YfmI8Yui_XHU7OwDHTBdXk-ahBE7l-kvI-KN2hFcO1DIYK-c2no7fv1CXW8Lz-w7XWl54jn2MyKx4PnTUYT8langL6ZW3xux2wLrnbGwnIisWNWh0ih2ggKiiLCiOxJM9bwA-VbFSyihb3vWs-i4RAQtUwkvV6-8nyZv-SMcI9B7LuziJohnp_gIJZ8FIvtjoJHfGrZk"),
+ };
+
+ }
+
+#if NET452 || NET45
+ public static RsaSecurityKey RsaSecurityKeyWithCspProvider_2048
+ {
+ get
+ {
+ var rsaCsp = new RSACryptoServiceProvider();
+ rsaCsp.ImportParameters(RsaParameters_2048);
+ return new RsaSecurityKey(rsaCsp) { KeyId = "RsaSecurityKeyWithCspProvider_2048" };
+ }
+ }
+
+ public static RsaSecurityKey RsaSecurityKeyWithCspProvider_2048_Public
+ {
+ get
+ {
+ var rsaCsp = new RSACryptoServiceProvider();
+ rsaCsp.ImportParameters(RsaParameters_2048_Public);
+ return new RsaSecurityKey(rsaCsp) { KeyId = "RsaSecurityKeyWithCspProvider_2048" };
+ }
+ }
+
+ public static RsaSecurityKey RsaSecurityKey_2048_FromRsa
+ {
+ get
+ {
+ var rsa = new RSACryptoServiceProvider();
+ rsa.ImportParameters(RsaParameters_2048);
+ return new RsaSecurityKey(rsa) { KeyId = "RsaSecurityKey_FromRsa_2048" };
+ }
+ }
+
+ public static RsaSecurityKey RsaSecurityKey_2048_FromRsa_Public
+ {
+ get
+ {
+ var rsa = new RSACryptoServiceProvider();
+ rsa.ImportParameters(RsaParameters_2048_Public);
+ return new RsaSecurityKey(rsa) { KeyId = "RsaSecurityKey_FromRsa_2048_Public" };
+ }
+ }
+#endif
+
+#if NETCOREAPP2_0
+ public static RsaSecurityKey RsaSecurityKeyWithCngProvider_2048
+ {
+ get
+ {
+ var rsaCng = new RSACng();
+ rsaCng.ImportParameters(RsaParameters_2048);
+ return new RsaSecurityKey(rsaCng) { KeyId = "RsaSecurityKeyWithCngProvider_2048" };
+ }
+ }
+
+ public static RsaSecurityKey RsaSecurityKeyWithCngProvider_2048_Public
+ {
+ get
+ {
+ var rsaCng = new RSACng();
+ rsaCng.ImportParameters(RsaParameters_2048_Public);
+ return new RsaSecurityKey(rsaCng) { KeyId = "RsaSecurityKeyWithCngProvider_2048" };
+ }
+ }
+
+ public static RsaSecurityKey RsaSecurityKey_2048_FromRsa
+ {
+ get
+ {
+ var rsa = new RSACng();
+ rsa.ImportParameters(RsaParameters_2048);
+ return new RsaSecurityKey(rsa) { KeyId = "RsaSecurityKey_FromRsa_2048" };
+ }
+ }
+
+ public static RsaSecurityKey RsaSecurityKey_2048_FromRsa_Public
+ {
+ get
+ {
+ var rsa = new RSACng();
+ rsa.ImportParameters(RsaParameters_2048_Public);
+ return new RsaSecurityKey(rsa) { KeyId = "RsaSecurityKey_FromRsa_2048_Public" };
+ }
+ }
+#endif
+
+ public static RsaSecurityKey RsaSecurityKey_2048_Public
+ {
+ get
+ {
+ return new RsaSecurityKey(RsaParameters_2048_Public) { KeyId = "RsaSecurityKey_2048_Public" };
+ }
+ }
+
+ public static RsaSecurityKey RsaSecurityKey_2048
+ {
+ get
+ {
+ return new RsaSecurityKey(RsaParameters_2048) { KeyId = "RsaSecurityKey_2048" };
+ }
+ }
+
+ public static SecurityKey DefaultRsaSecurityKey1
+ {
+ get
+ {
+ AsymmetricAlgorithm publicKey;
+#if NETCOREAPP2_0
+ publicKey = RSACertificateExtensions.GetRSAPublicKey(DefaultCert_2048);
+#else
+ publicKey = DefaultCert_2048.PublicKey.Key;
+#endif
+ RSA rsa = publicKey as RSA;
+ RSAParameters parameters = rsa.ExportParameters(false);
+ return new RsaSecurityKey(parameters);
+ }
+ }
+
+ public static SecurityKey DefaultRsaSecurityKey2
+ {
+ get
+ {
+ var certData = "MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD";
+ var cert = new X509Certificate2(Convert.FromBase64String(certData));
+ AsymmetricAlgorithm publicKey;
+#if NETCOREAPP2_0
+ publicKey = RSACertificateExtensions.GetRSAPublicKey(cert);
+#else
+ publicKey = cert.PublicKey.Key;
+#endif
+ RSA rsa = publicKey as RSA;
+ RSAParameters parameters = rsa.ExportParameters(false);
+ return new RsaSecurityKey(parameters);
+ }
+ }
+
+ public static SecurityKey DefaultJsonWebKeyWithCertificate1
+ {
+ get
+ {
+ var jsonWebKey = new JsonWebKey();
+ jsonWebKey.X5c.Add("MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=");
+ jsonWebKey.Kty = JsonWebAlgorithmsKeyTypes.RSA;
+ AsymmetricAlgorithm publicKey;
+#if NETCOREAPP2_0
+ publicKey = RSACertificateExtensions.GetRSAPublicKey(DefaultCert_2048);
+#else
+ publicKey = DefaultCert_2048.PublicKey.Key;
+#endif
+ RSA rsa = publicKey as RSA;
+ RSAParameters parameters = rsa.ExportParameters(false);
+ jsonWebKey.E = Base64UrlEncoder.Encode(parameters.Exponent);
+ jsonWebKey.N = Base64UrlEncoder.Encode(parameters.Modulus);
+ return jsonWebKey;
+ }
+ }
+
+ public static SecurityKey DefaultJsonWebKeyWithCertificate2
+ {
+ get
+ {
+ var certData = "MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD";
+ var jsonWebKey = new JsonWebKey();
+ jsonWebKey.X5c.Add(certData);
+ jsonWebKey.Kty = JsonWebAlgorithmsKeyTypes.RSA;
+ var cert = new X509Certificate2(Convert.FromBase64String(certData));
+ AsymmetricAlgorithm publicKey;
+#if NETCOREAPP2_0
+ publicKey = RSACertificateExtensions.GetRSAPublicKey(cert);
+#else
+ publicKey = cert.PublicKey.Key;
+#endif
+ RSA rsa = publicKey as RSA;
+ RSAParameters parameters = rsa.ExportParameters(false);
+ jsonWebKey.E = Base64UrlEncoder.Encode(parameters.Exponent);
+ jsonWebKey.N = Base64UrlEncoder.Encode(parameters.Modulus);
+ return jsonWebKey;
+ }
+ }
+
+ public static SecurityKey DefaultJsonWebKeyWithParameters1
+ {
+ get
+ {
+ AsymmetricAlgorithm publicKey;
+#if NETCOREAPP2_0
+ publicKey = RSACertificateExtensions.GetRSAPublicKey(DefaultCert_2048);
+#else
+ publicKey = DefaultCert_2048.PublicKey.Key;
+#endif
+ RSA rsa = publicKey as RSA;
+ RSAParameters parameters = rsa.ExportParameters(false);
+ var jsonWebKey = new JsonWebKey();
+ jsonWebKey.E = Base64UrlEncoder.Encode(parameters.Exponent);
+ jsonWebKey.N = Base64UrlEncoder.Encode(parameters.Modulus);
+ jsonWebKey.Kty = JsonWebAlgorithmsKeyTypes.RSA;
+ return jsonWebKey;
+ }
+ }
+
+ public static SecurityKey DefaultJsonWebKeyWithParameters2
+ {
+ get
+ {
+ var certData = "MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD";
+ var cert = new X509Certificate2(Convert.FromBase64String(certData));
+ AsymmetricAlgorithm publicKey;
+#if NETCOREAPP2_0
+ publicKey = RSACertificateExtensions.GetRSAPublicKey(cert);
+#else
+ publicKey = cert.PublicKey.Key;
+#endif
+ RSA rsa = publicKey as RSA;
+ RSAParameters parameters = rsa.ExportParameters(false);
+ var jsonWebKey = new JsonWebKey();
+ jsonWebKey.E = Base64UrlEncoder.Encode(parameters.Exponent);
+ jsonWebKey.N = Base64UrlEncoder.Encode(parameters.Modulus);
+ jsonWebKey.Kty = JsonWebAlgorithmsKeyTypes.RSA;
+ return jsonWebKey;
+ }
+ }
+
+ public static string JsonWebKeySymmetricKid128
+ {
+ get
+ {
+ return "JsonWebKeySymmetricKid128";
+ }
+ }
+
+ public static string JsonWebKeySymmetricBytesEncoded128
+ {
+ get
+ {
+ return "mSSKo6XfloeNAGLhqTQwvQ==";
+ }
+ }
+
+ public static byte[] JsonWebKeySymmetricBytes128
+ {
+ get
+ {
+ return Base64UrlEncoder.DecodeBytes(JsonWebKeySymmetricBytesEncoded128);
+ }
+ }
+
+ public static JsonWebKey JsonWebKeySymmetric128
+ {
+ get
+ {
+ return new JsonWebKey
+ {
+ K = JsonWebKeySymmetricBytesEncoded128,
+ KeyId = JsonWebKeySymmetricKid128,
+ Kty = JsonWebAlgorithmsKeyTypes.Octet
+ };
+ }
+ }
+
+ public static string JsonWebKeySymmetricKid256
+ {
+ get
+ {
+ return "JsonWebKeySymmetricKid256";
+ }
+ }
+
+ public static string JsonWebKeySymmetricBytesEncoded256
+ {
+ get
+ {
+ return "Vbxq2mlbGJw8XH+ZoYBnUHmHga8/o/IduvU/Tht70iE=";
+ }
+ }
+
+ public static byte[] JsonWebKeySymmetricBytes256
+ {
+ get
+ {
+ return Base64UrlEncoder.DecodeBytes(JsonWebKeySymmetricBytesEncoded256);
+ }
+ }
+
+ public static JsonWebKey JsonWebKeySymmetric256
+ {
+ get
+ {
+ return new JsonWebKey
+ {
+ K = JsonWebKeySymmetricBytesEncoded256,
+ KeyId = JsonWebKeySymmetricKid256,
+ Kty = JsonWebAlgorithmsKeyTypes.Octet
+ };
+ }
+ }
+
+ //json web key
+ public static JsonWebKey JsonWebKeyRsa256
+ {
+ get
+ {
+ return new JsonWebKey
+ {
+ D = "C6EGZYf9U6RI5Z0BBoSlwy_gKumVqRx-dBMuAfPM6KVbwIUuSJKT3ExeL5P0Ky1b4p-j2S3u7Afnvrrj4HgVLnC1ks6rEOc2ne5DYQq8szST9FMutyulcsNUKLOM5cVromALPz3PAqE2OCLChTiQZ5XZ0AiH-KcG-3hKMa-g1MVnGW-SSmm27XQwRtUtFQFfxDuL0E0fyA9O9ZFBV5201ledBaLdDcPBF8cHC53Gm5G6FRX3QVpoewm3yGk28Wze_YvNl8U3hvbxei2Koc_b9wMbFxvHseLQrxvFg_2byE2em8FrxJstxgN7qhMsYcAyw1qGJY-cYX-Ab_1bBCpdcQ",
+ DP = "ErP3OpudePAY3uGFSoF16Sde69PnOra62jDEZGnPx_v3nPNpA5sr-tNc8bQP074yQl5kzSFRjRlstyW0TpBVMP0ocbD8RsN4EKsgJ1jvaSIEoP87OxduGkim49wFA0Qxf_NyrcYUnz6XSidY3lC_pF4JDJXg5bP_x0MUkQCTtQE",
+ DQ = "YbBsthPt15Pshb8rN8omyfy9D7-m4AGcKzqPERWuX8bORNyhQ5M8JtdXcu8UmTez0j188cNMJgkiN07nYLIzNT3Wg822nhtJaoKVwZWnS2ipoFlgrBgmQiKcGU43lfB5e3qVVYUebYY0zRGBM1Fzetd6Yertl5Ae2g2CakQAcPs",
+ E = "AQAB",
+ QI = "lbljWyVY-DD_Zuii2ifAz0jrHTMvN-YS9l_zyYyA_Scnalw23fQf5WIcZibxJJll5H0kNTIk8SCxyPzNShKGKjgpyZHsJBKgL3iAgmnwk6k8zrb_lqa0sd1QWSB-Rqiw7AqVqvNUdnIqhm-v3R8tYrxzAqkUsGcFbQYj4M5_F_4",
+ N = "6-FrFkt_TByQ_L5d7or-9PVAowpswxUe3dJeYFTY0Lgq7zKI5OQ5RnSrI0T9yrfnRzE9oOdd4zmVj9txVLI-yySvinAu3yQDQou2Ga42ML_-K4Jrd5clMUPRGMbXdV5Rl9zzB0s2JoZJedua5dwoQw0GkS5Z8YAXBEzULrup06fnB5n6x5r2y1C_8Ebp5cyE4Bjs7W68rUlyIlx1lzYvakxSnhUxSsjx7u_mIdywyGfgiT3tw0FsWvki_KYurAPR1BSMXhCzzZTkMWKE8IaLkhauw5MdxojxyBVuNY-J_elq-HgJ_dZK6g7vMNvXz2_vT-SykIkzwiD9eSI9UWfsjw",
+ P = "_avCCyuo7hHlqu9Ec6R47ub_Ul_zNiS-xvkkuYwW-4lNnI66A5zMm_BOQVMnaCkBua1OmOgx7e63-jHFvG5lyrhyYEmkA2CS3kMCrI-dx0fvNMLEXInPxd4np_7GUd1_XzPZEkPxBhqf09kqryHMj_uf7UtPcrJNvFY-GNrzlJk",
+ Q = "7gvYRkpqM-SC883KImmy66eLiUrGE6G6_7Y8BS9oD4HhXcZ4rW6JJKuBzm7FlnsVhVGro9M-QQ_GSLaDoxOPQfHQq62ERt-y_lCzSsMeWHbqOMci_pbtvJknpMv4ifsQXKJ4Lnk_AlGr-5r5JR5rUHgPFzCk9dJt69ff3QhzG2c",
+ Kty = JsonWebAlgorithmsKeyTypes.RSA,
+ Kid = "RsaSecurityKey_2048"
+ };
+ }
+ }
+
+ public static SigningCredentials JsonWebKeyRsa256SigningCredentials
+ {
+ get => new SigningCredentials(JsonWebKeyRsa256, SecurityAlgorithms.RsaSha256, SecurityAlgorithms.Sha256);
+ }
+
+ public static JsonWebKey JsonWebKeyRsa256Public
+ {
+ get
+ {
+ return new JsonWebKey
+ {
+ E = "AQAB",
+ N = "6-FrFkt_TByQ_L5d7or-9PVAowpswxUe3dJeYFTY0Lgq7zKI5OQ5RnSrI0T9yrfnRzE9oOdd4zmVj9txVLI-yySvinAu3yQDQou2Ga42ML_-K4Jrd5clMUPRGMbXdV5Rl9zzB0s2JoZJedua5dwoQw0GkS5Z8YAXBEzULrup06fnB5n6x5r2y1C_8Ebp5cyE4Bjs7W68rUlyIlx1lzYvakxSnhUxSsjx7u_mIdywyGfgiT3tw0FsWvki_KYurAPR1BSMXhCzzZTkMWKE8IaLkhauw5MdxojxyBVuNY-J_elq-HgJ_dZK6g7vMNvXz2_vT-SykIkzwiD9eSI9UWfsjw",
+ Kty = JsonWebAlgorithmsKeyTypes.RSA,
+ Kid = "RsaSecurityKey_2048_Public"
+ };
+ }
+ }
+
+ public static SigningCredentials JsonWebKeyRsa256PublicSigningCredentials
+ {
+ get => new SigningCredentials(JsonWebKeyRsa256Public, SecurityAlgorithms.RsaSha256, SecurityAlgorithms.Sha256);
+ }
+
+ public static JsonWebKey JsonWebKeyP521WrongX_Public
+ {
+ get
+ {
+ var curvePointParameterLength = 2 << 20;
+ var curvePointParameter = Base64UrlEncoder.Encode(new byte[curvePointParameterLength]);
+
+ var jsonString = string.Format(
+ @"{{
+ ""kty"": ""EC"",
+ ""kid"": ""bilbo.baggins@hobbiton.example"",
+ ""use"": ""sig"",
+ ""crv"": ""P-521"",
+ ""x"": ""{0}"",
+ ""y"": ""AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1""
+ }}", curvePointParameter);
+
+ return new JsonWebKey(jsonString);
+ }
+ }
+
+ public static JsonWebKey JsonWebKeyP521WrongY_Public
+ {
+ get
+ {
+ var curvePointParameterLength = 2 << 20;
+ var curvePointParameter = Base64UrlEncoder.Encode(new byte[curvePointParameterLength]);
+
+ var jsonString = string.Format(@"{{
+ ""kty"": ""EC"",
+ ""kid"": ""bilbo.baggins@hobbiton.example"",
+ ""use"": ""sig"",
+ ""crv"": ""P-521"",
+ ""x"": ""AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"",
+ ""y"": ""{0}""
+ }}", curvePointParameter);
+
+ return new JsonWebKey(jsonString);
+ }
+ }
+
+ public static JsonWebKey JsonWebKeyP521WrongD
+ {
+ get
+ {
+ var curvePointParameterLength = 2 << 20;
+ var curvePointParameter = Base64UrlEncoder.Encode(new byte[curvePointParameterLength]);
+
+ var jsonString = string.Format(@"{{
+ ""kty"": ""EC"",
+ ""kid"": ""bilbo.baggins@hobbiton.example"",
+ ""use"": ""sig"",
+ ""crv"": ""P-521"",
+ ""x"": ""AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt"",
+ ""y"": ""AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"",
+ ""d"": ""{{0}}""
+ }}", curvePointParameter);
+
+ return new JsonWebKey(jsonString);
+ }
+ }
+
+ public static JsonWebKey JsonWebKeyP256
+ {
+ get
+ {
+ return new JsonWebKey
+ {
+ Crv = "P-256",
+ X = "luR290c8sXxbOGhNquQ3J3rh763Os4D609cHK-L_5fA",
+ Y = "tUqUwtaVHwc7_CXnuBrCpMQTF5BJKdFnw9_JkSIXWpQ",
+ D = "OOX7PnYlSTE41BSclDj5Gi_sx_SPgEqStjY3doku4TQ",
+ KeyId = "JsonWebKeyEcdsa256",
+ Kid = "JsonWebKeyEcdsa256",
+ Kty = JsonWebAlgorithmsKeyTypes.EllipticCurve
+ };
+ }
+ }
+
+ public static JsonWebKey JsonWebKeyP256_Public
+ {
+ get
+ {
+ return new JsonWebKey
+ {
+ Crv = "P-256",
+ X = "luR290c8sXxbOGhNquQ3J3rh763Os4D609cHK-L_5fA",
+ Y = "tUqUwtaVHwc7_CXnuBrCpMQTF5BJKdFnw9_JkSIXWpQ",
+ KeyId = "JsonWebKeyEcdsa256_Public",
+ Kid = "JsonWebKeyEcdsa256_Public",
+ Kty = JsonWebAlgorithmsKeyTypes.EllipticCurve
+ };
+ }
+ }
+
+ public static JsonWebKey JsonWebKeySymmetric64
+ {
+ get
+ {
+ return new JsonWebKey
+ {
+ K = "bd0Q-Z6Yd34",
+ Kid = "DefaultSymmetricSecurityKey_64",
+ Kty = JsonWebAlgorithmsKeyTypes.Octet
+ };
+ }
+ }
+
+ public static JsonWebKey JsonWebKeySymmetric256_2
+ {
+ get
+ {
+ return new JsonWebKey
+ {
+ K = "vAhpeveLSFSsPs5rg+CPdLYor40ISGgdpen+FXzCSJg=",
+ Kty = JsonWebAlgorithmsKeyTypes.Octet
+ };
+ }
+ }
+
+ public static JsonWebKey JsonWebKeyX509_2048
+ {
+ get
+ {
+ var jsonWebKey = new JsonWebKey();
+ jsonWebKey.Kty = JsonWebAlgorithmsKeyTypes.RSA;
+ jsonWebKey.X5c.Add(DefaultX509Data_2048);
+ jsonWebKey.X5t = DefaultX509Key_2048_Thumbprint;
+ jsonWebKey.Kid = DefaultX509Key_2048_KeyId;
+ return jsonWebKey;
+ }
+ }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdConnectMessage.cs b/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdConnectMessage.cs
index 81d9230617..f6cf661b4b 100644
--- a/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdConnectMessage.cs
+++ b/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdConnectMessage.cs
@@ -547,6 +547,8 @@ public string Sid
"ID_NET461";
#elif NETSTANDARD2_0
"ID_NETSTANDARD2_0";
+#elif NETSTANDARD2_1
+ "ID_NETSTANDARD2_1";
#endif
///
diff --git a/src/Microsoft.IdentityModel.Protocols.WsFederation/Microsoft.IdentityModel.Protocols.WsFederation.csproj b/src/Microsoft.IdentityModel.Protocols.WsFederation/Microsoft.IdentityModel.Protocols.WsFederation.csproj
index 244e1b5bb7..a37789fd3b 100644
--- a/src/Microsoft.IdentityModel.Protocols.WsFederation/Microsoft.IdentityModel.Protocols.WsFederation.csproj
+++ b/src/Microsoft.IdentityModel.Protocols.WsFederation/Microsoft.IdentityModel.Protocols.WsFederation.csproj
@@ -21,7 +21,7 @@
-
+
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Properties/AssemblyInfo.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Properties/AssemblyInfo.cs
index d87f9b3a7a..e0ae3ed3ed 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Properties/AssemblyInfo.cs
@@ -39,3 +39,4 @@
[assembly: ComVisible(false)]
[assembly: InternalsVisibleTo("Microsoft.IdentityModel.Tokens.Saml.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
+[assembly: InternalsVisibleTo("Microsoft.IdentityModel.Tokens.Xml.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs
index 8a7b28e601..41e85dba39 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs
@@ -34,6 +34,7 @@
using System.Text;
using System.Xml;
using Microsoft.IdentityModel.Logging;
+using Microsoft.IdentityModel.Xml;
using static Microsoft.IdentityModel.Logging.LogHelper;
using TokenLogMessages = Microsoft.IdentityModel.Tokens.LogMessages;
@@ -150,16 +151,13 @@ public override bool CanReadToken(string securityToken)
try
{
- using (var sr = new StringReader(securityToken))
+ using (var reader = XmlUtil.CreateDefaultXmlDictionaryReader(securityToken))
{
var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit };
#if NET45
settings.XmlResolver = null;
#endif
- using (var reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr, settings)))
- {
- return CanReadToken(reader);
- }
+ return CanReadToken(reader);
}
}
catch (Exception)
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/EncryptedAssertionHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/EncryptedAssertionHandler.cs
new file mode 100644
index 0000000000..58fcacc9ee
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/EncryptedAssertionHandler.cs
@@ -0,0 +1,430 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using Microsoft.IdentityModel.Logging;
+using Microsoft.IdentityModel.Xml;
+using System;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Text;
+using System.Xml;
+
+namespace Microsoft.IdentityModel.Tokens.Saml2
+{
+ ///
+ /// EncryptedAssertionHandler can be used for interactions with SAML2 encrypted assertion.
+ ///
+ internal class EncryptedAssertionHandler : IEncryptedAssertionHandler
+ {
+ ///
+ /// Encrypts provided SAML2 bytes using the instance.
+ ///
+ /// A byte array representation of SAML2 assertion string to be encrypted.
+ /// An ecryption credentials instance.
+ /// A instance.
+ public Saml2EncryptedAssertion EncryptAssertion(byte[] assertionData, EncryptingCredentials encryptingCredentials)
+ {
+ ValidateEncryptingCredentials(encryptingCredentials);
+
+ var encryptedAssertion = new Saml2EncryptedAssertion();
+ var sessionKey = CreateSessionKey(encryptingCredentials);
+ encryptedAssertion.EncryptedData = CreateEncryptedData(assertionData, encryptingCredentials, sessionKey);
+ encryptedAssertion.EncryptedKey = CreateEncryptedKey(encryptingCredentials, sessionKey, encryptedAssertion.EncryptedData.Id);
+ return encryptedAssertion;
+ }
+
+ ///
+ /// Decrypts provided using the instance.
+ ///
+ /// A instance to be decrypted.
+ /// A instance to be used to decrypt .
+ /// A string representation of an .
+ /// A Saml2 assertion string.
+ ///
+ /// will be used as a decryption key in case that
+ /// delegate is not set. will be used as a cryto provider factory, if set.
+ ///
+ public string DecryptAssertion(Saml2EncryptedAssertion assertion, TokenValidationParameters validationParameters, string assertionString)
+ {
+ if (validationParameters == null)
+ throw LogHelper.LogArgumentNullException(nameof(validationParameters));
+
+ ValidateEncryptedAssertion(assertion);
+
+ SecurityKey key = null;
+ // Support only for a single key for now
+ if (validationParameters.TokenDecryptionKeyResolver != null)
+ {
+ key = validationParameters.TokenDecryptionKeyResolver(assertionString, null, assertion.EncryptedData.KeyInfo.KeyName, validationParameters).FirstOrDefault();
+ }
+ else
+ key = validationParameters.TokenDecryptionKey;
+
+ if (key == null)
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13622));
+
+ var cryptoProviderFactory = validationParameters.CryptoProviderFactory ?? key.CryptoProviderFactory;
+ if (cryptoProviderFactory == null)
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13621));
+
+ // There is no EncryptedKey - Relying Party must be able to locally determine the decryption key
+ if (assertion.EncryptedKey == null)
+ {
+ if (!cryptoProviderFactory.IsSupportedAlgorithm(assertion.EncryptedData.EncryptionMethod.KeyAlgorithm, key))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13623, assertion.EncryptedData.EncryptionMethod.KeyAlgorithm, key)));
+
+ var decryptionProvider = cryptoProviderFactory.CreateAuthenticatedEncryptionProvider(key, assertion.EncryptedData.EncryptionMethod.KeyAlgorithm);
+ var decryptedAssertionBytes = decryptionProvider.Decrypt(assertion.EncryptedData.CipherData.CipherValue, null, null, null);
+ return Encoding.UTF8.GetString(decryptedAssertionBytes);
+ }
+ else // Session key is wrapped
+ {
+ if (!cryptoProviderFactory.IsSupportedAlgorithm(assertion.EncryptedKey.EncryptionMethod.KeyAlgorithm, key))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13623, assertion.EncryptedKey.EncryptionMethod.KeyAlgorithm, key)));
+
+ var keyWrapProvider = cryptoProviderFactory.CreateKeyWrapProviderForUnwrap(key, assertion.EncryptedKey.EncryptionMethod.KeyAlgorithm);
+ var unwrappedKey = keyWrapProvider.UnwrapKey(assertion.EncryptedKey.CipherData.CipherValue);
+ var sessionKey = new SymmetricSecurityKey(unwrappedKey);
+
+ var decryptionProvider = cryptoProviderFactory.CreateAuthenticatedEncryptionProvider(sessionKey, assertion.EncryptedData.EncryptionMethod.KeyAlgorithm);
+ var decryptedAssertionBytes = decryptionProvider.Decrypt(assertion.EncryptedData.CipherData.CipherValue, null, null, null);
+ return Encoding.UTF8.GetString(decryptedAssertionBytes);
+ }
+ }
+
+
+ ///
+ /// Reads provided SAML2 string into a instance.
+ ///
+ /// A SAML2 assertion string.
+ /// A instance.
+ public Saml2EncryptedAssertion ReadEncryptedAssertion(string assertion)
+ {
+ using (var reader = XmlUtil.CreateDefaultXmlDictionaryReader(assertion))
+ {
+ var encryptedAssertion = new Saml2EncryptedAssertion();
+ encryptedAssertion.ReadXml(reader);
+ return encryptedAssertion;
+ }
+ }
+
+ ///
+ /// Writes provided into the .
+ ///
+ /// An XML writer instance.
+ /// A instance to be writen into an XML writer.
+ /// A saml2 xml prefix.
+ public void WriteAssertionToXml(XmlWriter writer, Saml2EncryptedAssertion assertion, string samlPrefix)
+ {
+ writer.WriteStartElement(samlPrefix, Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace);
+ assertion.WriteXml(writer);
+ writer.WriteEndElement();
+ }
+
+ #region Helper methods
+ private void ValidateEncryptingCredentials(EncryptingCredentials encryptingCredentials)
+ {
+ if (encryptingCredentials == null)
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13624));
+
+ // Only AES-GCM is supported as a data encryption algorithm
+ if (!(SecurityAlgorithms.Aes128Gcm.Equals(encryptingCredentials.Enc, StringComparison.Ordinal)
+ || (SecurityAlgorithms.Aes192Gcm.Equals(encryptingCredentials.Enc, StringComparison.Ordinal))
+ || (SecurityAlgorithms.Aes256Gcm.Equals(encryptingCredentials.Enc, StringComparison.Ordinal))))
+ {
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13625, SecurityAlgorithms.Aes128Gcm, SecurityAlgorithms.Aes192Gcm, SecurityAlgorithms.Aes256Gcm, encryptingCredentials.Enc)));
+ }
+
+ if (encryptingCredentials.Key is SymmetricSecurityKey)
+ {
+ // If SymmetricSecurityKey is used (pre-shared session key) - Algorithm should be set to None
+ if (!encryptingCredentials.Alg.Equals(SecurityAlgorithms.None, StringComparison.Ordinal))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13626, SecurityAlgorithms.None, encryptingCredentials.Alg)));
+
+ }
+ else if (encryptingCredentials.Key is AsymmetricSecurityKey)
+ {
+ if (!(SecurityAlgorithms.RsaOaepMgf1pKeyWrap.Equals(encryptingCredentials.Alg, StringComparison.Ordinal)
+ || (SecurityAlgorithms.RsaOaepKeyWrap.Equals(encryptingCredentials.Alg, StringComparison.Ordinal))))
+ {
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13627, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, encryptingCredentials.Alg)));
+ }
+ }
+ else
+ {
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13628));
+ }
+ }
+
+ private void ValidateEncryptedAssertion(Saml2EncryptedAssertion encryptedAssertion)
+ {
+ if (encryptedAssertion.EncryptedData == null)
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13610));
+
+ // By xmlenc-core1 standard EncryptionMethod is an optional element.
+ // "If the element is absent, the encryption algorithm must be known by the recipient or the decryption will fail"
+ // As there is no support for users to provide the encryption algorithm - we will treat the encryption algorithm as required for now
+ if (string.IsNullOrEmpty(encryptedAssertion.EncryptedData.EncryptionMethod.KeyAlgorithm))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13611));
+
+ // CipherValue is required Element
+ if (encryptedAssertion.EncryptedData.CipherData.CipherValue == null)
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13612));
+
+ // If present - type should be http://www.w3.org/2001/04/xmlenc#Element
+ if (!string.IsNullOrEmpty(encryptedAssertion.EncryptedData.Type) && !encryptedAssertion.EncryptedData.Type.Equals(XmlEncryptionConstants.EncryptedDataTypes.Element))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13613, encryptedAssertion.EncryptedData.Type)));
+
+ // EncryptedKey is present - there are additional checks
+ if (encryptedAssertion.EncryptedKey != null)
+ {
+ // By xmlenc-core1 standard EncryptionMethod is an optional element.
+ // "If the element is absent, the encryption algorithm must be known by the recipient or the decryption will fail"
+ // As there is no support for users to provide the encryption algorithm - we will treat the encryption algorithm as required for now
+ if (string.IsNullOrEmpty(encryptedAssertion.EncryptedKey.EncryptionMethod.KeyAlgorithm))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13611));
+
+ // CipherValue is a required Element
+ if (encryptedAssertion.EncryptedKey.CipherData.CipherValue == null)
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13612));
+
+ // If present - type should be http://www.w3.org/2001/04/xmlenc#EncryptedKey
+ if (!string.IsNullOrEmpty(encryptedAssertion.EncryptedKey.Type) && !encryptedAssertion.EncryptedKey.Type.Equals(XmlEncryptionConstants.EncryptedDataTypes.EncryptedKey))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13614, encryptedAssertion.EncryptedKey.Type)));
+
+ // If EncryptedKey contains DataReferences - then at least one DataReference should reference the EncrytedData element
+ if (encryptedAssertion.EncryptedKey.ReferenceList.Any(item => item is DataReference))
+ {
+ // If the above is true, EncryptedData must have an ID
+ if (string.IsNullOrEmpty(encryptedAssertion.EncryptedData.Id))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13615));
+
+ // At least one DataReference should reference the EncrytedData element
+ var isEncryptedDataReferenced = encryptedAssertion.EncryptedKey.ReferenceList.Any(item => item is DataReference && item.Uri.Equals(encryptedAssertion.EncryptedData.Id));
+ if (!isEncryptedDataReferenced)
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13616));
+ }
+
+ // If EncryptedData -> KeyInfo has RetrievalMethodUri element - then it should reference the EncryptedKey
+ if (!string.IsNullOrEmpty(encryptedAssertion.EncryptedData.KeyInfo.RetrievalMethodUri))
+ {
+ // If the above is true, EncryptedKey must have an ID
+ if (string.IsNullOrEmpty(encryptedAssertion.EncryptedKey.Id))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogMessages.IDX13617));
+
+ // RetrievalMethodUri element should reference the EncryptedKey
+ if (!encryptedAssertion.EncryptedData.KeyInfo.RetrievalMethodUri.Equals(encryptedAssertion.EncryptedKey.Id, StringComparison.Ordinal))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13618, encryptedAssertion.EncryptedData.KeyInfo.RetrievalMethodUri, encryptedAssertion.EncryptedKey.Id)));
+ }
+ }
+ }
+
+ private EncryptedData CreateEncryptedData(byte[] assertionData, EncryptingCredentials encryptingCredentials, SymmetricSecurityKey sessionKey)
+ {
+ if (encryptingCredentials == null)
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13624));
+
+ var encryptedData = new EncryptedData();
+ string algorithm = encryptingCredentials.Enc;
+
+ // SymmetricSecurityKey is provided:
+ // Session key will not be serialized, but KeyName will be set if available
+ if (encryptingCredentials.Key is SymmetricSecurityKey)
+ {
+ encryptedData.KeyInfo.KeyName = sessionKey.KeyId;
+ }
+ // AsymmetricSecurityKey is provided:
+ else if (encryptingCredentials.Key is AsymmetricSecurityKey)
+ {
+ encryptedData.KeyInfo.RetrievalMethodUri = encryptingCredentials.Key.KeyId;
+ }
+ else
+ {
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13606, encryptingCredentials.Key)));
+ }
+
+ var cryptoProviderFactory = encryptingCredentials.CryptoProviderFactory ?? encryptingCredentials.Key.CryptoProviderFactory;
+
+ if (cryptoProviderFactory == null)
+ throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX13600));
+
+ if (!cryptoProviderFactory.IsSupportedAlgorithm(algorithm, sessionKey))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13601, algorithm, sessionKey)));
+
+ // Encrypt assertion data
+ AuthenticatedEncryptionResult authenticatedEncryptionResult = null;
+ AuthenticatedEncryptionProvider authenticatedEncryptionProvider = null;
+ try
+ {
+ authenticatedEncryptionProvider = cryptoProviderFactory.CreateAuthenticatedEncryptionProvider(sessionKey, algorithm);
+
+ if (authenticatedEncryptionProvider == null)
+ throw new Saml2SecurityTokenEncryptedAssertionEncryptionException();
+ }
+ catch (Exception ex)
+ {
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13602, ex));
+ }
+
+ try
+ {
+ authenticatedEncryptionResult = authenticatedEncryptionProvider.Encrypt(assertionData, null);
+ }
+ catch (Exception ex)
+ {
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13603, algorithm, sessionKey), ex));
+ }
+
+ // Populate EncryptedData
+ encryptedData.CipherData.CipherValue = Utility.ConcatByteArrays(authenticatedEncryptionResult.IV, authenticatedEncryptionResult.Ciphertext, authenticatedEncryptionResult.AuthenticationTag);
+ encryptedData.EncryptionMethod = new EncryptionMethod(algorithm);
+ encryptedData.Type = XmlEncryptionConstants.EncryptedDataTypes.Element;
+ encryptedData.Id = new Saml2Id().Value;
+
+ return encryptedData;
+ }
+
+ private EncryptedKey CreateEncryptedKey(EncryptingCredentials encryptingCredentials, SymmetricSecurityKey sessionKey, string encryptedDataId)
+ {
+ if (encryptingCredentials == null)
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13624));
+
+ if (sessionKey == null)
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13629));
+
+ // SymmetricSecurityKey is provided:
+ // Session key will not be serialized - EncryptedKey should be null
+ if (encryptingCredentials.Key is SymmetricSecurityKey)
+ {
+ return null;
+ }
+ else if (!(encryptingCredentials.Key is AsymmetricSecurityKey))
+ {
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13606, encryptingCredentials.Key)));
+ }
+ // AsymmetricSecurityKey is provided: Session key will be wrapped with provided AsymmetricSecurityKey
+ else // (encryptingCredentials.Key is AsymmetricSecurityKey)
+ {
+ var cryptoProviderFactory = encryptingCredentials.CryptoProviderFactory ?? encryptingCredentials.Key.CryptoProviderFactory;
+ var key = encryptingCredentials.Key;
+ var algorithm = encryptingCredentials.Alg;
+
+ if (cryptoProviderFactory == null)
+ throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX13600));
+
+ if (!cryptoProviderFactory.IsSupportedAlgorithm(algorithm, key))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13601, algorithm, key)));
+
+ var encryptedKey = new EncryptedKey
+ {
+ Id = key.KeyId,
+ EncryptionMethod = new EncryptionMethod(algorithm)
+ };
+
+ // Wrap the sessionKey
+ try
+ {
+ var keyWrapProvider = cryptoProviderFactory.CreateKeyWrapProvider(key, algorithm);
+ var wrappedKey = keyWrapProvider.WrapKey(sessionKey.Key);
+ encryptedKey.CipherData.CipherValue = wrappedKey;
+ }
+ catch (Exception ex)
+ {
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13603, algorithm, sessionKey), ex));
+ }
+
+ // Add reference from EncrypedKey to EncryptedData
+ encryptedKey.AddReference(new DataReference(encryptedDataId));
+
+ // Set Digest method for EncryptedKey (AES-GCM)
+ if (SecurityAlgorithms.RsaOaepMgf1pKeyWrap.Equals(encryptingCredentials.Alg, StringComparison.Ordinal)
+ || SecurityAlgorithms.RsaOaepKeyWrap.Equals(encryptingCredentials.Alg, StringComparison.Ordinal))
+ encryptedKey.EncryptionMethod.DigestMethod = SecurityAlgorithms.Sha1Digest;
+
+ // Set X509CertificateData if available
+ if (encryptingCredentials.Key is X509SecurityKey)
+ {
+ var cert = (encryptingCredentials.Key as X509SecurityKey).Certificate;
+ var x509Data = new X509Data(cert);
+ encryptedKey.KeyInfo.X509Data.Add(x509Data);
+ }
+
+ return encryptedKey;
+ }
+ }
+
+ private SymmetricSecurityKey CreateSessionKey(EncryptingCredentials encryptingCredentials)
+ {
+ if (encryptingCredentials == null)
+ throw LogHelper.LogArgumentNullException(nameof(encryptingCredentials));
+
+ string algorithm = encryptingCredentials.Enc;
+
+ if (string.IsNullOrEmpty(algorithm))
+ throw LogHelper.LogArgumentNullException(nameof(algorithm));
+
+ SymmetricSecurityKey sessionKey;
+
+ // SymmetricSecurityKey is provided:
+ // Pre-shared symmetric key (session key) is used to encrypt an assertion
+ if (encryptingCredentials.Key is SymmetricSecurityKey)
+ {
+ sessionKey = (SymmetricSecurityKey)encryptingCredentials.Key;
+ }
+ // AsymmetricSecurityKey is provided:
+ // New session key will be created to encrypt an assertion
+ else if (encryptingCredentials.Key is AsymmetricSecurityKey)
+ {
+ int keySize = -1;
+
+ if (SecurityAlgorithms.Aes128Gcm.Equals(algorithm, StringComparison.Ordinal))
+ keySize = 128;
+ else if (SecurityAlgorithms.Aes192Gcm.Equals(algorithm, StringComparison.Ordinal))
+ keySize = 192;
+ else if (SecurityAlgorithms.Aes256Gcm.Equals(algorithm, StringComparison.Ordinal))
+ keySize = 256;
+
+ if (keySize == -1)
+ {
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13607, algorithm)));
+ }
+
+ var aes = Aes.Create();
+ aes.KeySize = keySize;
+ aes.GenerateKey();
+ sessionKey = new SymmetricSecurityKey(aes.Key);
+ }
+ else
+ {
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogHelper.FormatInvariant(LogMessages.IDX13606, encryptingCredentials.Key)));
+ }
+
+ return sessionKey;
+ }
+ #endregion
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionDecryptionException.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionDecryptionException.cs
new file mode 100644
index 0000000000..3f4da57c44
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionDecryptionException.cs
@@ -0,0 +1,61 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System;
+
+namespace Microsoft.IdentityModel.Tokens.Saml2
+{
+ ///
+ /// This exception is thrown when SAML2 assertion decryption failed.
+ ///
+ public class Saml2SecurityTokenEncryptedAssertionDecryptionException : Saml2SecurityTokenEncryptedAssertionException
+ {
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ public Saml2SecurityTokenEncryptedAssertionDecryptionException()
+ : base()
+ { }
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Additional information to be included in the exception and displayed to user.
+ public Saml2SecurityTokenEncryptedAssertionDecryptionException(string message)
+ : base(message)
+ { }
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Additional information to be included in the exception and displayed to user.
+ /// A that represents the root cause of the exception.
+ public Saml2SecurityTokenEncryptedAssertionDecryptionException(string message, Exception innerException)
+ : base(message, innerException)
+ { }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionEncryptionException.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionEncryptionException.cs
new file mode 100644
index 0000000000..0b8ed1fb53
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionEncryptionException.cs
@@ -0,0 +1,61 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System;
+
+namespace Microsoft.IdentityModel.Tokens.Saml2
+{
+ ///
+ /// This exception is thrown when SAML2 assertion encryption failed.
+ ///
+ public class Saml2SecurityTokenEncryptedAssertionEncryptionException : Saml2SecurityTokenEncryptedAssertionException
+ {
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ public Saml2SecurityTokenEncryptedAssertionEncryptionException()
+ : base()
+ { }
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Additional information to be included in the exception and displayed to user.
+ public Saml2SecurityTokenEncryptedAssertionEncryptionException(string message)
+ : base(message)
+ { }
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Additional information to be included in the exception and displayed to user.
+ /// A that represents the root cause of the exception.
+ public Saml2SecurityTokenEncryptedAssertionEncryptionException(string message, Exception innerException)
+ : base(message, innerException)
+ { }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionException.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionException.cs
new file mode 100644
index 0000000000..7d6bbee148
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenEncryptedAssertionException.cs
@@ -0,0 +1,61 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System;
+
+namespace Microsoft.IdentityModel.Tokens.Saml2
+{
+ ///
+ /// This exception is thrown when SAML2 assertion encryption/decryption failed.
+ ///
+ public class Saml2SecurityTokenEncryptedAssertionException : SecurityTokenException
+ {
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ public Saml2SecurityTokenEncryptedAssertionException()
+ : base()
+ { }
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Additional information to be included in the exception and displayed to user.
+ public Saml2SecurityTokenEncryptedAssertionException(string message)
+ : base(message)
+ { }
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Additional information to be included in the exception and displayed to user.
+ /// A that represents the root cause of the exception.
+ public Saml2SecurityTokenEncryptedAssertionException(string message, Exception innerException)
+ : base(message, innerException)
+ { }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/IEncryptedAssertionHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/IEncryptedAssertionHandler.cs
new file mode 100644
index 0000000000..08fff24ffb
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/IEncryptedAssertionHandler.cs
@@ -0,0 +1,69 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System.Xml;
+
+namespace Microsoft.IdentityModel.Tokens.Saml2
+{
+ ///
+ /// Exposes operations for interactions with a .
+ ///
+ public interface IEncryptedAssertionHandler
+ {
+ ///
+ /// Encrypts provided SAML2 bytes using the instance.
+ ///
+ /// SAML2 assertion bytes to be encrypted.
+ /// An ecryption credentials instance.
+ /// A instance.
+ Saml2EncryptedAssertion EncryptAssertion(byte[] assertionData, EncryptingCredentials encryptingCredentials);
+
+ ///
+ /// Decrypts provided using the instance.
+ ///
+ /// A instance to be decrypted.
+ /// A instance to be used to decrypt .
+ /// A string representation of an .
+ /// A Saml2 assertion string.
+ string DecryptAssertion(Saml2EncryptedAssertion assertion, TokenValidationParameters validationParameters, string assertionString);
+
+ ///
+ /// Reads provided SAML2 string into a instance.
+ ///
+ /// A SAML2 assertion string.
+ /// A instance.
+ Saml2EncryptedAssertion ReadEncryptedAssertion(string assertion);
+
+ ///
+ /// Writes provided into the .
+ ///
+ /// An XML writer instance.
+ /// A instance to be writen into an XML writer.
+ /// A saml2 xml prefix.
+ void WriteAssertionToXml(XmlWriter writer, Saml2EncryptedAssertion assertion, string samlPrefix);
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/InternalsVisibleTo.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/InternalsVisibleTo.cs
new file mode 100644
index 0000000000..51d4558e57
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/InternalsVisibleTo.cs
@@ -0,0 +1,29 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Tokens.Saml.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
+[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Xml.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/LogMessages.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/LogMessages.cs
index cf5e492cbc..4f4223846c 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/LogMessages.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/LogMessages.cs
@@ -80,7 +80,6 @@ internal static class LogMessages
internal const string IDX13138 = "IDX13138: Unable to read for Saml2SecurityToken. the AttributeStatement does not contain any Attributes.";
internal const string IDX13139 = "IDX13139: Uri must be an AbsoluteUri is: '{0}'";
internal const string IDX13140 = "IDX13140: EncryptedId is not supported. You will need to override ReadEncryptedId and provide support.";
- internal const string IDX13141 = "IDX13141: EncryptedAssertion is not supported. You will need to override ReadAssertion and provide support.";
internal const string IDX13313 = "IDX13313: 'AuthnStatement' cannot be empty.";
internal const string IDX13312 = "IDX13312: 'AuthnContext' cannot be empty.";
internal const string IDX13314 = "IDX13314: 'AuthzDecisionStatement' cannot be empty (must have at least one 'Subject').";
@@ -98,6 +97,35 @@ internal static class LogMessages
internal const string IDX13306 = "IDX13306: Multiple name identifier claim is not allowed in tokenDescriptor.Subject.Claims.";
internal const string IDX13310 = "IDX13310: SAML2 AuthorizationDecision DecisionType must be 'Permit', 'Deny' or 'Indeterminate'.";
+ // Saml2 EncryptedAssertion
+ internal const string IDX13600 = "IDX13600: Unable to obtain a CryptoProviderFactory, EncryptingCredentials.CryptoProviderFactory and EncryptingCredentials.Key.CrypoProviderFactory are both null.";
+ internal const string IDX13601 = "IDX13601: Saml2Assertion encryption failed. No support for algorithm: '{0}', SecurityKey: '{1}'.";
+ internal const string IDX13602 = "IDX13602: Failed to create the token encryption provider.";
+ internal const string IDX13603 = "IDX13603: Encryption failed. EncryptionProvider failed for: Algorithm: '{0}', SecurityKey: '{1}'. See inner exception.";
+ internal const string IDX13606 = "IDX13606: EncryptionCredentials.Key is not SymmetricSecurityKey or AsymmetricSecurityKey. EncryptionCredentials.Key: '{0}'.";
+ internal const string IDX13607 = "IDX13607: Session key encryption algorithm: '{0}' is not supported.";
+ internal const string IDX13608 = "IDX13608: Saml2Assertion is encrypted. Unable to get '{0}' from a Saml2EncryptedAssertion.";
+ internal const string IDX13609 = "IDX13609: Unable to check if an Assertion is a Saml2EncryptedAssertion. Assertion: '{0}'. Inner exception: '{1}'.";
+ internal const string IDX13610 = "IDX13610: Saml2EncryptedAssertion validation failed. EncryptedData is null.";
+ internal const string IDX13611 = "IDX13611: Saml2EncryptedAssertion validation failed. EncryptionMethod is not present. As there is no support for users to provide an encryption algorithm - EncryptionMethod is treated as required for now.";
+ internal const string IDX13612 = "IDX13612: Saml2EncryptedAssertion validation failed. CypherValue is null.";
+ internal const string IDX13613 = "IDX13613: Saml2EncryptedAssertion validation failed. EncryptedData Type is not valid: '{0}'.";
+ internal const string IDX13614 = "IDX13614: Saml2EncryptedAssertion validation failed. EncryptedKey Type is not valid: '{0}'.";
+ internal const string IDX13615 = "IDX13615: EncryptedKey contain DataReference(s), but EncryptedData doesn't have an ID attribute set.";
+ internal const string IDX13616 = "IDX13616: EncryptedKey contains DataReference(s) where neither references the EncryptedData element.";
+ internal const string IDX13617 = "IDX13617: EncryptedData->KeyInfo contain RetrievalMethodUri, but EncryptedKey doesn't have an ID attribute set.";
+ internal const string IDX13618 = "IDX13618: EncryptedData->KeyInfo->RetrievalMethodUri is not equal to EncryptedKey->ID. Values found: RetrievalMethodUri: '{0}', EncryptedKey->ID: '{1}'.";
+ internal const string IDX13620 = "IDX13620: Unable to Read a Saml2EncryptedAssertion. Expecting XmlReader to be at element: '{0}', found: '{1}'.";
+ internal const string IDX13621 = "IDX13621: Unable to obtain a CryptoProviderFactory, key.CryptoProviderFactory and ValidationParameters.CrypoProviderFactory are both null.";
+ internal const string IDX13622 = "IDX13622: Saml2EncryptedAssertion decryption failed. There is no security key for decryption.";
+ internal const string IDX13623 = "IDX13623: Saml2EncryptedAssertion decryption failed. No support for algorithm: '{0}', SecurityKey: '{1}'.";
+ internal const string IDX13624 = "IDX13624: EncryptingCredentials is null. Unable to encrypt an assertion.";
+ internal const string IDX13625 = "IDX13625: Encryption failed. Saml2 data encryption is only supported for: '{0}', '{1}' and '{2}'. The content encryption specified is: '{3}'.";
+ internal const string IDX13626 = "IDX13626: Encryption failed. Saml2 encryption algorithm should be set to '{0}' when pre-shared session key is used to encrypt data. The data encryption specified is: '{1}'.";
+ internal const string IDX13627 = "IDX13627: Encryption failed. Saml2 key wrap is only supported for: '{0}', and '{1}'. The key wrap algorithm specified is: '{2}'.";
+ internal const string IDX13628 = "IDX13628: Encryption failed. Key is either null or it's not Symmetric/Asymmetric SecurityKey.";
+ internal const string IDX13629 = "IDX13629: SessionKey is null. Unable to Wrap a null session key.";
+
// IDX11900 - AuthorizationDecisionStatement
internal const string IDX13900 = "IDX13900: Unable to write Saml2Assertion: {0} is required, {1} is null or empty.";
internal const string IDX13901 = "IDX13901: Unable to write Saml2Assertion: {0}.{1} is empty. This statement must contain at least one Action.";
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Assertion.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Assertion.cs
index af6f53f9b0..3f67c58971 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Assertion.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Assertion.cs
@@ -43,9 +43,17 @@ namespace Microsoft.IdentityModel.Tokens.Saml2
public class Saml2Assertion
{
private string _canonicalString;
+ private EncryptingCredentials _encryptingCredentials;
private Saml2Id _id;
private DateTime _issueInstant;
private Saml2NameIdentifier _issuer;
+ private Signature _signature;
+ private Saml2Advice _advice;
+ private Saml2Conditions _conditions;
+ private string _inclusiveNamespacesPrefixList;
+ private SigningCredentials _signingCredentials;
+ private Saml2Subject _subject;
+ private List _statements;
///
/// Creates an instance of a Saml2Assertion.
@@ -56,37 +64,58 @@ public Saml2Assertion(Saml2NameIdentifier issuer)
Id = new Saml2Id();
IssueInstant = DateTime.UtcNow;
Issuer = issuer;
- Statements = new List();
+ _statements = new List();
}
///
/// Gets or sets the on the Assertion.
+ /// Returns null if the is encrypted.
///
public Signature Signature
{
- get;
- set;
+ get
+ {
+ if (Encrypted)
+ return null;
+
+ return _signature;
+ }
+ set => _signature = value;
}
///
/// Gets or sets additional information related to the assertion that assists processing in certain
/// situations but which may be ignored by applications that do not understand the
/// advice or do not wish to make use of it. [Saml2Core, 2.3.3]
+ /// Returns null if the is encrypted.
///
public Saml2Advice Advice
{
- get;
- set;
+ get
+ {
+ if (Encrypted)
+ return null;
+
+ return _advice;
+ }
+ set => _advice = value;
}
///
/// Gets or sets conditions that must be evaluated when assessing the validity of and/or
/// when using the assertion. [Saml2Core 2.3.3]
+ /// Returns null if the is encrypted.
///
public Saml2Conditions Conditions
{
- get;
- set;
+ get
+ {
+ if (Encrypted)
+ return null;
+
+ return _conditions;
+ }
+ set => _conditions = value;
}
///
@@ -129,68 +158,141 @@ internal string CanonicalString
}
}
+ ///
+ /// Gets or sets the credentials used for encrypting the assertion.
+ ///
+ /// If this assertion is encrypted.
+ public EncryptingCredentials EncryptingCredentials
+ {
+ get
+ {
+ if (Encrypted)
+ throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionException(FormatInvariant(LogMessages.IDX13608, nameof(EncryptingCredentials))));
+
+ return _encryptingCredentials;
+ }
+ set => _encryptingCredentials = value;
+ }
+
///
/// Gets or sets the identifier for this assertion. [Saml2Core, 2.3.3]
+ /// Returns null if the is encrypted.
///
/// if 'value' if null.
public Saml2Id Id
{
- get => _id;
+ get
+ {
+ if (Encrypted)
+ return null;
+
+ return _id;
+ }
set => _id = value ?? throw LogArgumentNullException(nameof(value));
}
///
/// Gets or sets the time instant of issue in UTC. [Saml2Core, 2.3.3]
+ /// Returns if the is encrypted.
///
+ /// if 'value' if null.
public DateTime IssueInstant
{
- get => _issueInstant;
- set => _issueInstant = DateTimeUtil.ToUniversalTime(value);
+ get
+ {
+ if (Encrypted)
+ return DateTime.MinValue;
+
+ return _issueInstant;
+ }
+ set
+ {
+ if (value == null)
+ throw LogArgumentNullException(nameof(value));
+ else
+ _issueInstant = DateTimeUtil.ToUniversalTime(value);
+ }
}
///
/// Gets or sets the as the authority that is making the claim(s) in the assertion. [Saml2Core, 2.3.3]
+ /// Returns null if the is encrypted.
///
- /// if 'value' is null.
+ /// if 'value' if null.
public Saml2NameIdentifier Issuer
{
- get => _issuer;
+ get
+ {
+ if (Encrypted)
+ return null;
+
+ return _issuer;
+ }
set => _issuer = value ?? throw LogArgumentNullException(nameof(value));
}
///
/// Gets or sets the a PrefixList to use when there is a need to include InclusiveNamespaces writing token.
+ /// Returns null if the is encrypted.
///
public string InclusiveNamespacesPrefixList
{
- get;
- set;
+ get
+ {
+ if (Encrypted)
+ return null;
+
+ return _inclusiveNamespacesPrefixList;
+ }
+ set => _inclusiveNamespacesPrefixList = value;
}
///
/// Gets or sets the used by the issuer to protect the integrity of the assertion.
+ /// Returns null if the is encrypted.
///
public SigningCredentials SigningCredentials
{
- get;
- set;
+ get
+ {
+ if (Encrypted)
+ return null;
+
+ return _signingCredentials;
+ }
+ set => _signingCredentials = value;
}
///
/// Gets or sets the of the statement(s) in the assertion. [Saml2Core, 2.3.3]
+ /// Returns null if the is encrypted.
///
public Saml2Subject Subject
{
- get;
- set;
+ get
+ {
+ if (Encrypted)
+ return null;
+
+ return _subject;
+ }
+
+ set => _subject = value;
}
///
/// Gets the (s) regarding the subject.
+ /// Returns null if the is encrypted.
///
public ICollection Statements
{
- get;
+ get
+ {
+ if (Encrypted)
+ return null;
+
+ return _statements;
+ }
}
///
@@ -202,5 +304,15 @@ public string Version
}
internal XmlTokenStream XmlTokenStream { get; set; }
+
+ ///
+ /// Indicates if this assertion is Encrypted
+ ///
+ public bool Encrypted { get; internal set; } = false;
+
+ ///
+ /// String representation of this EncryptedAssertion
+ ///
+ public string EncryptedAssertion { get; internal set; }
}
}
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2EncryptedAssertion.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2EncryptedAssertion.cs
new file mode 100644
index 0000000000..644937942e
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2EncryptedAssertion.cs
@@ -0,0 +1,99 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using Microsoft.IdentityModel.Logging;
+using Microsoft.IdentityModel.Xml;
+using System.Xml;
+
+namespace Microsoft.IdentityModel.Tokens.Saml2
+{
+ ///
+ /// Represents the element.
+ ///
+ public class Saml2EncryptedAssertion
+ {
+ ///
+ /// Represents the element in XML encryption.
+ ///
+ public EncryptedData EncryptedData { get; set; }
+
+ ///
+ /// Represents the element in XML encryption.
+ ///
+ public EncryptedKey EncryptedKey { get; set; }
+
+ ///
+ ///
+ ///
+ ///
+ public virtual void ReadXml(XmlDictionaryReader reader)
+ {
+ if (reader == null)
+ throw LogHelper.LogArgumentNullException(nameof(reader));
+
+ if (!(reader.IsStartElement(Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace)))
+ throw LogHelper.LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionDecryptionException(LogHelper.FormatInvariant(LogMessages.IDX13620, Saml2Constants.Elements.EncryptedAssertion, reader.Name)));
+
+ reader.ReadStartElement();
+
+ EncryptedData = new EncryptedData();
+ EncryptedData.ReadXml(reader);
+
+ if (IsReaderPointingToEncryptedKey(reader))
+ {
+ EncryptedKey = new EncryptedKey();
+ EncryptedKey.ReadXml(reader);
+ }
+ }
+
+ ///
+ ///
+ ///
+ ///
+ public virtual void WriteXml(XmlWriter writer)
+ {
+ if (writer == null)
+ throw LogHelper.LogArgumentNullException(nameof(writer));
+
+ EncryptedData.WriteXml(writer);
+
+ if (EncryptedKey != null)
+ EncryptedKey.WriteXml(writer);
+ }
+
+ private bool IsReaderPointingToEncryptedKey(XmlDictionaryReader reader)
+ {
+ if (reader == null)
+ throw LogHelper.LogArgumentNullException(nameof(reader));
+
+ if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptedKey, XmlEncryptionConstants.Namespace))
+ return true;
+
+ return false;
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs
index 20bc17c560..c5529534c9 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs
@@ -35,6 +35,7 @@
using System.Xml;
using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens.Saml;
+using Microsoft.IdentityModel.Xml;
using static Microsoft.IdentityModel.Logging.LogHelper;
using TokenLogMessages = Microsoft.IdentityModel.Tokens.LogMessages;
@@ -47,7 +48,7 @@ namespace Microsoft.IdentityModel.Tokens.Saml2
public class Saml2SecurityTokenHandler : SecurityTokenHandler
{
private const string _actor = "Actor";
- private Saml2Serializer _serializer = new Saml2Serializer();
+ private Saml2Serializer _serializer = new Saml2Serializer(new EncryptedAssertionHandler());
///
/// Gets or set the that will be used to read and write a .
@@ -100,19 +101,16 @@ public override bool CanReadToken(string token)
try
{
- using (var sr = new StringReader(token))
+ using (var reader = XmlUtil.CreateDefaultXmlDictionaryReader(token))
{
var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit };
#if NET45
settings.XmlResolver = null;
#endif
- using (var reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr, settings)))
- {
- return CanReadToken(reader);
- }
+ return CanReadToken(reader);
}
}
- catch(Exception)
+ catch(Exception )
{
return false;
}
@@ -128,7 +126,8 @@ public override bool CanReadToken(XmlReader reader)
if (reader == null)
return false;
- return reader.IsStartElement(Saml2Constants.Elements.Assertion, Saml2Constants.Namespace);
+ return (reader.IsStartElement(Saml2Constants.Elements.Assertion, Saml2Constants.Namespace)
+ || reader.IsStartElement(Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace));
}
///
@@ -158,6 +157,7 @@ public virtual SecurityToken CreateToken(SecurityTokenDescriptor tokenDescriptor
var assertion = new Saml2Assertion(CreateIssuerNameIdentifier(tokenDescriptor))
{
Subject = CreateSubject(tokenDescriptor),
+ EncryptingCredentials = tokenDescriptor.EncryptingCredentials,
SigningCredentials = tokenDescriptor.SigningCredentials,
Conditions = CreateConditions(tokenDescriptor),
Advice = CreateAdvice(tokenDescriptor)
@@ -230,6 +230,13 @@ public override ClaimsPrincipal ValidateToken(string token, TokenValidationParam
if (token.Length > MaximumTokenSizeInBytes)
throw LogExceptionMessage(new ArgumentException(FormatInvariant(TokenLogMessages.IDX10209, token.Length, MaximumTokenSizeInBytes)));
+ // if an assertion is encrypted - decrypt it first
+ if (IsSaml2EncryptedAssertion(token))
+ {
+ var encryptedAssertion = Serializer.ReadEncryptedAssertion(token);
+ token = Serializer.DecryptAssertion(encryptedAssertion, validationParameters, token);
+ }
+
var samlToken = ValidateSignature(token, validationParameters);
if (samlToken == null)
throw LogExceptionMessage(new SecurityTokenValidationException(FormatInvariant(TokenLogMessages.IDX10254, GetType(), "ValidateToken", GetType(), "ValidateSignature", typeof(Saml2SecurityToken))));
@@ -452,6 +459,17 @@ private Saml2SecurityToken ValidateSignature(Saml2SecurityToken samlToken, strin
throw LogExceptionMessage(new SecurityTokenInvalidSignatureException(TokenLogMessages.IDX10500));
}
+ private IEnumerable GetAllSigningKeys(TokenValidationParameters validationParameters)
+ {
+ LogHelper.LogInformation(TokenLogMessages.IDX10243);
+ if (validationParameters.IssuerSigningKey != null)
+ yield return validationParameters.IssuerSigningKey;
+
+ if (validationParameters.IssuerSigningKeys != null)
+ foreach (SecurityKey key in validationParameters.IssuerSigningKeys)
+ yield return key;
+ }
+
///
/// Returns a to use for validating the signature of a token.
///
@@ -496,6 +514,10 @@ public override SecurityToken ReadToken(string token)
/// If is null or empty.
/// If .Length is greater than .
/// A
+ ///
+ /// In case when token represents an EncryptedAssertion, Encrypted property of will be set to True
+ /// and will be used to set EncryptedAssertion property.
+ ///
public virtual Saml2SecurityToken ReadSaml2Token(string token)
{
if (string.IsNullOrEmpty(token))
@@ -559,6 +581,28 @@ internal static bool IsSaml2Assertion(XmlReader reader)
return reader.IsStartElement(Saml2Constants.Elements.Assertion, Saml2Constants.Namespace);
}
+ ///
+ /// Indicates if the assertion string represents an EncryptedAssertion.
+ ///
+ /// String representation of an assertion.
+ /// 'true' if assertion is encrypted, 'false' otherwise.
+ private bool IsSaml2EncryptedAssertion(string assertion)
+ {
+ using (var reader = XmlUtil.CreateDefaultXmlReader(assertion))
+ {
+ try
+ {
+ reader.MoveToContent();
+ return reader.IsStartElement(Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace);
+ }
+ catch (Exception ex)
+ {
+ LogInformation(LogMessages.IDX13609, assertion, ex);
+ return false;
+ }
+ }
+ }
+
///
/// Creates the conditions for the assertion.
///
diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Serializer.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Serializer.cs
index 910bc100c8..c43b01999c 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Serializer.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Serializer.cs
@@ -27,7 +27,9 @@
using System;
using System.Globalization;
+using System.IO;
using System.Security.Claims;
+using System.Text;
using System.Xml;
using Microsoft.IdentityModel.Xml;
using static Microsoft.IdentityModel.Logging.LogHelper;
@@ -41,12 +43,24 @@ public class Saml2Serializer
{
private DSigSerializer _dsigSerializer = DSigSerializer.Default;
private string _prefix = Saml2Constants.Prefix;
+ private readonly IEncryptedAssertionHandler _encryptedAssertionHandler;
///
/// Instantiates a new instance of .
///
- public Saml2Serializer() { }
+ public Saml2Serializer()
+ {
+ _encryptedAssertionHandler = null;
+ }
+ ///
+ /// Instantiates a new instance of .
+ ///
+ ///
+ public Saml2Serializer(IEncryptedAssertionHandler encryptedAssertionHandler)
+ {
+ _encryptedAssertionHandler = encryptedAssertionHandler;
+ }
///
/// Gets or sets the to use for reading / writing the
@@ -186,29 +200,40 @@ protected virtual Saml2Advice ReadAdvice(XmlDictionaryReader reader)
}
///
- /// Reads a <saml:Assertion> element.
+ /// Reads a <saml:Assertion> or <saml:EncryptedAssertion> element.
///
/// A positioned at a 'saml2:assertion' element.
/// If is null.
- /// If assertion is encrypted.
/// If is not positioned at a Saml2Assertion.
/// If Version is not '2.0'.
/// If 'Id' is missing.>
/// If 'IssueInstant' is missing.>
/// If no statements are found.>
+ /// if assertion is an EncryptedAssertion and decrypt operation failed.
/// A instance.
+ ///
+ /// If Assertion element is an EncryptedAssertion, Encrypted property of resulting Saml2Assertion object will be set to True
+ /// and EncryptedAssertion property will be set to raw assertion data string
+ ///
public virtual Saml2Assertion ReadAssertion(XmlReader reader)
{
if (reader == null)
throw LogArgumentNullException(nameof(reader));
- if (reader.IsStartElement(Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace))
- throw LogExceptionMessage(new NotSupportedException(LogMessages.IDX13141));
+ XmlDictionaryReader plaintextReader = XmlDictionaryReader.CreateDictionaryReader(reader);
+ Saml2Assertion assertion = new Saml2Assertion(new Saml2NameIdentifier("__TemporaryIssuer__"));
- XmlUtil.CheckReaderOnEntry(reader, Saml2Constants.Elements.Assertion, Saml2Constants.Namespace);
+ // if assertion is encrypted then flag it as encrypted, attach original assertion string, and return
+ if (plaintextReader.IsStartElement(Saml2Constants.Elements.EncryptedAssertion, Saml2Constants.Namespace))
+ {
+ assertion.Encrypted = true;
+ assertion.EncryptedAssertion = reader.ReadOuterXml();
+ return assertion;
+ }
+
+ XmlUtil.CheckReaderOnEntry(plaintextReader, Saml2Constants.Elements.Assertion, Saml2Constants.Namespace);
+ var envelopeReader = new EnvelopedSignatureReader(plaintextReader) { Serializer = DSigSerializer };
- var envelopeReader = new EnvelopedSignatureReader(reader) { Serializer = DSigSerializer };
- var assertion = new Saml2Assertion(new Saml2NameIdentifier("__TemporaryIssuer__"));
try
{
// @xsi:type
@@ -239,7 +264,7 @@ public virtual Saml2Assertion ReadAssertion(XmlReader reader)
// will move to next element
// 0-1 read by EnvelopedSignatureReader
envelopeReader.Read();
-
+
// 1
assertion.Issuer = ReadIssuer(envelopeReader);
@@ -306,7 +331,9 @@ public virtual Saml2Assertion ReadAssertion(XmlReader reader)
throw LogReadException(LogMessages.IDX13102, ex, Saml2Constants.Elements.Assertion, ex);
}
- }
+ }
+
+
///
/// Reads a .
@@ -1402,7 +1429,7 @@ protected virtual Saml2NameIdentifier ReadNameIdentifier(XmlDictionaryReader rea
// No declaration, or declaring that this is just a "BaseID", is invalid since statement is abstract
if (declaredType == null
|| XmlUtil.EqualsQName(declaredType, Saml2Constants.Types.BaseIDAbstractType, Saml2Constants.Namespace))
- throw LogReadException(LogMessages.IDX13103, Saml2Constants.Elements.BaseID, declaredType, GetType(), "ReadSubjectId" );
+ throw LogReadException(LogMessages.IDX13103, Saml2Constants.Elements.BaseID, declaredType, GetType(), "ReadSubjectId");
// If it's NameID we can handle it
if (XmlUtil.EqualsQName(declaredType, Saml2Constants.Types.NameIDType, Saml2Constants.Namespace))
@@ -1520,7 +1547,7 @@ protected virtual void WriteAdvice(XmlWriter writer, Saml2Advice advice)
}
///
- /// Writes the <Assertion> element.
+ /// Writes the <Assertion> or <EncryptedAssertion> element.
///
/// A to serialize the .
/// The to serialize.
@@ -1529,6 +1556,7 @@ protected virtual void WriteAdvice(XmlWriter writer, Saml2Advice advice)
/// if .EncryptingCredentials != null.
/// The must have a if no are present.
/// The SAML2 authentication, attribute, and authorization decision require a .
+ /// if assertion is an EncryptedAssertion and encrypt operation failed.
public virtual void WriteAssertion(XmlWriter writer, Saml2Assertion assertion)
{
if (writer == null)
@@ -1537,6 +1565,17 @@ public virtual void WriteAssertion(XmlWriter writer, Saml2Assertion assertion)
if (assertion == null)
throw LogArgumentNullException(nameof(assertion));
+ // When EncryptingCredentials is not null - Assertion will be encrypted
+ if (assertion.EncryptingCredentials != null)
+ {
+ EncryptAndWriteAssertion(writer, assertion);
+ }
+ else
+ WritePlaintextAssertion(writer, assertion);
+ }
+
+ private void WritePlaintextAssertion(XmlWriter writer, Saml2Assertion assertion)
+ {
// Wrap the writer if necessary for a signature
// We do not dispose this writer, since as a delegating writer it would
// dispose the inner writer, which we don't properly own.
@@ -1563,7 +1602,6 @@ public virtual void WriteAssertion(XmlWriter writer, Saml2Assertion assertion)
}
}
- //
writer.WriteStartElement(Prefix, Saml2Constants.Elements.Assertion, Saml2Constants.Namespace);
// @ID - required
@@ -1631,7 +1669,7 @@ public virtual void WriteAttribute(XmlWriter writer, Saml2Attribute attribute)
writer.WriteAttributeString(Saml2Constants.Attributes.FriendlyName, attribute.FriendlyName);
// @OriginalIssuer - optional
- if (attribute.OriginalIssuer != null )
+ if (attribute.OriginalIssuer != null)
writer.WriteAttributeString(Saml2Constants.Attributes.OriginalIssuer, Saml2Constants.ClaimType2009Namespace, attribute.OriginalIssuer);
string xsiTypePrefix = null;
@@ -1830,7 +1868,7 @@ protected virtual void WriteAuthorizationDecisionStatement(XmlWriter writer, Sam
throw LogArgumentNullException(nameof(statement));
if (statement.Actions.Count == 0)
- throw LogWriteException(LogMessages.IDX13901, statement.GetType(), "Actions" );
+ throw LogWriteException(LogMessages.IDX13901, statement.GetType(), "Actions");
if (string.IsNullOrEmpty(statement.Decision))
throw LogWriteException(LogMessages.IDX13900, Saml2Constants.Attributes.Decision, nameof(statement.Decision));
@@ -1921,8 +1959,8 @@ protected virtual void WriteEvidence(XmlWriter writer, Saml2Evidence evidence)
throw LogArgumentNullException(nameof(evidence));
if (evidence.AssertionIdReferences.Count == 0
- && evidence.Assertions.Count == 0
- && evidence.AssertionUriReferences.Count == 0 )
+ && evidence.Assertions.Count == 0
+ && evidence.AssertionUriReferences.Count == 0)
throw LogWriteException(LogMessages.IDX13902);
//
@@ -2109,7 +2147,7 @@ protected virtual void WriteSubject(XmlWriter writer, Saml2Subject subject)
throw LogArgumentNullException(nameof(subject));
// If there's no ID, there has to be a SubjectConfirmation
- if (subject.NameId == null && 0 == subject.SubjectConfirmations.Count)
+ if (subject.NameId == null && 0 == subject.SubjectConfirmations.Count)
throw LogExceptionMessage(new Saml2SecurityTokenException(FormatInvariant(LogMessages.IDX13305, subject)));
//
@@ -2349,5 +2387,42 @@ internal static Exception LogWriteException(string format, Exception inner, para
{
return LogExceptionMessage(new Saml2SecurityTokenWriteException(FormatInvariant(format, args), inner));
}
+
+ #region EncryptedAssertion
+ internal Saml2EncryptedAssertion EncryptAssertion(byte[] assertion, EncryptingCredentials encryptingCredentials)
+ {
+ return _encryptedAssertionHandler.EncryptAssertion(assertion, encryptingCredentials);
+ }
+
+ internal string DecryptAssertion(Saml2EncryptedAssertion encryptedAssertion, TokenValidationParameters validationParameters, string assertionString)
+ {
+ return _encryptedAssertionHandler.DecryptAssertion(encryptedAssertion, validationParameters, assertionString);
+ }
+
+ internal Saml2EncryptedAssertion ReadEncryptedAssertion(string assertion)
+ {
+ return _encryptedAssertionHandler.ReadEncryptedAssertion(assertion);
+ }
+
+ internal void EncryptAndWriteAssertion(XmlWriter writer, Saml2Assertion assertion)
+ {
+ XmlWriter originalWriter = writer;
+ MemoryStream plaintextStream = new MemoryStream();
+ XmlDictionaryWriter plaintextWriter = XmlDictionaryWriter.CreateTextWriter(plaintextStream, Encoding.UTF8, false);
+ writer = plaintextWriter;
+
+ // reuse this method in order to get bytes of plaintext written assertion
+ WritePlaintextAssertion(writer, assertion);
+
+ ((IDisposable)plaintextWriter).Dispose();
+ plaintextWriter = null;
+
+ var plaintextAssertionBytes = plaintextStream.ToArray();
+ ((IDisposable)plaintextStream).Dispose();
+
+ var encryptedAssertion = EncryptAssertion(plaintextAssertionBytes, assertion.EncryptingCredentials);
+ _encryptedAssertionHandler.WriteAssertionToXml(originalWriter, encryptedAssertion, Prefix);
+ }
+ #endregion
}
}
diff --git a/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs b/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs
index e3feb00ccd..ed19f6ec31 100644
--- a/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs
+++ b/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs
@@ -33,7 +33,7 @@
using System.Reflection;
#endif
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
using System.Security.Cryptography.X509Certificates;
#endif
@@ -65,7 +65,7 @@ internal class AsymmetricAdapter : IDisposable
private bool _useRSAOeapPadding = false;
#endif
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
private RSAEncryptionPadding _rsaEncryptionPadding;
#endif
@@ -79,7 +79,7 @@ internal class AsymmetricAdapter : IDisposable
private object _verifyRsaLock = new object();
private object _verifyEcdsaLock = new object();
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
// HasAlgorithmName was introduced into Net46
internal AsymmetricAdapter(SecurityKey key, string algorithm, HashAlgorithm hashAlgorithm, HashAlgorithmName hashAlgorithmName, bool requirePrivateKey)
: this(key, algorithm, hashAlgorithm, requirePrivateKey)
@@ -183,7 +183,7 @@ internal byte[] Decrypt(byte[] data)
#endif
// NETSTANDARD2_0 doesn't use RSACryptoServiceProviderProxy
-#if NETSTANDARD2_0
+#if NETSTANDARD2_0 || NETSTANDARD2_1
return RSA.Decrypt(data, _rsaEncryptionPadding);
#endif
}
@@ -241,14 +241,14 @@ internal byte[] Encrypt(byte[] data)
#endif
// NETSTANDARD2_0 doesn't use RSACryptoServiceProviderProxy
-#if NETSTANDARD2_0
+#if NETSTANDARD2_0 || NETSTANDARD2_1
return RSA.Encrypt(data, _rsaEncryptionPadding);
#endif
}
private HashAlgorithm HashAlgorithm { get; set; }
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
private HashAlgorithmName HashAlgorithmName { get; set; }
private RSASignaturePadding RSASignaturePadding { get; set; }
@@ -257,7 +257,7 @@ internal byte[] Encrypt(byte[] data)
private void InitializeUsingRsa(RSA rsa, string algorithm)
{
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
if (algorithm.Equals(SecurityAlgorithms.RsaSsaPssSha256, StringComparison.Ordinal) ||
algorithm.Equals(SecurityAlgorithms.RsaSsaPssSha256Signature, StringComparison.Ordinal) ||
algorithm.Equals(SecurityAlgorithms.RsaSsaPssSha384, StringComparison.Ordinal) ||
@@ -281,7 +281,8 @@ private void InitializeUsingRsa(RSA rsa, string algorithm)
// RSACryptoServiceProviderProxy is only supported on Windows platform
#if DESKTOP
_useRSAOeapPadding = algorithm.Equals(SecurityAlgorithms.RsaOAEP, StringComparison.Ordinal)
- || algorithm.Equals(SecurityAlgorithms.RsaOaepKeyWrap, StringComparison.Ordinal);
+ || algorithm.Equals(SecurityAlgorithms.RsaOaepKeyWrap, StringComparison.Ordinal)
+ || algorithm.Equals(SecurityAlgorithms.RsaOaepMgf1pKeyWrap, StringComparison.Ordinal);
if (rsa is RSACryptoServiceProvider rsaCryptoServiceProvider)
{
@@ -315,7 +316,7 @@ private void InitializeUsingRsa(RSA rsa, string algorithm)
}
#endif
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
// Here we can use RSA straight up.
_rsaEncryptionPadding = (algorithm.Equals(SecurityAlgorithms.RsaOAEP, StringComparison.Ordinal) || algorithm.Equals(SecurityAlgorithms.RsaOaepKeyWrap, StringComparison.Ordinal))
? RSAEncryptionPadding.OaepSHA1
@@ -349,7 +350,7 @@ private byte[] SignWithECDsa(byte[] bytes)
}
}
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
private byte[] SignWithRsa(byte[] bytes)
{
lock (_signRsaLock)
@@ -383,7 +384,7 @@ private bool VerifyWithECDsa(byte[] bytes, byte[] signature)
}
}
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
private bool VerifyWithRsa(byte[] bytes, byte[] signature)
{
lock (_verifyRsaLock)
diff --git a/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs b/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs
index 9cd73395e7..f0eed673c4 100644
--- a/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs
+++ b/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs
@@ -185,7 +185,7 @@ private PrivateKeyStatus FoundPrivateKey(SecurityKey key)
return PrivateKeyStatus.Unknown;
}
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
///
/// Creating a Signature requires the use of a .
/// This method returns the
diff --git a/src/Microsoft.IdentityModel.Tokens/CryptoProviderFactory.cs b/src/Microsoft.IdentityModel.Tokens/CryptoProviderFactory.cs
index 112f17b460..bf6c74ec9b 100644
--- a/src/Microsoft.IdentityModel.Tokens/CryptoProviderFactory.cs
+++ b/src/Microsoft.IdentityModel.Tokens/CryptoProviderFactory.cs
@@ -285,7 +285,7 @@ public virtual SignatureProvider CreateForVerifying(SecurityKey key, string algo
return CreateSignatureProvider(key, algorithm, false, cacheProvider);
}
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
///
/// Returns a for a specific algorithm.
///
diff --git a/src/Microsoft.IdentityModel.Tokens/ECDsaAdapter.cs b/src/Microsoft.IdentityModel.Tokens/ECDsaAdapter.cs
index 1e5ffea20a..3fb986ea31 100644
--- a/src/Microsoft.IdentityModel.Tokens/ECDsaAdapter.cs
+++ b/src/Microsoft.IdentityModel.Tokens/ECDsaAdapter.cs
@@ -57,7 +57,7 @@ static ECDsaAdapter()
///
internal ECDsaAdapter()
{
-#if NETSTANDARD2_0
+#if NETSTANDARD2_0 || NETSTANDARD2_1
if (SupportsECParameters())
CreateECDsaFunction = CreateECDsaUsingECParams;
else
@@ -274,7 +274,7 @@ private bool SupportsCNGKey()
}
}
-#if NETSTANDARD2_0
+#if NETSTANDARD2_0 || NETSTANDARD2_1
///
/// Creates an ECDsa object using the and .
/// 'ECParameters' structure is available in .NET Framework 4.7+, .NET Standard 1.6+, and .NET Core 1.0+.
diff --git a/src/Microsoft.IdentityModel.Tokens/ECDsaSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/ECDsaSecurityKey.cs
index e222917d28..8ae5d911f7 100644
--- a/src/Microsoft.IdentityModel.Tokens/ECDsaSecurityKey.cs
+++ b/src/Microsoft.IdentityModel.Tokens/ECDsaSecurityKey.cs
@@ -116,7 +116,7 @@ public override int KeySize
/// https://tools.ietf.org/html/rfc7638
public override bool CanComputeJwkThumbprint()
{
-#if NETSTANDARD2_0
+#if NETSTANDARD2_0 || NETSTANDARD2_1
if (ECDsaAdapter.Instance.SupportsECParameters())
return true;
#endif
@@ -130,7 +130,7 @@ public override bool CanComputeJwkThumbprint()
/// https://tools.ietf.org/html/rfc7638
public override byte[] ComputeJwkThumbprint()
{
-#if NETSTANDARD2_0
+#if NETSTANDARD2_0 || NETSTANDARD2_1
if (ECDsaAdapter.Instance.SupportsECParameters())
{
ECParameters parameters = ECDsa.ExportParameters(false);
diff --git a/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs b/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs
index 0f3f0f94a9..d24e40de99 100644
--- a/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs
+++ b/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs
@@ -37,6 +37,10 @@ namespace Microsoft.IdentityModel.Tokens
///
public class AuthenticatedEncryptionProvider : IDisposable
{
+#if NETSTANDARD2_1
+ private const int AES_GCM_IV_SIZE = 12;
+ private const int AES_GCM_TAG_SIZE = 16;
+#endif
private struct AuthenticatedKeys
{
public SymmetricSecurityKey AesKey;
@@ -67,22 +71,30 @@ public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
if (string.IsNullOrWhiteSpace(algorithm))
throw LogHelper.LogArgumentNullException(nameof(algorithm));
- if (!IsSupportedAlgorithm(key, algorithm))
- throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10668, GetType(), algorithm, key)));
+ // Allow constructing AuthenticatedEncryptionProvider in case when AesGcm algorithm is passed to enable tests
+ if (!IsAesGcmAlgorithm(algorithm))
+ {
+ if (!IsSupportedAlgorithm(key, algorithm))
+ throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10668, GetType(), algorithm, key)));
+
+ ValidateKeySize(key, algorithm);
+
+ _authenticatedkeys = GetAlgorithmParameters(key, algorithm);
+ _hmacAlgorithm = GetHmacAlgorithm(algorithm);
+ Key = key;
+ Algorithm = algorithm;
+ _cryptoProviderFactory = key.CryptoProviderFactory;
+ if (key.CryptoProviderFactory.GetType() == typeof(CryptoProviderFactory))
+ _symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hmacAlgorithm, false) as SymmetricSignatureProvider;
+ else
+ _symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hmacAlgorithm) as SymmetricSignatureProvider;
+
+ if (_symmetricSignatureProvider == null)
+ throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10649, Algorithm)));
+ }
- ValidateKeySize(key, algorithm);
- _authenticatedkeys = GetAlgorithmParameters(key, algorithm);
- _hmacAlgorithm = GetHmacAlgorithm(algorithm);
Key = key;
Algorithm = algorithm;
- _cryptoProviderFactory = key.CryptoProviderFactory;
- if (key.CryptoProviderFactory.GetType() == typeof(CryptoProviderFactory))
- _symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hmacAlgorithm, false) as SymmetricSignatureProvider;
- else
- _symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hmacAlgorithm) as SymmetricSignatureProvider;
-
- if (_symmetricSignatureProvider == null)
- throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10649, Algorithm)));
}
///
@@ -99,7 +111,7 @@ public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
///
/// Gets the that is being used.
///
- public SecurityKey Key { get; }
+ public SecurityKey Key { get; private set; }
///
/// Encrypts the 'plaintext'
@@ -137,35 +149,66 @@ public virtual AuthenticatedEncryptionResult Encrypt(byte[] plaintext, byte[] au
if (_disposed)
throw LogHelper.LogExceptionMessage(new ObjectDisposedException(GetType().ToString()));
- Aes aes = Aes.Create();
- aes.Mode = CipherMode.CBC;
- aes.Padding = PaddingMode.PKCS7;
- aes.Key = _authenticatedkeys.AesKey.Key;
- if (iv != null)
- aes.IV = iv;
-
byte[] ciphertext;
- try
+
+#if NETSTANDARD2_1
+ if (IsAesGcmAlgorithm(Algorithm))
{
- ciphertext = Transform(aes.CreateEncryptor(), plaintext, 0, plaintext.Length);
+ ciphertext = new byte[plaintext.Length];
+ byte[] nonce = new byte[AES_GCM_IV_SIZE];
+ byte[] tag = new byte[AES_GCM_TAG_SIZE];
+ using (var aesGcm = new AesGcm(GetKeyBytes(Key)))
+ {
+ //random nonce
+ RandomNumberGenerator rng = RandomNumberGenerator.Create();
+ rng.GetBytes(nonce);
+
+ try
+ {
+ aesGcm.Encrypt(nonce, plaintext, ciphertext, tag);
+ }
+ catch(Exception ex)
+ {
+ throw LogHelper.LogExceptionMessage(new SecurityTokenEncryptionFailedException(LogHelper.FormatInvariant(LogMessages.IDX10618, Algorithm), ex));
+ }
+ }
+
+ return new AuthenticatedEncryptionResult(Key, ciphertext, nonce, tag);
}
- catch(Exception ex)
+ else
{
- throw LogHelper.LogExceptionMessage(new SecurityTokenEncryptionFailedException(LogHelper.FormatInvariant(LogMessages.IDX10654, ex)));
- }
+#endif
+ Aes aes = Aes.Create();
+ aes.Mode = CipherMode.CBC;
+ aes.Padding = PaddingMode.PKCS7;
+ aes.Key = _authenticatedkeys.AesKey.Key;
+ if (iv != null)
+ aes.IV = iv;
+
+ try
+ {
+ ciphertext = Transform(aes.CreateEncryptor(), plaintext, 0, plaintext.Length);
+ }
+ catch (Exception ex)
+ {
+ throw LogHelper.LogExceptionMessage(new SecurityTokenEncryptionFailedException(LogHelper.FormatInvariant(LogMessages.IDX10654, ex)));
+ }
- byte[] al = Utility.ConvertToBigEndian(authenticatedData.Length * 8);
- byte[] macBytes = new byte[authenticatedData.Length + aes.IV.Length + ciphertext.Length + al.Length];
- Array.Copy(authenticatedData, 0, macBytes, 0, authenticatedData.Length);
- Array.Copy(aes.IV, 0, macBytes, authenticatedData.Length, aes.IV.Length);
- Array.Copy(ciphertext, 0, macBytes, authenticatedData.Length + aes.IV.Length, ciphertext.Length);
- Array.Copy(al, 0, macBytes, authenticatedData.Length + aes.IV.Length + ciphertext.Length, al.Length);
- byte[] macHash = _symmetricSignatureProvider.Sign(macBytes);
- var authenticationTag = new byte[_authenticatedkeys.HmacKey.Key.Length];
- Array.Copy(macHash, authenticationTag, authenticationTag.Length);
-
- return new AuthenticatedEncryptionResult(Key, ciphertext, aes.IV, authenticationTag);
- }
+ byte[] al = Utility.ConvertToBigEndian(authenticatedData.Length * 8);
+ byte[] macBytes = new byte[authenticatedData.Length + aes.IV.Length + ciphertext.Length + al.Length];
+ Array.Copy(authenticatedData, 0, macBytes, 0, authenticatedData.Length);
+ Array.Copy(aes.IV, 0, macBytes, authenticatedData.Length, aes.IV.Length);
+ Array.Copy(ciphertext, 0, macBytes, authenticatedData.Length + aes.IV.Length, ciphertext.Length);
+ Array.Copy(al, 0, macBytes, authenticatedData.Length + aes.IV.Length + ciphertext.Length, al.Length);
+ byte[] macHash = _symmetricSignatureProvider.Sign(macBytes);
+ var authenticationTag = new byte[_authenticatedkeys.HmacKey.Key.Length];
+ Array.Copy(macHash, authenticationTag, authenticationTag.Length);
+
+ return new AuthenticatedEncryptionResult(Key, ciphertext, aes.IV, authenticationTag);
+#if NETSTANDARD2_1
+ }
+#endif
+ }
///
/// Decrypts ciphertext into plaintext
@@ -187,6 +230,12 @@ public virtual byte[] Decrypt(byte[] ciphertext, byte[] authenticatedData, byte[
if (ciphertext == null || ciphertext.Length == 0)
throw LogHelper.LogArgumentNullException(nameof(ciphertext));
+ if (IsAesGcmAlgorithm(Algorithm))
+ {
+ // Until there is no AES-GCM support, Encrypt and Decrypt operations will throw an exception
+ throw LogHelper.LogExceptionMessage(new SecurityTokenDecryptionFailedException(LogHelper.FormatInvariant(LogMessages.IDX10692, Algorithm)));
+ }
+
if (authenticatedData == null || authenticatedData.Length == 0)
throw LogHelper.LogArgumentNullException(nameof(authenticatedData));
@@ -258,6 +307,16 @@ protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm)
return SupportedAlgorithms.IsSupportedAuthenticatedEncryptionAlgorithm(algorithm, key);
}
+ private bool IsAesGcmAlgorithm(string algorithm)
+ {
+ if (!(algorithm.Equals(SecurityAlgorithms.Aes128Gcm, StringComparison.Ordinal)
+ || algorithm.Equals(SecurityAlgorithms.Aes192Gcm, StringComparison.Ordinal)
+ || algorithm.Equals(SecurityAlgorithms.Aes256Gcm, StringComparison.Ordinal)))
+ return false;
+
+ return true;
+ }
+
private AuthenticatedKeys GetAlgorithmParameters(SecurityKey key, string algorithm)
{
int keyLength = -1;
@@ -291,13 +350,13 @@ private AuthenticatedKeys GetAlgorithmParameters(SecurityKey key, string algorit
private static string GetHmacAlgorithm(string algorithm)
{
if (SecurityAlgorithms.Aes128CbcHmacSha256.Equals(algorithm, StringComparison.Ordinal))
- return SecurityAlgorithms.HmacSha256;
+ return SecurityAlgorithms.HmacSha256;
if (SecurityAlgorithms.Aes192CbcHmacSha384.Equals(algorithm, StringComparison.Ordinal))
return SecurityAlgorithms.HmacSha384;
if (SecurityAlgorithms.Aes256CbcHmacSha512.Equals(algorithm, StringComparison.Ordinal))
- return SecurityAlgorithms.HmacSha512;
+ return SecurityAlgorithms.HmacSha512;
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10652, algorithm), nameof(algorithm)));
}
diff --git a/src/Microsoft.IdentityModel.Tokens/InternalsVisibleTo.cs b/src/Microsoft.IdentityModel.Tokens/InternalsVisibleTo.cs
index 7c51c1b4e8..ca040386bb 100644
--- a/src/Microsoft.IdentityModel.Tokens/InternalsVisibleTo.cs
+++ b/src/Microsoft.IdentityModel.Tokens/InternalsVisibleTo.cs
@@ -40,3 +40,5 @@
[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.S2S.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.S2S.Tokens.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
+[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Tokens.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
+[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Tokens.Saml.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
diff --git a/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs b/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs
index 806e801831..65acdc2610 100644
--- a/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs
+++ b/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs
@@ -56,7 +56,7 @@ public static JsonWebKey ConvertFromSecurityKey(SecurityKey key)
return ConvertFromSymmetricSecurityKey(symmetricKey);
else if (key is X509SecurityKey x509Key)
return ConvertFromX509SecurityKey(x509Key);
-#if NETSTANDARD2_0
+#if NETSTANDARD2_0 || NETSTANDARD2_1
else if (key is ECDsaSecurityKey ecdsaSecurityKey)
return ConvertFromECDsaSecurityKey(ecdsaSecurityKey);
#endif
@@ -180,7 +180,7 @@ public static JsonWebKey ConvertFromSymmetricSecurityKey(SymmetricSecurityKey ke
};
}
-#if NETSTANDARD2_0
+#if NETSTANDARD2_0 || NETSTANDARD2_1
///
/// Converts a into a
///
diff --git a/src/Microsoft.IdentityModel.Tokens/LogMessages.cs b/src/Microsoft.IdentityModel.Tokens/LogMessages.cs
index e17d72aa30..75078c6664 100644
--- a/src/Microsoft.IdentityModel.Tokens/LogMessages.cs
+++ b/src/Microsoft.IdentityModel.Tokens/LogMessages.cs
@@ -123,6 +123,9 @@ internal static class LogMessages
public const string IDX10615 = "IDX10615: Encryption failed. No support for: Algorithm: '{0}', SecurityKey: '{1}'.";
public const string IDX10616 = "IDX10616: Encryption failed. EncryptionProvider failed for: Algorithm: '{0}', SecurityKey: '{1}'. See inner exception.";
public const string IDX10617 = "IDX10617: Encryption failed. Keywrap is only supported for: '{0}', '{1}' and '{2}'. The content encryption specified is: '{3}'.";
+ public const string IDX10618 = "IDX10618: Encryption failed. EncryptionProvider failed for: Algorithm: '{0}'. See inner exception.";
+ //public const string IDX10619 = "IDX10619: Decryption failed. EncryptionProvider failed for: Algorithm: '{0}'. See inner exception.";
+ //public const string IDX10620 = "IDX10620: Decryption failed. Cipher-text size is less than 1.";
// Formating
public const string IDX10400 = "IDX10400: Unable to decode: '{0}' as Base64url encoded string.";
diff --git a/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj b/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj
index 7fa3e814e6..e357e9d3ec 100644
--- a/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj
+++ b/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj
@@ -16,7 +16,7 @@
$(DefineConstants);HAVE_ADO_NET;HAVE_APP_DOMAIN;HAVE_ASYNC;HAVE_BIG_INTEGER;HAVE_BINARY_FORMATTER;HAVE_BINARY_SERIALIZATION;HAVE_BINARY_EXCEPTION_SERIALIZATION;HAVE_CAS;HAVE_CHAR_TO_LOWER_WITH_CULTURE;HAVE_CHAR_TO_STRING_WITH_CULTURE;HAVE_COM_ATTRIBUTES;HAVE_COMPONENT_MODEL;HAVE_CONCURRENT_COLLECTIONS;HAVE_COVARIANT_GENERICS;HAVE_DATA_CONTRACTS;HAVE_DATE_TIME_OFFSET;HAVE_DB_NULL_TYPE_CODE;HAVE_DYNAMIC;HAVE_EMPTY_TYPES;HAVE_ENTITY_FRAMEWORK;HAVE_EXPRESSIONS;HAVE_FAST_REVERSE;HAVE_FSHARP_TYPES;HAVE_FULL_REFLECTION;HAVE_GUID_TRY_PARSE;HAVE_HASH_SET;HAVE_ICLONEABLE;HAVE_ICONVERTIBLE;HAVE_IGNORE_DATA_MEMBER_ATTRIBUTE;HAVE_INOTIFY_COLLECTION_CHANGED;HAVE_INOTIFY_PROPERTY_CHANGING;HAVE_ISET;HAVE_LINQ;HAVE_MEMORY_BARRIER;HAVE_METHOD_IMPL_ATTRIBUTE;HAVE_NON_SERIALIZED_ATTRIBUTE;HAVE_READ_ONLY_COLLECTIONS;HAVE_REFLECTION_EMIT;HAVE_SECURITY_SAFE_CRITICAL_ATTRIBUTE;HAVE_SERIALIZATION_BINDER_BIND_TO_NAME;HAVE_STREAM_READER_WRITER_CLOSE;HAVE_STRING_JOIN_WITH_ENUMERABLE;HAVE_TIME_SPAN_PARSE_WITH_CULTURE;HAVE_TIME_SPAN_TO_STRING_WITH_CULTURE;HAVE_TIME_ZONE_INFO;HAVE_TRACE_WRITER;HAVE_TYPE_DESCRIPTOR;HAVE_UNICODE_SURROGATE_DETECTION;HAVE_VARIANT_TYPE_PARAMETERS;HAVE_VERSION_TRY_PARSE;HAVE_XLINQ;HAVE_XML_DOCUMENT;HAVE_XML_DOCUMENT_TYPE;HAVE_CONCURRENT_DICTIONARY;$(AdditionalConstants)
-
+ $(DefineConstants);HAVE_ADO_NET;HAVE_APP_DOMAIN;HAVE_ASYNC;HAVE_BIG_INTEGER;HAVE_BINARY_FORMATTER;HAVE_BINARY_SERIALIZATION;HAVE_BINARY_EXCEPTION_SERIALIZATION;HAVE_CHAR_TO_LOWER_WITH_CULTURE;HAVE_CHAR_TO_STRING_WITH_CULTURE;HAVE_COM_ATTRIBUTES;HAVE_COMPONENT_MODEL;HAVE_CONCURRENT_COLLECTIONS;HAVE_COVARIANT_GENERICS;HAVE_DATA_CONTRACTS;HAVE_DATE_TIME_OFFSET;HAVE_DB_NULL_TYPE_CODE;HAVE_DYNAMIC;HAVE_EMPTY_TYPES;HAVE_ENTITY_FRAMEWORK;HAVE_EXPRESSIONS;HAVE_FAST_REVERSE;HAVE_FSHARP_TYPES;HAVE_FULL_REFLECTION;HAVE_GUID_TRY_PARSE;HAVE_HASH_SET;HAVE_ICLONEABLE;HAVE_ICONVERTIBLE;HAVE_IGNORE_DATA_MEMBER_ATTRIBUTE;HAVE_INOTIFY_COLLECTION_CHANGED;HAVE_INOTIFY_PROPERTY_CHANGING;HAVE_ISET;HAVE_LINQ;HAVE_MEMORY_BARRIER;HAVE_METHOD_IMPL_ATTRIBUTE;HAVE_NON_SERIALIZED_ATTRIBUTE;HAVE_READ_ONLY_COLLECTIONS;HAVE_SECURITY_SAFE_CRITICAL_ATTRIBUTE;HAVE_SERIALIZATION_BINDER_BIND_TO_NAME;HAVE_STREAM_READER_WRITER_CLOSE;HAVE_STRING_JOIN_WITH_ENUMERABLE;HAVE_TIME_SPAN_PARSE_WITH_CULTURE;HAVE_TIME_SPAN_TO_STRING_WITH_CULTURE;HAVE_TIME_ZONE_INFO;HAVE_TRACE_WRITER;HAVE_TYPE_DESCRIPTOR;HAVE_UNICODE_SURROGATE_DETECTION;HAVE_VARIANT_TYPE_PARAMETERS;HAVE_VERSION_TRY_PARSE;HAVE_XLINQ;HAVE_XML_DOCUMENT;HAVE_XML_DOCUMENT_TYPE;HAVE_CONCURRENT_DICTIONARY;$(AdditionalConstants)
@@ -33,7 +33,7 @@
-
+
diff --git a/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs
index af26be2743..015d52ec9a 100644
--- a/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs
+++ b/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs
@@ -98,7 +98,7 @@ public override bool HasPrivateKey
{
// imitate signing
byte[] hash = new byte[20];
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
Rsa.SignData(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
#else
if (Rsa is RSACryptoServiceProvider rsaCryptoServiceProvider)
diff --git a/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs b/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs
index a4226f18e1..aa49099fa2 100644
--- a/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs
+++ b/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs
@@ -39,6 +39,20 @@ public static class SecurityAlgorithms
public const string Aes256Encryption = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
public const string DesEncryption = "http://www.w3.org/2001/04/xmlenc#des-cbc";
+ // See: https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
+ ///
+ /// Currently not supported. It's possible to provide your own implementation of the algorithm by overriding CryptoProviderFactory and AuthenticatedEncryptionProvider.
+ ///
+ public const string Aes128Gcm = "http://www.w3.org/2009/xmlenc11#aes128-gcm";
+ ///
+ /// Currently not supported. It's possible to provide your own implementation of the algorithm by overriding CryptoProviderFactory and AuthenticatedEncryptionProvider.
+ ///
+ public const string Aes192Gcm = "http://www.w3.org/2009/xmlenc11#aes192-gcm";
+ ///
+ /// Currently not supported. It's possible to provide your own implementation of the algorithm by overriding CryptoProviderFactory and AuthenticatedEncryptionProvider.
+ ///
+ public const string Aes256Gcm = "http://www.w3.org/2009/xmlenc11#aes256-gcm";
+
// See: https://www.w3.org/TR/xmlenc-core1/#sec-kw-aes
public const string Aes128KeyWrap = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
public const string Aes192KeyWrap = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
@@ -47,7 +61,8 @@ public static class SecurityAlgorithms
public const string Ripemd160Digest = "http://www.w3.org/2001/04/xmlenc#ripemd160";
// See: https://www.w3.org/TR/xmlenc-core1/#sec-RSA-OAEP
- public const string RsaOaepKeyWrap = "http://www.w3.org/2001/04/xmlenc#rsa-oaep";
+ public const string RsaOaepKeyWrap = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"; // treat as http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p. RsaOaepKeyWrap identifier doesn't exist, but we released, so don't break now.
+ public const string RsaOaepMgf1pKeyWrap = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
// See: https://tools.ietf.org/html/rfc7518#section-4.1
public const string Aes128KW = "A128KW";
@@ -61,6 +76,7 @@ public static class SecurityAlgorithms
// See: https://www.w3.org/TR/xmldsig-core1/#sec-EnvelopedSignature
public const string EnvelopedSignature = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
+ public const string Sha1Digest = "http://www.w3.org/2000/09/xmldsig#sha1";
// See http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-SHA256
// and https://tools.ietf.org/html/rfc6931#section-2.1.3
@@ -113,8 +129,8 @@ public static class SecurityAlgorithms
public const string Aes192CbcHmacSha384 = "A192CBC-HS384";
public const string Aes256CbcHmacSha512 = "A256CBC-HS512";
- internal const string DefaultAsymmetricKeyWrapAlgorithm = RsaOaepKeyWrap;
- internal const string DefaultSymmetricEncryptionAlgorithm = Aes128CbcHmacSha256;
+ internal const string DefaultAsymmetricKeyWrapAlgorithm = RsaOaepMgf1pKeyWrap;
+ internal const string DefaultSymmetricEncryptionAlgorithm = Aes128Gcm;
#pragma warning restore 1591
}
diff --git a/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs b/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs
index 1b6a206b11..0ae8b14898 100644
--- a/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs
+++ b/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs
@@ -222,7 +222,7 @@ private static bool IsSupportedRsaPss(SecurityKey key)
// RSA-PSS is not available on .NET 4.5
LogHelper.LogInformation(LogMessages.IDX10692);
return false;
-#elif NET461 || NETSTANDARD2_0
+#elif NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
// RSACryptoServiceProvider doesn't support RSA-PSS
if (key is RsaSecurityKey rsa && rsa.Rsa is RSACryptoServiceProvider)
{
diff --git a/src/Microsoft.IdentityModel.Tokens/Utility.cs b/src/Microsoft.IdentityModel.Tokens/Utility.cs
index 46e1d82323..1ab08c6051 100644
--- a/src/Microsoft.IdentityModel.Tokens/Utility.cs
+++ b/src/Microsoft.IdentityModel.Tokens/Utility.cs
@@ -276,5 +276,24 @@ internal static byte[] GenerateSha256Hash(string input)
return hash.ComputeHash(Encoding.UTF8.GetBytes(input));
}
}
+
+ internal static byte[] ConcatByteArrays(params byte[][] list)
+ {
+ int outputLength = 0;
+ for (int i = 0; i < list.Length; i++)
+ outputLength += list[i].Length;
+
+ byte[] outputBytes = new byte[outputLength];
+
+ int dstOffset = 0;
+ for (int i = 0; i < list.Length; i++)
+ {
+ Array.Copy(list[i], 0, outputBytes, dstOffset, list[i].Length);
+ dstOffset += list[i].Length;
+ }
+
+ return outputBytes;
+ }
+
}
}
diff --git a/src/Microsoft.IdentityModel.Tokens/X509SecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/X509SecurityKey.cs
index ee95cf7422..2be8b6ee49 100644
--- a/src/Microsoft.IdentityModel.Tokens/X509SecurityKey.cs
+++ b/src/Microsoft.IdentityModel.Tokens/X509SecurityKey.cs
@@ -102,7 +102,7 @@ public AsymmetricAlgorithm PrivateKey
{
if (!_privateKeyAvailabilityDetermined)
{
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
_privateKey = RSACertificateExtensions.GetRSAPrivateKey(Certificate);
#else
_privateKey = Certificate.PrivateKey;
@@ -129,7 +129,7 @@ public AsymmetricAlgorithm PublicKey
{
if (_publicKey == null)
{
-#if NET461 || NETSTANDARD2_0
+#if NET461 || NETSTANDARD2_0 || NETSTANDARD2_1
_publicKey = RSACertificateExtensions.GetRSAPublicKey(Certificate);
#else
_publicKey = Certificate.PublicKey.Key;
diff --git a/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/DefaultContractResolver.cs b/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/DefaultContractResolver.cs
index 6043d096e9..c8fd18b7f4 100644
--- a/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/DefaultContractResolver.cs
+++ b/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/DefaultContractResolver.cs
@@ -1377,7 +1377,7 @@ protected virtual IValueProvider CreateMemberValueProvider(MemberInfo member)
// warning - this method use to cause errors with Intellitrace. Retest in VS Ultimate after changes
IValueProvider valueProvider;
-#if !(PORTABLE40 || PORTABLE || DOTNET || NETSTANDARD2_0)
+#if !(PORTABLE40 || PORTABLE || DOTNET || NETSTANDARD2_0 || NETSTANDARD2_1)
if (DynamicCodeGeneration)
{
valueProvider = new DynamicValueProvider(member);
diff --git a/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/JsonTypeReflector.cs b/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/JsonTypeReflector.cs
index 680074d6f6..2c47f19bef 100644
--- a/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/JsonTypeReflector.cs
+++ b/src/Microsoft.IdentityModel.Tokens/opensource/json/Serialization/JsonTypeReflector.cs
@@ -515,7 +515,7 @@ public static ReflectionDelegateFactory ReflectionDelegateFactory
{
get
{
-#if !(PORTABLE40 || PORTABLE || DOTNET || NETSTANDARD2_0)
+#if !(PORTABLE40 || PORTABLE || DOTNET || NETSTANDARD2_0 || NETSTANDARD2_1)
if (DynamicCodeGeneration)
{
return DynamicReflectionDelegateFactory.Instance;
diff --git a/src/Microsoft.IdentityModel.Xml/CipherData.cs b/src/Microsoft.IdentityModel.Xml/CipherData.cs
new file mode 100644
index 0000000000..86e3cce584
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Xml/CipherData.cs
@@ -0,0 +1,110 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System;
+using System.Xml;
+using static Microsoft.IdentityModel.Logging.LogHelper;
+
+namespace Microsoft.IdentityModel.Xml
+{
+ ///
+ /// Represents the element in XML encryption. This class cannot be inherited.
+ ///
+ /// http://www.w3.org/TR/xmlenc-core/#sec-CipherData
+ public sealed class CipherData
+ {
+ private byte[] _cipherValue = null;
+
+ ///
+ /// Initializes an instance of .
+ ///
+ public CipherData()
+ { }
+
+ ///
+ /// Initializes an instance of .
+ ///
+ ///
+ public CipherData(byte[] cipherValue)
+ {
+ CipherValue = cipherValue;
+ }
+
+ ///
+ /// Gets or sets the element.
+ ///
+ public byte[] CipherValue
+ {
+ get { return _cipherValue; }
+ set
+ {
+ if (value == null)
+ throw new ArgumentNullException(nameof(value));
+
+ _cipherValue = (byte[])value.Clone();
+ }
+ }
+
+ internal void WriteXml(XmlWriter writer)
+ {
+ if (writer == null)
+ throw LogArgumentNullException(nameof(writer));
+
+ writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.CipherData, XmlEncryptionConstants.Namespace);
+ writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.CipherValue, XmlEncryptionConstants.Namespace);
+
+ writer.WriteBase64(_cipherValue, 0, _cipherValue.Length);
+
+ writer.WriteEndElement(); // CipherValue
+ writer.WriteEndElement(); // CipherData
+ }
+
+ internal void ReadXml(XmlDictionaryReader reader)
+ {
+ if (reader == null)
+ throw LogArgumentNullException(nameof(reader));
+
+ if (!reader.IsStartElement(XmlEncryptionConstants.Elements.CipherData, XmlEncryptionConstants.Namespace))
+ throw XmlUtil.LogReadException(LogMessages.IDX30011, XmlEncryptionConstants.Namespace, XmlEncryptionConstants.Elements.CipherData, reader.NamespaceURI, reader.LocalName);
+
+ reader.ReadStartElement(XmlEncryptionConstants.Elements.CipherData, XmlEncryptionConstants.Namespace);
+
+ if (!reader.IsStartElement(XmlEncryptionConstants.Elements.CipherValue, XmlEncryptionConstants.Namespace))
+ throw XmlUtil.LogReadException(LogMessages.IDX30011, XmlEncryptionConstants.Namespace, XmlEncryptionConstants.Elements.CipherValue, reader.NamespaceURI, reader.LocalName);
+
+ reader.ReadStartElement(XmlEncryptionConstants.Elements.CipherValue, XmlEncryptionConstants.Namespace);
+
+ _cipherValue = reader.ReadContentAsBase64();
+
+ //
+ reader.ReadEndElement();
+
+ //
+ reader.ReadEndElement();
+ }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Xml/DataReference.cs b/src/Microsoft.IdentityModel.Xml/DataReference.cs
new file mode 100644
index 0000000000..dd7dfa7c97
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Xml/DataReference.cs
@@ -0,0 +1,68 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System.Xml;
+using static Microsoft.IdentityModel.Logging.LogHelper;
+
+namespace Microsoft.IdentityModel.Xml
+{
+ ///
+ /// Basic implementation of DataReference element used in XML encryption. This class cannot be inherited.
+ ///
+ /// http://www.w3.org/TR/xmlenc-core/#sec-ReferenceList
+ public sealed class DataReference : EncryptedReference
+ {
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ public DataReference() : base()
+ {
+ }
+
+ ///
+ /// Initializes a new instance of the class using the specified Uniform Resource Identifier (URI).
+ ///
+ ///
+ public DataReference(string uri) : base(uri)
+ {
+ }
+
+ internal override void WriteXml(XmlWriter writer)
+ {
+ if (writer == null)
+ throw LogArgumentNullException(nameof(writer));
+
+ // nothing to write - return
+ if (string.IsNullOrEmpty(Uri))
+ return;
+
+ writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.DataReference, null);
+ writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Uri, Uri);
+ writer.WriteEndElement();
+ }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Xml/EncryptedData.cs b/src/Microsoft.IdentityModel.Xml/EncryptedData.cs
new file mode 100644
index 0000000000..eb07ef975d
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Xml/EncryptedData.cs
@@ -0,0 +1,70 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System.Xml;
+using static Microsoft.IdentityModel.Logging.LogHelper;
+
+namespace Microsoft.IdentityModel.Xml
+{
+ ///
+ /// Represents the element in XML encryption. This class cannot be inherited.
+ ///
+ /// http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData
+ public sealed class EncryptedData : EncryptedType
+ {
+ ///
+ /// Initializes an instance of .
+ ///
+ public EncryptedData()
+ {
+ Type = XmlEncryptionConstants.EncryptedDataTypes.Element;
+ }
+
+ internal override void WriteXml(XmlWriter writer)
+ {
+ if (writer == null)
+ throw LogArgumentNullException(nameof(writer));
+
+ writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.EncryptedData, XmlEncryptionConstants.Namespace);
+ base.WriteXml(writer);
+ writer.WriteEndElement();
+ }
+
+ internal override void ReadXml(XmlDictionaryReader reader)
+ {
+ if (reader == null)
+ throw LogArgumentNullException(nameof(reader));
+
+ if (!reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptedData, XmlEncryptionConstants.Namespace))
+ throw XmlUtil.LogReadException(LogMessages.IDX30011, XmlEncryptionConstants.Namespace, XmlEncryptionConstants.Elements.EncryptedData, reader.NamespaceURI, reader.LocalName);
+
+ base.ReadXml(reader);
+
+ reader.ReadEndElement();
+ }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Xml/EncryptedKey.cs b/src/Microsoft.IdentityModel.Xml/EncryptedKey.cs
new file mode 100644
index 0000000000..c2be5c829d
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Xml/EncryptedKey.cs
@@ -0,0 +1,144 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System;
+using System.Collections.Generic;
+using System.Xml;
+using static Microsoft.IdentityModel.Logging.LogHelper;
+
+namespace Microsoft.IdentityModel.Xml
+{
+ ///
+ /// Represents the element in XML encryption. This class cannot be inherited.
+ ///
+ /// http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey
+ public sealed class EncryptedKey : EncryptedType
+ {
+ private IList _referenceList;
+
+ ///
+ /// Initializes an instance of .
+ ///
+ public EncryptedKey()
+ {
+ Type = XmlEncryptionConstants.EncryptedDataTypes.EncryptedKey;
+ }
+
+ ///
+ /// Gets the ReferenceList of elements.
+ ///
+ public IList ReferenceList
+ {
+ get
+ {
+ if (_referenceList == null)
+ _referenceList = new List();
+ return _referenceList;
+ }
+ }
+
+ ///
+ /// Adds new to the ReferenceList of elements.
+ ///
+ ///
+ public void AddReference(EncryptedReference reference)
+ {
+ ReferenceList.Add(reference);
+ }
+
+ internal override void WriteXml(XmlWriter writer)
+ {
+ writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.EncryptedKey, XmlEncryptionConstants.Namespace);
+
+ base.WriteXml(writer);
+
+ if (ReferenceList.Count != 0)
+ {
+ writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.ReferenceList, null);
+
+ foreach (var reference in ReferenceList)
+ {
+ reference.WriteXml(writer);
+ }
+
+ writer.WriteEndElement();
+ }
+
+ writer.WriteEndElement();
+ }
+
+ internal override void ReadXml(XmlDictionaryReader reader)
+ {
+ if (reader == null)
+ throw LogArgumentNullException(nameof(reader));
+
+ if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptedKey, XmlEncryptionConstants.Namespace))
+ {
+ // 1
+ base.ReadXml(reader);
+
+ // ? 0 - 1
+ if (reader.IsStartElement(XmlEncryptionConstants.Elements.ReferenceList, XmlEncryptionConstants.Namespace))
+ {
+ reader.ReadStartElement(XmlEncryptionConstants.Elements.ReferenceList, XmlEncryptionConstants.Namespace);
+
+ while (reader.IsStartElement())
+ {
+ if (reader.IsStartElement(XmlEncryptionConstants.Elements.DataReference, XmlEncryptionConstants.Namespace))
+ {
+ var dataReferece = new DataReference();
+ dataReferece.ReadXml(reader);
+ ReferenceList.Add(dataReferece);
+ }
+ else if (reader.IsStartElement(XmlEncryptionConstants.Elements.KeyReference, XmlEncryptionConstants.Namespace))
+ {
+ var keyReferece = new KeyReference();
+ keyReferece.ReadXml(reader);
+ ReferenceList.Add(keyReferece);
+ }
+ else
+ {
+ LogInformation(LogMessages.IDX30303, reader.LocalName);
+ reader.Skip();
+ }
+ }
+ }
+
+ // ? 0 - 1
+ // Skip - not supported
+ if (reader.IsStartElement(XmlEncryptionConstants.Elements.CarriedKeyName, XmlEncryptionConstants.Namespace))
+ {
+ LogInformation(LogMessages.IDX30302, XmlEncryptionConstants.Elements.CarriedKeyName, XmlEncryptionConstants.Elements.EncryptedKey);
+ reader.Skip();
+ }
+
+ // should be on EndElement for the EncryptedKey
+ reader.ReadEndElement();
+ }
+ }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Xml/EncryptedReference.cs b/src/Microsoft.IdentityModel.Xml/EncryptedReference.cs
new file mode 100644
index 0000000000..788c615c78
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Xml/EncryptedReference.cs
@@ -0,0 +1,74 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System.Xml;
+using static Microsoft.IdentityModel.Logging.LogHelper;
+
+namespace Microsoft.IdentityModel.Xml
+{
+ ///
+ /// Represents the abstract base class used in XML encryption from which the and classes derive.
+ ///
+ /// http://www.w3.org/TR/xmlenc-core1/#sec-ReferenceList
+ public abstract class EncryptedReference
+ {
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ protected EncryptedReference()
+ {
+ }
+
+ ///
+ /// Initializes a new instance of the class using the specified Uniform Resource Identifier(URI).
+ ///
+ ///
+ protected EncryptedReference(string uri)
+ {
+ Uri = uri;
+ }
+
+ ///
+ /// Gets or sets the Uniform Resource Identifier(URI) of an object.
+ ///
+ public string Uri { get; set; }
+
+ abstract internal void WriteXml(XmlWriter writer);
+
+ internal virtual void ReadXml(XmlDictionaryReader reader)
+ {
+ if (reader == null)
+ throw LogArgumentNullException(nameof(reader));
+
+ if (reader.IsStartElement(XmlEncryptionConstants.Elements.KeyReference, XmlEncryptionConstants.Namespace) || reader.IsStartElement(XmlEncryptionConstants.Elements.DataReference, XmlEncryptionConstants.Namespace))
+ {
+ Uri = reader.GetAttribute(XmlEncryptionConstants.Attributes.Uri, null);
+ reader.Skip();
+ }
+ }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Xml/EncryptedType.cs b/src/Microsoft.IdentityModel.Xml/EncryptedType.cs
new file mode 100644
index 0000000000..06ab92eb87
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Xml/EncryptedType.cs
@@ -0,0 +1,175 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System;
+using System.Xml;
+using static Microsoft.IdentityModel.Logging.LogHelper;
+
+namespace Microsoft.IdentityModel.Xml
+{
+ ///
+ /// Represents the abstract base class from which the classes EncryptedData and EncryptedKey derive.
+ ///
+ ///
+ /// http://www.w3.org/TR/xmlenc-core1/#sec-EncryptedType
+ ///
+ public abstract class EncryptedType
+ {
+ private CipherData _cipherData;
+ private KeyInfo _keyInfo;
+ private EncryptionMethod _encryptionMethod;
+
+ ///
+ /// Gets or sets the value for an instance of an class.
+ ///
+ public virtual CipherData CipherData
+ {
+ get
+ {
+ if (_cipherData == null)
+ _cipherData = new CipherData();
+
+ return _cipherData;
+ }
+ set
+ {
+ _cipherData = value ?? throw new ArgumentNullException(nameof(value));
+ }
+ }
+
+ ///
+ /// Gets or sets the attribute of an instance in XML encryption.
+ ///
+ public virtual string Id { get; set; }
+
+ ///
+ /// Gets or sets the attribute of an instance in XML encryption.
+ ///
+ public virtual string Type { get; set; }
+
+ ///
+ /// Gets or sets the attribute of an instance in XML encryption.
+ ///
+ ///
+ /// MimeType attribute is ignored while reading and writing an EncryptedAssertion
+ ///
+ public virtual string MimeType { get; set; }
+
+ ///
+ /// Gets the attribute of an instance in XML encryption.
+ ///
+ ///
+ /// Encoding attribute is set to
+ ///
+ public virtual string Encoding { get => XmlSignatureConstants.Base64Encoding; }
+
+ ///
+ /// Gets of sets the element in XML encryption.
+ ///
+ public KeyInfo KeyInfo
+ {
+ get
+ {
+ if (_keyInfo == null)
+ _keyInfo = new KeyInfo();
+ return _keyInfo;
+ }
+ set { _keyInfo = value; }
+ }
+
+ ///
+ /// Encapsulates the encryption algorithm used for XML encryption.
+ ///
+ public EncryptionMethod EncryptionMethod
+ {
+ get
+ {
+ if (_encryptionMethod == null)
+ _encryptionMethod = new EncryptionMethod();
+ return _encryptionMethod;
+ }
+ set { _encryptionMethod = value; }
+ }
+
+ internal virtual void WriteXml(XmlWriter writer)
+ {
+ if (writer == null)
+ throw LogArgumentNullException(nameof(writer));
+
+ if (!string.IsNullOrEmpty(Id))
+ writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Id, null, Id);
+
+ if (!string.IsNullOrEmpty(Type))
+ writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Type, null, Type);
+
+ if (!string.IsNullOrEmpty(MimeType))
+ writer.WriteAttributeString(XmlEncryptionConstants.Attributes.MimeType, null, MimeType);
+
+ if (!string.IsNullOrEmpty(Encoding))
+ writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Encoding, null, Encoding);
+
+ EncryptionMethod.WriteXml(writer);
+ KeyInfo.WriteXml(writer);
+ CipherData.WriteXml(writer);
+ }
+
+ internal virtual void ReadXml(XmlDictionaryReader reader)
+ {
+ if (reader == null)
+ throw LogArgumentNullException(nameof(reader));
+
+ Id = reader.GetAttribute(XmlEncryptionConstants.Attributes.Id, null);
+ Type = reader.GetAttribute(XmlEncryptionConstants.Attributes.Type, null);
+ MimeType = reader.GetAttribute(XmlEncryptionConstants.Attributes.MimeType, null);
+
+ reader.ReadStartElement();
+
+ // ? 0 - 1
+ if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptionMethod, XmlEncryptionConstants.Namespace))
+ {
+ EncryptionMethod.ReadXml(reader);
+ }
+
+ // ? 0 - 1
+ if (reader.IsStartElement(XmlSignatureConstants.Elements.KeyInfo, XmlSignatureConstants.Namespace))
+ {
+ KeyInfo.ReadXml(reader);
+ }
+
+ // 1
+ CipherData.ReadXml(reader);
+
+ // ? 0 - 1
+ // Skip - not supported
+ if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptionProperties, XmlEncryptionConstants.Namespace))
+ {
+ LogInformation(LogMessages.IDX30301, XmlEncryptionConstants.Elements.EncryptionProperties);
+ reader.Skip();
+ }
+ }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Xml/EncryptionMethod.cs b/src/Microsoft.IdentityModel.Xml/EncryptionMethod.cs
new file mode 100644
index 0000000000..84175f4efd
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Xml/EncryptionMethod.cs
@@ -0,0 +1,122 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System.Xml;
+using static Microsoft.IdentityModel.Logging.LogHelper;
+
+namespace Microsoft.IdentityModel.Xml
+{
+ ///
+ /// Represents the element in XML encryption that describes the encryption algorithm applied to the cipher data. This class cannot be inherited.
+ ///
+ /// http://www.w3.org/TR/xmlenc-core/#sec-EncryptionMethod
+ public class EncryptionMethod
+ {
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ public EncryptionMethod()
+ {
+ }
+
+ ///
+ /// Initializes a new instance of the class specifying an algorithm Uniform Resource Identifier(URI).
+ ///
+ ///
+ public EncryptionMethod(string algorithm)
+ {
+ KeyAlgorithm = algorithm;
+ }
+
+ ///
+ /// Gets or sets a Uniform Resource Identifier (URI) that describes the algorithm to use for XML encryption.
+ ///
+ public string KeyAlgorithm { get; set; }
+
+ ///
+ /// Gets or sets the digest method Uniform Resource Identifier (URI)
+ ///
+ public string DigestMethod { get; set; }
+
+ internal void WriteXml(XmlWriter writer)
+ {
+ if (writer == null)
+ throw LogArgumentNullException(nameof(writer));
+
+ // nothing to write - return
+ if (string.IsNullOrEmpty(KeyAlgorithm))
+ return;
+
+ writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.EncryptionMethod, XmlEncryptionConstants.Namespace);
+ writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Algorithm, null, KeyAlgorithm);
+
+ if (!string.IsNullOrEmpty(DigestMethod))
+ {
+ writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.DigestMethod, XmlSignatureConstants.Namespace);
+ writer.WriteAttributeString(XmlSignatureConstants.Attributes.Algorithm, null, DigestMethod);
+ writer.WriteEndElement();
+ }
+
+ writer.WriteEndElement();
+ }
+
+ internal void ReadXml(XmlDictionaryReader reader)
+ {
+ if (reader == null)
+ throw LogArgumentNullException(nameof(reader));
+
+ if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptionMethod, XmlEncryptionConstants.Namespace))
+ {
+ KeyAlgorithm = reader.GetAttribute(XmlEncryptionConstants.Attributes.Algorithm, null);
+
+ if (reader.IsEmptyElement)
+ {
+ reader.Read();
+ return;
+ }
+
+ reader.ReadStartElement(XmlEncryptionConstants.Elements.EncryptionMethod, XmlEncryptionConstants.Namespace);
+
+ while (reader.IsStartElement())
+ {
+ if (reader.IsStartElement(XmlSignatureConstants.Elements.DigestMethod, XmlSignatureConstants.Namespace))
+ {
+ DigestMethod = reader.GetAttribute(XmlSignatureConstants.Attributes.Algorithm, null);
+ }
+ else
+ {
+ LogInformation(LogMessages.IDX30302, reader.LocalName, XmlEncryptionConstants.Elements.EncryptionMethod);
+ }
+
+ reader.Skip();
+ }
+
+ reader.ReadEndElement();
+ }
+ }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Xml/KeyInfo.cs b/src/Microsoft.IdentityModel.Xml/KeyInfo.cs
index a9c5baedf9..9f34b4f856 100644
--- a/src/Microsoft.IdentityModel.Xml/KeyInfo.cs
+++ b/src/Microsoft.IdentityModel.Xml/KeyInfo.cs
@@ -30,7 +30,9 @@
using System.Collections.ObjectModel;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
+using System.Xml;
using Microsoft.IdentityModel.Tokens;
+using static Microsoft.IdentityModel.Logging.LogHelper;
namespace Microsoft.IdentityModel.Xml
{
@@ -101,6 +103,15 @@ public string RetrievalMethodUri
set;
}
+ ///
+ /// Gets or sets the Type associated with the RetrievalMethod
+ ///
+ public string RetrievalMethodType
+ {
+ get;
+ set;
+ }
+
///
/// Gets or sets the RSAKeyValue.
///
@@ -229,5 +240,143 @@ private bool Matches(JsonWebKey key)
return false;
}
+
+ ///
+ ///
+ ///
+ ///
+ internal void WriteXml(XmlWriter writer)
+ {
+ if (writer == null)
+ throw LogArgumentNullException(nameof(writer));
+
+ if (!AnythingToWrite())
+ return;
+
+ writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.KeyInfo, XmlSignatureConstants.Namespace);
+
+ if (!string.IsNullOrEmpty(KeyName))
+ {
+ writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.KeyName, null);
+ writer.WriteValue(KeyName);
+ writer.WriteEndElement();
+ }
+
+ if (!string.IsNullOrEmpty(RetrievalMethodUri))
+ {
+ writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.RetrievalMethod, null);
+ writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Uri, null, RetrievalMethodUri);
+ if (!string.IsNullOrEmpty(RetrievalMethodType))
+ writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Type, null, RetrievalMethodType);
+ writer.WriteEndElement();
+ }
+
+ if (X509Data.Count != 0)
+ {
+ writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.X509Data, null);
+
+ // use only first element from the collection
+ var enumerator = X509Data.GetEnumerator();
+ enumerator.MoveNext();
+ var _x509Data = enumerator.Current;
+
+ if (_x509Data.Certificates.Count != 0)
+ {
+ foreach (var certificate in _x509Data.Certificates)
+ {
+ writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.X509Certificate, null);
+ writer.WriteValue(certificate);
+ writer.WriteEndElement();
+ }
+ }
+
+ writer.WriteEndElement(); //
+ }
+
+ writer.WriteEndElement(); //
+ }
+
+ internal void ReadXml(XmlDictionaryReader reader)
+ {
+ if (reader == null)
+ throw LogArgumentNullException(nameof(reader));
+
+ if (reader.IsStartElement(XmlSignatureConstants.Elements.KeyInfo, XmlSignatureConstants.Namespace))
+ {
+ if (reader.IsEmptyElement)
+ {
+ reader.Skip();
+ return;
+ }
+
+ reader.ReadStartElement(XmlSignatureConstants.Elements.KeyInfo, XmlSignatureConstants.Namespace);
+
+ while (reader.IsStartElement())
+ {
+ if (reader.IsStartElement(XmlSignatureConstants.Elements.KeyName, XmlSignatureConstants.Namespace))
+ {
+ reader.ReadStartElement(XmlSignatureConstants.Elements.KeyName, XmlSignatureConstants.Namespace);
+ string __keyName = reader.ReadContentAsString();
+ if (!string.IsNullOrEmpty(__keyName))
+ {
+ KeyName = __keyName;
+ }
+
+ reader.Skip();
+ }
+ else if (reader.IsStartElement(XmlSignatureConstants.Elements.RetrievalMethod, XmlSignatureConstants.Namespace))
+ {
+ string __uri = reader.GetAttribute(XmlEncryptionConstants.Attributes.Uri);
+ if (!string.IsNullOrEmpty(__uri))
+ {
+ RetrievalMethodUri = __uri;
+ }
+
+ string __type = reader.GetAttribute(XmlEncryptionConstants.Attributes.Type);
+ if (!string.IsNullOrEmpty(__type))
+ {
+ RetrievalMethodType = __type;
+ }
+
+ reader.Skip();
+ }
+ else if (reader.IsStartElement(XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace))
+ {
+ reader.ReadStartElement(XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace);
+ while (reader.IsStartElement(XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace))
+ {
+ reader.ReadStartElement(XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace);
+ string __x509Cert = reader.ReadContentAsString();
+ if (!string.IsNullOrEmpty(__x509Cert))
+ {
+ var __x509Data = new X509Data();
+ __x509Data.Certificates.Add(__x509Cert);
+ X509Data.Add(__x509Data);
+ }
+
+ reader.ReadEndElement();
+ }
+
+ reader.Skip();
+ }
+ else if (reader.IsStartElement(XmlEncryptionConstants.Elements.EncryptedKey, XmlEncryptionConstants.Namespace))
+ {
+ throw XmlUtil.LogReadException(LogMessages.IDX30030);
+ }
+ else if (reader.IsStartElement()) // skipped an unknown element (no support for now)
+ {
+ LogInformation(LogMessages.IDX30302, reader.LocalName, XmlSignatureConstants.Elements.KeyInfo);
+ reader.Skip();
+ }
+ }
+
+ reader.ReadEndElement();
+ }
+ }
+
+ private bool AnythingToWrite()
+ {
+ return !(string.IsNullOrEmpty(KeyName) && string.IsNullOrEmpty(RetrievalMethodUri) && X509Data.Count == 0);
+ }
}
}
diff --git a/src/Microsoft.IdentityModel.Xml/KeyReference.cs b/src/Microsoft.IdentityModel.Xml/KeyReference.cs
new file mode 100644
index 0000000000..6da62430fc
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Xml/KeyReference.cs
@@ -0,0 +1,68 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System.Xml;
+using static Microsoft.IdentityModel.Logging.LogHelper;
+
+namespace Microsoft.IdentityModel.Xml
+{
+ ///
+ /// Basic implementation of KeyReference element used in XML encryption. This class cannot be inherited.
+ ///
+ /// http://www.w3.org/TR/xmlenc-core/#sec-ReferenceList
+ public sealed class KeyReference : EncryptedReference
+ {
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ public KeyReference() : base()
+ {
+ }
+
+ ///
+ /// Initializes a new instance of the class using the specified Uniform Resource Identifier (URI).
+ ///
+ ///
+ public KeyReference(string uri) : base(uri)
+ {
+ }
+
+ internal override void WriteXml(XmlWriter writer)
+ {
+ if (writer == null)
+ throw LogArgumentNullException(nameof(writer));
+
+ // nothing to write - return
+ if (string.IsNullOrEmpty(Uri))
+ return;
+
+ writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.KeyReference, null);
+ writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Uri, Uri);
+ writer.WriteEndElement();
+ }
+ }
+}
diff --git a/src/Microsoft.IdentityModel.Xml/LogMessages.cs b/src/Microsoft.IdentityModel.Xml/LogMessages.cs
index dafba8ee55..d8ecda8501 100644
--- a/src/Microsoft.IdentityModel.Xml/LogMessages.cs
+++ b/src/Microsoft.IdentityModel.Xml/LogMessages.cs
@@ -52,6 +52,7 @@ internal static class LogMessages
internal const string IDX30027 = "IDX30027: InnerReader is null. It is necessary to set InnerReader before making calls to DelegatingXmlDictionaryReader.";
internal const string IDX30028 = "IDX30028: InnerWriter is null. It is necessary to set InnerWriter before making calls to DelegatingXmlDictionaryWriter.";
internal const string IDX30029 = "IDX30029: The Reference '{0}' has exceeded the number of Transforms that will be processed: '{1}'. If there is a need to increase the number of Transforms, the DSigSerializer.MaximumReferenceTransforms can be increased. The default value is 10.";
+ internal const string IDX30030 = "IDX30030: EncryptedKey element is embedded withing EncryptedData element. This is currently not supported. Place EncryptedKey element next to associated EncryptedData element, within the enclosing Saml parent element.";
// XML structure, supported exceptions
internal const string IDX30100 = "IDX30100: Unable to process the {0} element. This canonicalization method is not supported: '{1}'. Supported methods are: '{2}', '{3}'.";
@@ -76,6 +77,9 @@ internal static class LogMessages
// logging messages
internal const string IDX30300 = "IDX30300: KeyInfo skipped unknown element: '{0}'.";
+ internal const string IDX30301 = "IDX30301: Skipped loading element: '{0}'. Currently not supported.";
+ internal const string IDX30302 = "IDX30302: Skipped loading element: '{0}' under node: '{1}'. Currently not supported.";
+ internal const string IDX30303 = "IDX30303: Skipped loading unknown reference element: '{0}'.";
// XML writing
internal const string IDX30401 = "IDX30401: Unable to write XML. {0}.{1} is null or empty.";
diff --git a/src/Microsoft.IdentityModel.Xml/XMLEncryptionConstants.cs b/src/Microsoft.IdentityModel.Xml/XMLEncryptionConstants.cs
new file mode 100644
index 0000000000..05a7374428
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Xml/XMLEncryptionConstants.cs
@@ -0,0 +1,57 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.IdentityModel.Xml
+{
+ ///
+ /// Constants for XML Encryption
+ /// Definitions for namespace, attributes and elements as defined in http://www.w3.org/TR/xmlenc-core1/
+ ///
+ public static class XmlEncryptionConstants
+ {
+#pragma warning disable 1591
+ public const string Namespace = "http://www.w3.org/2001/04/xmlenc#";
+
+ public const string Prefix = "xenc";
+
+ public static class Attributes
+ {
+ public const string Algorithm = "Algorithm";
+ public const string Encoding = "Encoding";
+ public const string Id = "Id";
+ public const string MimeType = "MimeType";
+ public const string Recipient = "Recipient";
+ public const string Type = "Type";
+ public const string Uri = "URI";
+ }
+
+ public static class Elements
+ {
+ public const string CarriedKeyName = "CarriedKeyName";
+ public const string CipherData = "CipherData";
+ public const string CipherReference = "CiperReference";
+ public const string CipherValue = "CipherValue";
+ public const string DataReference = "DataReference";
+ public const string EncryptedData = "EncryptedData";
+ public const string EncryptedKey = "EncryptedKey";
+ public const string EncryptionMethod = "EncryptionMethod";
+ public const string EncryptionProperties = "EncryptionProperties";
+ public const string KeyReference = "KeyReference";
+ public const string KeySize = "KeySize";
+ public const string OaepParams = "OAEPparams";
+ public const string Recipient = "Recipient";
+ public const string ReferenceList = "ReferenceList";
+ }
+
+ public static class EncryptedDataTypes
+ {
+ public const string Element = Namespace + "Element";
+ public const string Content = Namespace + "Content";
+ public const string EncryptedKey = Namespace + "EncryptedKey";
+#pragma warning restore 1591
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/Microsoft.IdentityModel.Xml/XmlSignatureConstants.cs b/src/Microsoft.IdentityModel.Xml/XmlSignatureConstants.cs
index c954589fa7..c434f46cf1 100644
--- a/src/Microsoft.IdentityModel.Xml/XmlSignatureConstants.cs
+++ b/src/Microsoft.IdentityModel.Xml/XmlSignatureConstants.cs
@@ -46,6 +46,7 @@ public static class XmlSignatureConstants
public const string XmlNamespaceNamespace = "http://www.w3.org/2000/xmlns/";
public const string XmlNamepspacePrefix = "xmlns";
public const string XmlSchemaNamespace = "http://www.w3.org/2001/XMLSchema-instance";
+ public const string Base64Encoding = Namespace + "base64";
public static class Attributes
{
diff --git a/src/Microsoft.IdentityModel.Xml/XmlUtil.cs b/src/Microsoft.IdentityModel.Xml/XmlUtil.cs
index 20bb205615..c2f9f98822 100644
--- a/src/Microsoft.IdentityModel.Xml/XmlUtil.cs
+++ b/src/Microsoft.IdentityModel.Xml/XmlUtil.cs
@@ -27,6 +27,7 @@
using System;
using System.Collections.Generic;
+using System.IO;
using System.Text;
using System.Xml;
using static Microsoft.IdentityModel.Logging.LogHelper;
@@ -430,5 +431,34 @@ internal static string[] TokenizeInclusiveNamespacesPrefixList(string inclusiveN
return result;
}
}
+
+#if NET45 || NET451
+ private static readonly XmlReaderSettings SafeXmlReaderSettings = new XmlReaderSettings { XmlResolver = null, DtdProcessing = DtdProcessing.Prohibit };
+#else
+ private static readonly XmlReaderSettings SafeXmlReaderSettings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit };
+#endif
+
+ ///
+ /// Creates an instance of a default .
+ /// The caller is responsible for disposing of the returned XmlDictionaryReader.
+ ///
+ /// The string to which the underlying should be initialized.
+ /// An instance of .
+ public static XmlReader CreateDefaultXmlReader(string input)
+ {
+ var stringReader = new StringReader(input);
+ return XmlReader.Create(stringReader, SafeXmlReaderSettings);
+ }
+
+ ///
+ /// Creates an instance of a default .
+ /// The caller is responsible for disposing of the returned XmlDictionaryReader.
+ ///
+ /// The string to which the underlying should be initialized.
+ /// An instance of .
+ public static XmlDictionaryReader CreateDefaultXmlDictionaryReader(string input)
+ {
+ return XmlDictionaryReader.CreateDictionaryReader(CreateDefaultXmlReader(input));
+ }
}
}
\ No newline at end of file
diff --git a/test/CrossVersionTokenValidation.Tests/Saml2CrossVersionTokenValidationTests.cs b/test/CrossVersionTokenValidation.Tests/Saml2CrossVersionTokenValidationTests.cs
index 88e040d075..1a6079281c 100644
--- a/test/CrossVersionTokenValidation.Tests/Saml2CrossVersionTokenValidationTests.cs
+++ b/test/CrossVersionTokenValidation.Tests/Saml2CrossVersionTokenValidationTests.cs
@@ -189,7 +189,9 @@ public static TheoryData CrossVersionSaml2TokenTest
Expires = Default.Expires,
Issuer = Default.Issuer,
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest),
+ #pragma warning disable 0618
Subject = AuthenticationClaimsIdentity
+ #pragma warning restore 0618
},
ValidationParameters4x = new TokenValidationParameters4x
{
diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs
index 4c52a539d7..2f5a619638 100644
--- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs
+++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs
@@ -268,7 +268,9 @@ public static TheoryData CreateJWETheoryData
{
SigningCredentials = KeyingMaterial.JsonWebKeyRsa256SigningCredentials,
EncryptingCredentials = KeyingMaterial.DefaultSymmetricEncryptingCreds_Aes256_Sha512_512,
+ #pragma warning disable 0618
Subject = new ClaimsIdentity(Default.PayloadClaims),
+ #pragma warning restore 0618
},
JsonWebTokenHandler = new JsonWebTokenHandler(),
JwtSecurityTokenHandler = tokenHandler,
@@ -692,7 +694,9 @@ public static TheoryData CreateJWSTheoryData
TokenDescriptor = new SecurityTokenDescriptor
{
SigningCredentials = KeyingMaterial.JsonWebKeyRsa256SigningCredentials,
+ #pragma warning disable 0618
Subject = new ClaimsIdentity(Default.PayloadClaims)
+ #pragma warning restore 0618
},
JsonWebTokenHandler = new JsonWebTokenHandler(),
JwtSecurityTokenHandler = tokenHandler,
@@ -1708,6 +1712,14 @@ public static TheoryData RoundTripJWEKeyWrappingTheoryDat
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
Payload = Default.PayloadString,
SigningCredentials = Default.SymmetricSigningCredentials,
+ EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes128CbcHmacSha256)
+ },
+ new CreateTokenTheoryData()
+ {
+ TestId = "WrongRsaOaepKeyWrapIdentifier-Aes128CbcHmacSha256",
+ ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
+ Payload = Default.PayloadString,
+ SigningCredentials = Default.SymmetricSigningCredentials,
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes128CbcHmacSha256)
},
new CreateTokenTheoryData()
@@ -1716,6 +1728,14 @@ public static TheoryData RoundTripJWEKeyWrappingTheoryDat
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
Payload = Default.PayloadString,
SigningCredentials = Default.SymmetricSigningCredentials,
+ EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384)
+ },
+ new CreateTokenTheoryData()
+ {
+ TestId = "WrongRsaOaepKeyWrapIdentifier-Aes192CbcHmacSha384",
+ ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
+ Payload = Default.PayloadString,
+ SigningCredentials = Default.SymmetricSigningCredentials,
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384)
},
new CreateTokenTheoryData()
@@ -1724,6 +1744,14 @@ public static TheoryData RoundTripJWEKeyWrappingTheoryDat
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
Payload = Default.PayloadString,
SigningCredentials = Default.SymmetricSigningCredentials,
+ EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes256CbcHmacSha512)
+ },
+ new CreateTokenTheoryData()
+ {
+ TestId = "WrongRsaOaepKeyWrapIdentifier-Aes256CbcHmacSha512",
+ ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
+ Payload = Default.PayloadString,
+ SigningCredentials = Default.SymmetricSigningCredentials,
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes256CbcHmacSha512)
},
new CreateTokenTheoryData()
@@ -1748,6 +1776,14 @@ public static TheoryData RoundTripJWEKeyWrappingTheoryDat
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
Payload = Default.PayloadString,
SigningCredentials = Default.SymmetricSigningCredentials,
+ EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384)
+ },
+ new CreateTokenTheoryData()
+ {
+ TestId = "WrongRsaOaepKeyWrapIdentifier-Aes192CbcHmacSha384",
+ ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
+ Payload = Default.PayloadString,
+ SigningCredentials = Default.SymmetricSigningCredentials,
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384)
}
};
diff --git a/test/Microsoft.IdentityModel.TestUtils/Default.cs b/test/Microsoft.IdentityModel.TestUtils/Default.cs
index f38266ddfc..95e0877c56 100644
--- a/test/Microsoft.IdentityModel.TestUtils/Default.cs
+++ b/test/Microsoft.IdentityModel.TestUtils/Default.cs
@@ -776,7 +776,9 @@ public static SecurityTokenDescriptor SecurityTokenDescriptor(EncryptingCredenti
IssuedAt = DateTime.UtcNow,
NotBefore = DateTime.UtcNow,
SigningCredentials = signingCredentials,
+#pragma warning disable 0618
Subject = claims == null ? ClaimsIdentity : new ClaimsIdentity(claims)
+#pragma warning restore 0618
};
}
diff --git a/test/Microsoft.IdentityModel.TestUtils/ExpectedException.cs b/test/Microsoft.IdentityModel.TestUtils/ExpectedException.cs
index b1d3e641f4..4e236a8aea 100644
--- a/test/Microsoft.IdentityModel.TestUtils/ExpectedException.cs
+++ b/test/Microsoft.IdentityModel.TestUtils/ExpectedException.cs
@@ -31,6 +31,7 @@
using System.Reflection;
using System.Security.Cryptography;
using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Tokens.Saml2;
namespace Microsoft.IdentityModel.TestUtils
{
@@ -104,6 +105,21 @@ public static ExpectedException ObjectDisposedException
}
}
+ public static ExpectedException Saml2SecurityTokenEncryptedAssertionEncryptionException(string substringExpected = null, Type innerTypeExpected = null)
+ {
+ return new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionEncryptionException), substringExpected, innerTypeExpected);
+ }
+
+ public static ExpectedException Saml2SecurityTokenEncryptedAssertionDecryptionException(string substringExpected = null, Type innerTypeExpected = null)
+ {
+ return new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), substringExpected, innerTypeExpected);
+ }
+
+ public static ExpectedException Saml2SecurityTokenEncryptedAssertionException(string substringExpected = null, Type innerTypeExpected = null)
+ {
+ return new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionException), substringExpected, innerTypeExpected);
+ }
+
public void ProcessException(Exception exception, CompareContext context)
{
ProcessException(exception, context.Diffs);
diff --git a/test/Microsoft.IdentityModel.TestUtils/KeyingMaterial.cs b/test/Microsoft.IdentityModel.TestUtils/KeyingMaterial.cs
index 9f9e597c6f..4bb0376caa 100644
--- a/test/Microsoft.IdentityModel.TestUtils/KeyingMaterial.cs
+++ b/test/Microsoft.IdentityModel.TestUtils/KeyingMaterial.cs
@@ -224,6 +224,10 @@ public static RsaSecurityKey RsaSecurityKey2
public static byte[] DefaultSymmetricKeyBytes_128 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_128);
public static SymmetricSecurityKey DefaultSymmetricSecurityKey_128 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_128) { KeyId = "DefaultSymmetricSecurityKey_128" };
+ public static string DefaultSymmetricKeyEncoded_192 = "hf+ctyfSxzcVMn5B5D+u4It4/HHjnh/E";
+ public static byte[] DefaultSymmetricKeyBytes_192 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_192);
+ public static SymmetricSecurityKey DefaultSymmetricSecurityKey_192 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_192) { KeyId = "DefaultSymmetricSecurityKey_192" };
+
public static string DefaultSymmetricKeyEncoded_256 = "Vbxq2mlbGJw8XH+ZoYBnUHmHga8/o/IduvU/Tht70iE=";
public static byte[] DefaultSymmetricKeyBytes_256 = Convert.FromBase64String(DefaultSymmetricKeyEncoded_256);
public static SymmetricSecurityKey DefaultSymmetricSecurityKey_256 = new SymmetricSecurityKey(DefaultSymmetricKeyBytes_256) { KeyId = "DefaultSymmetricSecurityKey_256" };
diff --git a/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs b/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs
index 9fc2a3fcd8..a095fa588b 100644
--- a/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs
+++ b/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs
@@ -29,7 +29,7 @@ namespace Microsoft.IdentityModel.TestUtils
{
public class ReferenceTokens
{
-#region Saml2 Token
+ #region Saml2 Token
public static string AADJWKS = @"{""keys"":[{""kty"":""RSA"",""use"":""sig"",""kid"":""a3QN0BZS7s4nN-BdrjbF0Y_LdMM"",""x5t"":""a3QN0BZS7s4nN-BdrjbF0Y_LdMM"",""n"":""wESLNTU4mazfVL-vLuJq_8ggJhW1DYxE-EeFiSccia1TTeyBWTVfG5vgYPtHXmL1RYgZvNhIYppS0ZT2U_nnCt8ukONCMSBpeLh8TqZxkHBr2pzbaKzbcHpHrsoxxXLHINZ6L4g_ewqYJwxfshuyD65tlSm8obFdnbtiCoVM-oJPbOcPsrzVgp_L5JWDe5bp6lbXXjJnMKVNCVqum1i4Taa6PGNm3HtlSXBz0CFWLwJ6IvAY7XDNOal3-5y2md6vqhzffmu90mKQ2ZzVwUoIr7aKt7DVuBQke434skDTLmJVcq-iOIpnYiLtApefX1KyDUWgnfHY1YDTrBzQKeu4uw"",""e"":""AQAB"",""x5c"":[""MIIDBTCCAe2gAwIBAgIQY4RNIR0dX6dBZggnkhCRoDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDIxMzAwMDAwMFoXDTE5MDIxNDAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBEizU1OJms31S/ry7iav/IICYVtQ2MRPhHhYknHImtU03sgVk1Xxub4GD7R15i9UWIGbzYSGKaUtGU9lP55wrfLpDjQjEgaXi4fE6mcZBwa9qc22is23B6R67KMcVyxyDWei+IP3sKmCcMX7Ibsg+ubZUpvKGxXZ27YgqFTPqCT2znD7K81YKfy+SVg3uW6epW114yZzClTQlarptYuE2mujxjZtx7ZUlwc9AhVi8CeiLwGO1wzTmpd/uctpner6oc335rvdJikNmc1cFKCK+2irew1bgUJHuN+LJA0y5iVXKvojiKZ2Ii7QKXn19Ssg1FoJ3x2NWA06wc0CnruLsCAwEAAaMhMB8wHQYDVR0OBBYEFDAr/HCMaGqmcDJa5oualVdWAEBEMA0GCSqGSIb3DQEBCwUAA4IBAQAiUke5mA86R/X4visjceUlv5jVzCn/SIq6Gm9/wCqtSxYvifRXxwNpQTOyvHhrY/IJLRUp2g9/fDELYd65t9Dp+N8SznhfB6/Cl7P7FRo99rIlj/q7JXa8UB/vLJPDlr+NREvAkMwUs1sDhL3kSuNBoxrbLC5Jo4es+juQLXd9HcRraE4U3UZVhUS2xqjFOfaGsCbJEqqkjihssruofaxdKT1CPzPMANfREFJznNzkpJt4H0aMDgVzq69NxZ7t1JiIuc43xRjeiixQMRGMi1mAB75fTyfFJ/rWQ5J/9kh0HMZVtHsqICBF1tHMTMIK5rwoweY0cuCIpN7A/zMOQtoD""]},{""kty"":""RSA"",""use"":""sig"",""kid"":""2S4SCVGs8Sg9LS6AqLIq6DpW-g8"",""x5t"":""2S4SCVGs8Sg9LS6AqLIq6DpW-g8"",""n"":""oZ-QQrNuB4ei9ATYrT61ebPtvwwYWnsrTpp4ISSp6niZYb92XM0oUTNgqd_C1vGN8J-y9wCbaJWkpBf46CjdZehrqczPhzhHau8WcRXocSB1u_tuZhv1ooAZ4bAcy79UkeLiG60HkuTNJJC8CfaTp1R97szBhuk0Vz5yt4r5SpfewIlBCnZUYwkDS172H9WapQu-3P2Qjh0l-JLyCkdrhvizZUk0atq5_AIDKRU-A0pRGc-EZhUL0LqUMz6c6M2s_4GnQaScv44A5iZUDD15B6e8Apb2yARohkWmOnmRcTVfes8EkfxjzZEzm3cNkvP0ogILyISHKlkzy2OmlU6iXw"",""e"":""AQAB"",""x5c"":[""MIIDKDCCAhCgAwIBAgIQBHJvVNxP1oZO4HYKh+rypDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMTYxMTE2MDgwMDAwWhcNMTgxMTE2MDgwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChn5BCs24Hh6L0BNitPrV5s+2/DBhaeytOmnghJKnqeJlhv3ZczShRM2Cp38LW8Y3wn7L3AJtolaSkF/joKN1l6GupzM+HOEdq7xZxFehxIHW7+25mG/WigBnhsBzLv1SR4uIbrQeS5M0kkLwJ9pOnVH3uzMGG6TRXPnK3ivlKl97AiUEKdlRjCQNLXvYf1ZqlC77c/ZCOHSX4kvIKR2uG+LNlSTRq2rn8AgMpFT4DSlEZz4RmFQvQupQzPpzozaz/gadBpJy/jgDmJlQMPXkHp7wClvbIBGiGRaY6eZFxNV96zwSR/GPNkTObdw2S8/SiAgvIhIcqWTPLY6aVTqJfAgMBAAGjWDBWMFQGA1UdAQRNMEuAEDUj0BrjP0RTbmoRPTRMY3WhJTAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXOCEARyb1TcT9aGTuB2Cofq8qQwDQYJKoZIhvcNAQELBQADggEBAGnLhDHVz2gLDiu9L34V3ro/6xZDiSWhGyHcGqky7UlzQH3pT5so8iF5P0WzYqVtogPsyC2LPJYSTt2vmQugD4xlu/wbvMFLcV0hmNoTKCF1QTVtEQiAiy0Aq+eoF7Al5fV1S3Sune0uQHimuUFHCmUuF190MLcHcdWnPAmzIc8fv7quRUUsExXmxSX2ktUYQXzqFyIOSnDCuWFm6tpfK5JXS8fW5bpqTlrysXXz/OW/8NFGq/alfjrya4ojrOYLpunGriEtNPwK7hxj1AlCYEWaRHRXaUIW1ByoSff/6Y6+ZhXPUe0cDlNRt/qIz5aflwO7+W8baTS4O8m/icu7ItE=""]}]}";
public static string Saml2Token_InclusiveNamespaces_WithoutPrefix =
@@ -97,6 +97,118 @@ public class ReferenceTokens
public static string Saml2Token_NoConditions_NoSignature =
@"https://sts.windows.net/add29489-7269-41f4-8841-b63c95564420/RrX3SPSxDw6z4KHaKB2V_mnv0G-LbRZdYvo1RQa1L7sadd29489-7269-41f4-8841-b63c95564420d1ad9ce7-b322-4221-ab74-1e1011e1bbcbUser1@Cyrano.onmicrosoft.com1UserUser1https://sts.windows.net/add29489-7269-41f4-8841-b63c95564420/urn:oasis:names:tc:SAML:2.0:ac:classes:Password";
+ #region EncryptedAssertion
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_Valid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_Valid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_ExtraSpaces_Valid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w== ";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_DifferentPrefixes_Valid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_DataReference_AsNonEmptyElement_Valid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_EncryptionMethod_AsNonEmptyElement_Valid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w== ";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_DigestMethod_AsNonEmptyElement_Valid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_KeyInfoAsEmptyElement_Valid =
+ @"QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_BadContent_Invalid =
+ @"DefaultSymmetricSecurityKey_128CJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_NoXencNamespace_Invalid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_Invalid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v2_Invalid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v3_Invalid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_Alg_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_EmbeddedEncryptedKey_Invalid =
+ @"nz36hLUzg1A1ckBxSzJXgvnE0Xhrr7BZvMM8Um+UNK0ttV5+nKK3mFkfpGwi+GPXM7ABMaJ7RKsEDyW2OX3O4+fi33pBeKkOinWPpPwNl66UXFkrc6PDD6p7IqwvDo1VLiqSCWLKYBM+pK0QdjE0FN+R4G+jcjKgvWadlDHmhzt0LJ8Hq2nBDWeptPPXl4tfKpxJFsZQFjyAU2tsJcfpKHEsqDrm+CcTDxNUouWLsX/F4Yr6lSE2UqWnYwU82t/ucMa2yTC6rlLziam2XM0XOTI3U1wAmi8IeGaix/GmJgkaiVDrICV3iRZW77zZhu6ShlELqeSSEe6EmYlPTtbbFw==1mpIqHPpmYaCFB1cPHNhbWw6QXNzZXJ0aW9uIElEPSJfYzU2NTczMjEtYjI4MC00ZTk2LWIxN2YtNWI0N2IwNDhhYWU5IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2M1NjU3MzIxLWIyODAtNGU5Ni1iMTdmLTViNDdiMDQ4YWFlOSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPmJRbmlzZ2dRL1BDeDF3aEU5SkdYc1lRMkFSM01mYmg5ZndCcUJmeG9Wc2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPk45WkhLK3JFbUdlTWdtS004a25zbWVGY3lzc0VEVDZyS2ZKaTdtcjRFRW0weEhrUVVGeUpCOExIaXVjSFYrUzIzaFhkd1Jaci9Yek5EUjhabXdVSjJFaVl6aVdVODRHUjBGcG1JSFRIRG5jcTd5Q05Kd0hzNk56QWlqTFA5cHJLYlgrN0gwYS9Ca1FjRVhycENaMzd4OFBPUFZoMEpRZHMveUlLeGdsUFBoMVZ0RUsvTVN2amVxMEU2WnZoeVFYU3hpRTdpZDhrc1VkY1dqTENGaXkzcmpHWUh6bkVFc3NDcmk3eDNxUG5OTW03aWJjbFplQzVsT2t1UjVIT2hRbS9iWURiQU5TZy9uTmlLdWxadU4vdzlDYkdVWGh5d0paVEh4alVhUDVmN2tMY0hzNzZINmhTTjNpTW5xVlIrdTFvMWIvblZuY0c1bjdRa1RCUm1YcGpwUT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+zlKwErhnIDyzaLOMQF0Nzw==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_Invalid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_v2_Invalid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_EncryptionAlgorithmNotSupported_Invalid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_v2_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_EncryptionAlgorithmNotSupported_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_BadDataReference_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_GoodDataReference_EncryptedData_NoId_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_NoKeyId_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedDataType_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedKeyType_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_NoCipherValue_Invalid =
+ @"DefaultSymmetricSecurityKey_128";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_NoCipherData_Invalid =
+ @"DefaultSymmetricSecurityKey_128";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_NoEncryptedData_Invalid =
+ @"";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_Invalid =
+ @"";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_v2_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_192_Invalid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_NamespaceMissing_Invalid =
+ @"DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ public static string Saml2Token_EncryptedAssertion_KeyWrap_PrefixMissing_Invalid =
+ @"UBqXQQGeUJSEhX36PHNhbWw6QXNzZXJ0aW9uIElEPSJfMmUzZWRhYTgtMzQ5MS00ZThlLTgwZDMtZWMyNTUzNjk1MWE1IiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMjRUMjI6MDg6NTEuMzI4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzJlM2VkYWE4LTM0OTEtNGU4ZS04MGQzLWVjMjU1MzY5NTFhNSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnR1VFBNeUVLVnE2Znp0R1c4YUsxM3I0dXl3OWZKM0V0aklGZm1ZQXVNa2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPndPRmlDY0F3ZVNQbithZVJoMUVwZkJ3YnpiVjNvRThEY1Y5WHBJaW9oalRFemlqT3V1V3FkVTBYbTd2MFdWUFRIRGRHenpiczdITkhnc2NObjZ1SHA5OU12c2MvVmhmb09LUHlxNkFSbE4rYjFlNEtiYlZuWVNVczhnNUI5WVozbzEySjMrRzA5T2dxK1RNUzN1eDZDd2dEUTVIL2RWaUliZ2FlTVVURitDVDRrN2x0OW9yWVJBeWJHd3ZrT0NnQ01MbVY1OEI0S1BNWXlOMzRjTGxRbGFNS3ljays4RnVpWEp2Zzd4c0xQOE9jcmFaVFJLTVpIOVN1V0N2QVJVREVyUXNyQVNLRko5RnZ6ZmpjN2laOGcrSXFsQVFpUk5uVVk3ZXdsNnVtaWNrVU5tUFJYNXpSN05aRkFTREdleVZvTTlERnl5bGx3azNIQTJsMHMrV2FwQT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+Jw2Iv4Be9ACmIMdMeprJSw==MIIDJTCCAg2gAwIBAgIQGzlg2gNmfKRKBa6dqqZXxzANBgkqhkiG9w0BAQQFADAiMSAwHgYDVQQDExdLZXlTdG9yZVRlc3RDZXJ0aWZpY2F0ZTAeFw0xMTExMDkxODE5MDZaFw0zOTEyMzEyMzU5NTlaMCIxIDAeBgNVBAMTF0tleVN0b3JlVGVzdENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9wIDAQABo1cwVTBTBgNVHQEETDBKgBA3gSuALjvEuAVmF/x8knXvoSQwIjEgMB4GA1UEAxMXS2V5U3RvcmVUZXN0Q2VydGlmaWNhdGWCEBs5YNoDZnykSgWunaqmV8cwDQYJKoZIhvcNAQEEBQADggEBAFZvDA7PBh/vvFZb/QCBelTyD2Yqij16v3tk30A3Akli6UIILdbbOcA5BiPktT1kJxcsgSXNHUODlfG2Fy9HTqwunr8G7FYniOUXPVrRL+HwhKOzRFDMUS3+On+ZDzum7rbpm3SYlnJDyNb8wynPw/bXQw72jGjt63uh6OnkYE8fJ8iPfVWOenZkP/IXPIXK/bBwLMDJ1y77ZauPYbp7oiQ/991pn0c7F4ugT9LYmbAdJKhiainOaoBTvIHN8/lMZ8gHUuxvOJhPrbgo3NTqvT1/3kfD0AISP4R3pH0QL/0m7cO34nK4rFFLZs1sFUguYUJhfkyq1N8MiyyAqRmrvBQ=Y7y9TnvpdQFUrNe0ZYnxuV5LzYAmkRTFZPc+QDPNlxDajy2JTdFqjfu+hPtwkhKvDwiSDyC3l21vehS4lEOStkiHxX9dWUzmAs3QwROCOVuXpc3sPbQh4rCMAF8RMOHnlbrC/58VK7RXCikmWTx04AO5iBROlJe/e1m0D0C+q6KhczY6HhhDgONp3pDDYESBQoW+2A8Hg8ZfPrjRoxQRTJKB2xsVOMFa65DhnWVYrLsEuCnQa0NvD3rrnHIWQku0ddk3UxZFa8ZdNyTZuJdWsFsf7gHKH4HMJ8CK4rL4FLzIXlYEgpmOlT2QwqFkUdIs873TqmiMJj/lD//KzureVA==";
+
+ public static string Saml2Token_EncryptedAssertion_SessionKey_AdditionalKeyInfoClauseValid =
+ @"""valueToBeSkipped""DefaultSymmetricSecurityKey_128QXrLKI3u/dYxnA//PHNhbWw6QXNzZXJ0aW9uIElEPSJfYjM2MDQ4ZTktZjgyMS00NmUzLWFiNjEtYjA4M2M4NDc1NWNkIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDktMTlUMjM6MTM6NTYuNzc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cDovL0RlZmF1bHQuSXNzdWVyLmNvbTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjX2IzNjA0OGU5LWY4MjEtNDZlMy1hYjYxLWIwODNjODQ3NTVjZCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPjc0UmNFdWk5OFlETElJSENIUVl5VTRNZGxFOXRacVA1MlpCcGNJbFZ1YlE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPlpBSE9obkgwMVNVMmkyRDMrbWxScHNDWnFjM0lLL21HT3lUaVhiaVlrMWRuaDMrREJYZ0ViMGNDNG9oRWxvRUV6amROeHZZOWlxQWhJMG9oSFZaWEQ2d1UwWUZkcTJ4YUN4dXhRZVNUUEtzTVFqMUxpL3pXR3VKNmcrMDMwYUVJL3E0QUphS21IZDVVR25BS1JDc0tKKy9veUlDbmdUUlBRSk41Ymg2OEtRQmhrb1EzYUt6TGRicVpmM3dkdHh5YnNSemZpTGxiLzQvYlZZTFdFd2J5TVM4d3Z5RjFObFJtMHgwa0xsOThpYThFK2NvSWZVVVpKZllQMVRhSENMVEVFZzJMUUQ2MERydXkvcXZINHVTSDVNdnBDZTN4SUNNbXkyemNsOUdHV1lNTHhUUEdLT0JvQ0VxT1hKQXJiRWlwekw4ajVUcUhOZGJncTR5bXRxMXdRdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlEWGpDQ0FrYWdBd0lCQWdJUVk5K0J2RVdjaEpwQVgvdERLekh3RkRBTkJna3Foa2lHOXcwQkFRc0ZBREExTVRNd01RWURWUVFESGlvQVV3QmxBR3dBWmdCVEFHa0Fad0J1QUdVQVpBQXlBREFBTkFBNEFGOEFVd0JJQUVFQU1nQTFBRFl3SGhjTk1UUXhNakkyTVRVeU56TTJXaGNOTXpreE1qTXhNak0xT1RVNVdqQTFNVE13TVFZRFZRUURIaW9BVXdCbEFHd0FaZ0JUQUdrQVp3QnVBR1VBWkFBeUFEQUFOQUE0QUY4QVV3QklBRUVBTWdBMUFEWXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0U3VkIzelJuaUUzQ3NZTHk5c0NMQWRGQjdBc0dLTWtac0p4aXdLRDF1ditPS3NoUE45RXBtN1pKUVdqbTZZR2VRWUtHUVVhTnM1WjFOYWFwS0xhVDUyanFjVExSYk9DNWczMzFHa1hUUElDa2pESHNSK05QeWQ3SjRPNEhsMmxzOHExK21jWWhIU0pPb2FtV09HWnF0cENmcHFxT2hIaEc3NVJuMjgya0E5MFliYzZ4WStyVGdCSVlnU3QrL2wzL211STNYVFU2d2doaWZZd1pmSUQxSW5nQkViK01EMzQ2UWdwaUpjV09iTCtXSVhQR3BMTm1EandKWjhJbFh2Z081SlBTejF3eEN5YjhFSkhVcDRoUVVjNzc4UnRLQjgyVVhiY2toTDNlVzQ5djFqcHVKb3FlTm05MjR2bE1YM0lZQXdZREJGOTNLNkY4eXUyb3Rwd3ZBZ01CQUFHamFqQm9NR1lHQTFVZEFRUmZNRjJBRU0yVi9kUXFDTk9oUDlWUHdGY0F1YnVoTnpBMU1UTXdNUVlEVlFRREhpb0FVd0JsQUd3QVpnQlRBR2tBWndCdUFHVUFaQUF5QURBQU5BQTRBRjhBVXdCSUFFRUFNZ0ExQURhQ0VHUGZnYnhGbklTYVFGLzdReXN4OEJRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLU2tzRTcvNVRPYzVuZ25ENTRwb05uYVBXcnc0a29sRnpxWWR3MS9zL2V2U2NUNHRnRllSMUZybVBCNTBLWW9aMGM4RnpEWTdQSzRTa0I3eDd4RmJqUFlad2NFemVIcVorV3NITzNVeEkyblU5NENVc0JtTlIwOUNNTUl3dC8xQTF5ZnpTTlRKRTQ1Mll0eWNkTFZKVUM2TkJSMzBEaTVZT0ZXUHdJRU81WEUwSjdPczF4dWhaYzZBRUt5MlNUcDBJM0ZMMjdnSHUzUiszWGhxcnU2ZlFJT3c1MlBjcDFheFhzdUU5Y1EvSEt5ZU5Udk0wMkZabWpseC9WeTNsQzVJLzJ4aVVKcmhxemN6T01SUkI4Y2xwc0FwMnVOV2ZyekowYUxDcHJRTzYycE45TC81MVBXYlNNc05mbmZ1VW80ZVpIdjJub1EzbUd6SlBYeUs0M09tbjA9PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+Qm9iPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciIvPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTAzLTE3VDE4OjMzOjM3LjA4MFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wMy0xN1QxODozMzozNy4wODBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9EZWZhdWx0LkF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2NvdW50cnkiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYkBjb250b3NvLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9naXZlbm5hbWUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPkJvYjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9ob21lcGhvbmUiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjU1NS4xMjEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSIgYTpPcmlnaW5hbElzc3Vlcj0iaHR0cDovL0RlZmF1bHQuT3JpZ2luYWxJc3N1ZXIuY29tIiB4bWxuczphPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA5LzA5L2lkZW50aXR5L2NsYWltcyI+PHNhbWw6QXR0cmlidXRlVmFsdWU+RGV2ZWxvcGVyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPlNhbGVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3N0cmVldGFkZHJlc3MiIGE6T3JpZ2luYWxJc3N1ZXI9Imh0dHA6Ly9EZWZhdWx0Lk9yaWdpbmFsSXNzdWVyLmNvbSIgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwOS8wOS9pZGVudGl0eS9jbGFpbXMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPjEyM0FueVdoZXJlU3RyZWV0L3IvblNvbWVUb3duL3IvblVTQTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIiBhOk9yaWdpbmFsSXNzdWVyPSJodHRwOi8vRGVmYXVsdC5PcmlnaW5hbElzc3Vlci5jb20iIHhtbG5zOmE9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDkvMDkvaWRlbnRpdHkvY2xhaW1zIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT5KZWFuLVPDqWJhc3RpZW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+qiuCJklC3FOVTk7WN/Vs0w==";
+
+ #endregion
+
public static string Saml2Token_Formated
{
get
diff --git a/test/Microsoft.IdentityModel.TestUtils/TheoryDataBase.cs b/test/Microsoft.IdentityModel.TestUtils/TheoryDataBase.cs
index 9eb8afce02..536ab2ecd0 100644
--- a/test/Microsoft.IdentityModel.TestUtils/TheoryDataBase.cs
+++ b/test/Microsoft.IdentityModel.TestUtils/TheoryDataBase.cs
@@ -53,5 +53,13 @@ public override string ToString()
{
return $"{TestId}, {ExpectedException}";
}
+
+ ///
+ /// Structure which holds custom/ad-hoc values.
+ ///
+ ///
+ /// Replacement of existing, 'first-class', properties of classes derived from TheoryDataBase is NOT the intention of this container.
+ ///
+ public Dictionary PropertyBag { get; set; } = new Dictionary();
}
}
diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AESGCMProviderFactory.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AESGCMProviderFactory.cs
new file mode 100644
index 0000000000..7069a98a81
--- /dev/null
+++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AESGCMProviderFactory.cs
@@ -0,0 +1,46 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+#if NET_CORE_3_0
+namespace Microsoft.IdentityModel.Tokens.Saml.Tests
+{
+ // Helper CryptoProviderFactory which returns AesGcmAuthenticatedEncryptionProvider when creating AuthenticatedEncryptionProvider
+ // - remove when AES-GCM is released and supported
+ public class AesGcmProviderFactory : CryptoProviderFactory
+ {
+ public override AuthenticatedEncryptionProvider CreateAuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
+ {
+ return new AesGcmAuthenticatedEncryptionProvider(key, algorithm);
+ }
+
+ public override bool IsSupportedAlgorithm(string algorithm, SecurityKey key)
+ {
+ return true;
+ }
+ }
+}
+#endif
diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AesGcmAuthenticatedEncryptionProvider.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AesGcmAuthenticatedEncryptionProvider.cs
new file mode 100644
index 0000000000..3b64cf61bd
--- /dev/null
+++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Helpers/AesGcmAuthenticatedEncryptionProvider.cs
@@ -0,0 +1,163 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+#if NET_CORE_3_0
+
+using Microsoft.IdentityModel.Logging;
+using System;
+using System.Security.Cryptography;
+
+namespace Microsoft.IdentityModel.Tokens.Saml.Tests
+{
+ // Helper AuthenticatedEncryptionProvider class made to mimic AES-GCM
+ // remove when AES-GCM is released and supported
+ public class AesGcmAuthenticatedEncryptionProvider : AuthenticatedEncryptionProvider
+ {
+ // http://www.w3.org/TR/xmlenc-core/#sec-AES-GCM
+ private const int AES_GCM_IV_SIZE = 12;
+ private const int AES_GCM_TAG_SIZE = 16;
+
+ public AesGcmAuthenticatedEncryptionProvider(SecurityKey key, string algorithm) : base(key, algorithm)
+ {
+ }
+
+ public override AuthenticatedEncryptionResult Encrypt(byte[] plaintext, byte[] authenticatedData)
+ {
+ return Encrypt(plaintext, authenticatedData, null);
+ }
+
+ public override AuthenticatedEncryptionResult Encrypt(byte[] plaintext, byte[] authenticatedData, byte[] iv)
+ {
+ if (IsAesGcmAlgorithm(Algorithm))
+ {
+
+ byte[] ciphertext = new byte[plaintext.Length];
+ byte[] nonce = new byte[AES_GCM_IV_SIZE];
+ byte[] tag = new byte[AES_GCM_TAG_SIZE];
+
+ using (var aesGcm = new AesGcm(GetKeyBytes(Key)))
+ {
+ //random nonce
+ RandomNumberGenerator rng = RandomNumberGenerator.Create();
+ rng.GetBytes(nonce);
+
+ try
+ {
+ aesGcm.Encrypt(nonce, plaintext, ciphertext, tag);
+ }
+ catch (Exception ex)
+ {
+ throw LogHelper.LogExceptionMessage(new SecurityTokenEncryptionFailedException(LogHelper.FormatInvariant("Tokens.LogMessages.IDX10618", Algorithm), ex));
+ }
+ }
+
+ return new AuthenticatedEncryptionResult(Key, ciphertext, nonce, tag);
+ }
+
+ return null;
+ }
+
+ public override byte[] Decrypt(byte[] ciphertext, byte[] authenticatedData, byte[] iv, byte[] authenticationTag)
+ {
+ if (IsAesGcmAlgorithm(Algorithm))
+ {
+
+ int cipherSize = ciphertext.Length - AES_GCM_IV_SIZE - AES_GCM_TAG_SIZE;
+
+ if (cipherSize < 1)
+ throw LogHelper.LogExceptionMessage(new SecurityTokenDecryptionFailedException(LogHelper.FormatInvariant("Tokens.LogMessages.IDX10620")));
+
+ byte[] cipher = new byte[cipherSize];
+ byte[] nonce = new byte[AES_GCM_IV_SIZE];
+ byte[] tag = new byte[AES_GCM_TAG_SIZE];
+
+ Array.Copy(ciphertext, 0, nonce, 0, AES_GCM_IV_SIZE);
+ Array.Copy(ciphertext, AES_GCM_IV_SIZE, cipher, 0, cipherSize);
+ Array.Copy(ciphertext, ciphertext.Length - AES_GCM_TAG_SIZE, tag, 0, AES_GCM_TAG_SIZE);
+
+ byte[] plaintext = new byte[cipher.Length];
+
+ using (var aesGcm = new AesGcm(GetKeyBytes(Key)))
+ {
+ try
+ {
+ aesGcm.Decrypt(nonce, cipher, tag, plaintext);
+ return plaintext;
+ }
+ catch (Exception ex)
+ {
+ throw LogHelper.LogExceptionMessage(new SecurityTokenDecryptionFailedException(LogHelper.FormatInvariant("Tokens.LogMessages.IDX10619", Algorithm), ex));
+ }
+ }
+ }
+
+ return null;
+ }
+
+ protected override bool IsSupportedAlgorithm(SecurityKey key, string algorithm)
+ {
+ return IsAesGcmAlgorithm(algorithm);
+ }
+
+ private bool IsAesGcmAlgorithm(string algorithm)
+ {
+ if (!(algorithm.Equals(SecurityAlgorithms.Aes128Gcm, StringComparison.Ordinal)
+ || algorithm.Equals(SecurityAlgorithms.Aes192Gcm, StringComparison.Ordinal)
+ || algorithm.Equals(SecurityAlgorithms.Aes256Gcm, StringComparison.Ordinal)))
+ return false;
+
+ return true;
+ }
+ }
+
+ //dummy implementation until AesGcm is released
+ class AesGcm : IDisposable
+ {
+ public AesGcm(byte[] key)
+ {
+ }
+
+ public void Dispose()
+ {
+ // throw new NotImplementedException();
+ }
+
+ public void Encrypt(byte[] nonce, byte[] plaintext, byte[] ciphertext, byte[] tag, byte[] associatedData = null)
+ {
+ Array.Copy(plaintext, ciphertext, plaintext.Length);
+ RandomNumberGenerator rng = RandomNumberGenerator.Create();
+ rng.GetBytes(tag);
+ }
+
+ public void Decrypt(byte[] nonce, byte[] ciphertext, byte[] tag, byte[] plaintext, byte[] associatedData = null)
+ {
+ Array.Copy(ciphertext, plaintext, ciphertext.Length);
+ }
+ }
+}
+
+#endif
diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2EncryptionTests.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2EncryptionTests.cs
new file mode 100644
index 0000000000..65747d4953
--- /dev/null
+++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2EncryptionTests.cs
@@ -0,0 +1,927 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System;
+using System.Collections.Generic;
+using System.Security.Claims;
+using Microsoft.IdentityModel.TestUtils;
+using Microsoft.IdentityModel.Tokens.Saml.Tests;
+using Microsoft.IdentityModel.Xml;
+using Xunit;
+
+#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant
+
+namespace Microsoft.IdentityModel.Tokens.Saml2.Tests
+{
+ public class Saml2EncryptionTests
+ {
+#if NET_CORE_3_0
+ #region EncryptedAssertion
+ [Theory, MemberData(nameof(AccessEncryptedAssertionTheoryData))]
+ public void AccessEncryptedAssertion(Saml2TheoryData theoryData)
+ {
+ var context = TestUtilities.WriteHeader($"{this}.AccessEncryptedAssertion", theoryData);
+
+ try
+ {
+ var token = theoryData.Handler.ReadSaml2Token(theoryData.Token);
+
+ IdentityComparer.AreEqual(token.Assertion.Encrypted, true, context); // saml2 assertion is encrypted hence Assertion.Encrypted should be True
+
+ if (string.IsNullOrEmpty(token.Assertion.EncryptedAssertion))
+ context.Diffs.Add("!Assertion.EncryptedAssertion string should not be empty if Saml2Assertion.Encrypted == True");
+
+ var result = token.Assertion.GetType().GetProperty(theoryData.PropertyBag["AssertionPropertyName"].ToString()).GetValue(token.Assertion, null);
+
+ IdentityComparer.AreEqual(result, theoryData.PropertyBag["AssertionPropertyExpectedValue"], context);
+ theoryData.ExpectedException.ProcessNoException(context);
+ }
+ catch (Exception ex)
+ {
+ theoryData.ExpectedException.ProcessException(ex.InnerException, context);
+ }
+
+ TestUtilities.AssertFailIfErrors(context);
+ }
+
+ public static TheoryData AccessEncryptedAssertionTheoryData
+ {
+ get
+ {
+ var theoryData = new TheoryData();
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ First = true,
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "Advice" }, { "AssertionPropertyExpectedValue", null } },
+ TestId = "EncryptedAssertion_Access_Advice",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "Conditions" }, { "AssertionPropertyExpectedValue", null } },
+ TestId = "EncryptedAssertion_Access_Conditions",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "Id" }, { "AssertionPropertyExpectedValue", null } },
+ TestId = "EncryptedAssertion_Access_Id",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "IssueInstant" }, { "AssertionPropertyExpectedValue", DateTime.MinValue } },
+ TestId = "EncryptedAssertion_Access_IssueInstantConditions",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "Issuer" }, { "AssertionPropertyExpectedValue", null } },
+ TestId = "EncryptedAssertion_Access_Issuer",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "InclusiveNamespacesPrefixList" }, { "AssertionPropertyExpectedValue", null } },
+ TestId = "EncryptedAssertion_Access_InclusiveNamespacesPrefixList",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "SigningCredentials" }, { "AssertionPropertyExpectedValue", null } },
+ TestId = "EncryptedAssertion_Access_SigningCredentials",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "Subject" }, { "AssertionPropertyExpectedValue", null } },
+ TestId = "EncryptedAssertion_Access_Subject",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "Statements" }, { "AssertionPropertyExpectedValue", null } },
+ TestId = "EncryptedAssertion_Access_Statements",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "Signature" }, { "AssertionPropertyExpectedValue", null } },
+ TestId = "EncryptedAssertion_Access_Signature",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "Version" }, { "AssertionPropertyExpectedValue", "2.0" } },
+ TestId = "EncryptedAssertion_Access_Version",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ PropertyBag = new Dictionary { { "AssertionPropertyName", "EncryptingCredentials" }, { "AssertionPropertyExpectedValue", null} },
+ TestId = "EncryptedAssertion_Access_EncryptingCredentials",
+ });
+
+ return theoryData;
+ }
+ }
+
+ [Theory, MemberData(nameof(ReadEncryptedTokenTheoryData))]
+ public void ReadEncryptedToken(Saml2TheoryData theoryData)
+ {
+ var context = TestUtilities.WriteHeader($"{this}.ReadEncryptedToken", theoryData);
+
+ try
+ {
+ var saml2EncryptedToken = theoryData.Handler.ReadSaml2Token(theoryData.Token);
+ IdentityComparer.AreEqual(saml2EncryptedToken.Assertion.Encrypted, true, context); // token should be encrypted
+
+ if (string.IsNullOrEmpty(saml2EncryptedToken.Assertion.EncryptedAssertion)) // if token is encrypted, EncryptedAssertion string should not be empty
+ context.Diffs.Add("!Assertion.EncryptedAssertion string should not be empty if Saml2Assertion.Encrypted == True");
+
+ theoryData.Handler.ValidateToken(theoryData.Token, theoryData.ValidationParameters, out SecurityToken validatedToken); // validate/decrypt token
+
+ IdentityComparer.AreEqual(((Saml2SecurityToken)validatedToken).Assertion.Encrypted, false, context); // token should be decrypted
+
+ theoryData.ExpectedException.ProcessNoException(context);
+ }
+ catch (Exception ex)
+ {
+ theoryData.ExpectedException.ProcessException(ex, context);
+ }
+
+ TestUtilities.AssertFailIfErrors(context);
+ }
+
+ public static TheoryData ReadEncryptedTokenTheoryData
+ {
+ get
+ {
+ // list keys
+ var signingKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256;
+ var sessionKey = KeyingMaterial.DefaultSymmetricSecurityKey_128;
+ var wrongSessionKey = KeyingMaterial.DefaultSymmetricSecurityKey_192;
+ var wrongKeyWrapKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA512;
+ var cert = KeyingMaterial.DefaultCert_2048;
+
+ var signingCredentials_Valid = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest);
+ var encryptingCredentials_PreSharedSessionKey_Valid = new EncryptingCredentials(sessionKey, SecurityAlgorithms.Aes128Gcm);
+ var encryptingCredentials_X509_Valid = new X509EncryptingCredentials(cert);
+
+ //SET HELPER CRYPTO PROVIDER FACTORY - remove when AES-GCM is released and supported
+ encryptingCredentials_PreSharedSessionKey_Valid.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_X509_Valid.CryptoProviderFactory = new AesGcmProviderFactory();
+
+ var tokenDescriptor_PreSharedSessionKey_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_PreSharedSessionKey_Valid);
+ var tokenDescriptor_KeyWrap_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_X509_Valid);
+
+ var tokenHandler = new Saml2SecurityTokenHandler();
+ var theoryData = new TheoryData();
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ First = true,
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_ExtraSpaces_Valid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_ExtraSpaces_Valid),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_DifferentPrefixes_Valid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_DifferentPrefixes_Valid),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Valid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Valid),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_DataReference_AsNonEmptyElement_Valid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_DataReference_AsNonEmptyElement_Valid),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_DigestMethod_AsNonEmptyElement_Valid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_DigestMethod_AsNonEmptyElement_Valid),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_EncryptionMethod_AsNonEmptyElement_Valid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_EncryptionMethod_AsNonEmptyElement_Valid),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_KeyInfoAsEmptyElement_Valid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_KeyInfoAsEmptyElement_Valid),
+ });
+
+ // Bad content. For AES-GCM: IV takes 12 bytes, Auth Tag 16 bytes => Cipher-text size is less than 1
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = new ExpectedException(typeof(SecurityTokenDecryptionFailedException), "IDX10620: Decryption failed."),
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadContent_Invalid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadContent_Invalid),
+ });
+
+ // namespace missing
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"),
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoXencNamespace_Invalid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoXencNamespace_Invalid),
+ });
+
+ // namespace missing or as expected
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"),
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_Invalid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_Invalid),
+ });
+
+ // namespace missing or as expected
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"),
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v2_Invalid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v2_Invalid),
+ });
+
+ // namespace missing or as expected
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"),
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v3_Invalid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_BadNamespace_v3_Invalid),
+ });
+
+ // Additional KeyInfo clauses (skipped while reading) should result with a valid EncryptedAssertion
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_AdditionalKeyInfoClauseValid,
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_AdditionalKeyInfoClauseValid),
+ });
+
+ // EncryptedKey element embedded in EncryptedData element is not supported
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_EmbeddedEncryptedKey_Invalid,
+ ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30030"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_EmbeddedEncryptedKey_Invalid),
+ });
+
+ // Key-wrap algorithm not supported
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Alg_Invalid,
+ ExpectedException = new ExpectedException(typeof(System.NotSupportedException), "IDX10661"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Alg_Invalid),
+ });
+
+ // Encryption algorithm is not provided - currently not supported
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13611"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_Invalid),
+ });
+
+ // Encryption algorithm is not provided - currently not supported
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_v2_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13611"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptionAlgorithm_v2_Invalid),
+ });
+
+ // Encryption algorithm is not provided - currently not supported
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13611"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_Invalid),
+ });
+
+ // Encryption algorithm is not provided - currently not supported
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_v2_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13611"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoEncryptionAlgorithm_v2_Invalid),
+ });
+
+ // DataReference element is not referencing the EncryptedData element
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadDataReference_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13616"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadDataReference_Invalid),
+ });
+
+ // DataReference element is correct, but referencing EncryptedData element has no Id
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_GoodDataReference_EncryptedData_NoId_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13615"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_GoodDataReference_EncryptedData_NoId_Invalid),
+ });
+
+ // EncryptedData element has a RetreivalUri but the is no EncryptedKey with that Id
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13618"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_Invalid),
+ });
+
+ // EncryptedData element has a correct RetreivalUri but the is EncryptedKey has no Id
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_NoKeyId_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13617"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadRetrievalUri_NoKeyId_Invalid),
+ });
+
+ // Type of EncryptedData is not correct
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedDataType_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13613"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedDataType_Invalid),
+ });
+
+ // Type of EncryptedKey is not correct
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedKeyType_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13614"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_BadEncryptedKeyType_Invalid),
+ });
+
+ // There is no CipherValue element
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoCipherValue_Invalid,
+ ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoCipherValue_Invalid),
+ });
+
+ // There is no CipherData element
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoCipherData_Invalid,
+ ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoCipherData_Invalid),
+ });
+
+ // There is no EncryptedData element
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptedData_Invalid,
+ ExpectedException = new ExpectedException(typeof(XmlReadException)),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NoEncryptedData_Invalid),
+ });
+
+ // There is no CipherValue element (content)
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_Invalid,
+ ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_Invalid),
+ });
+
+ // There is no CipherValue element (KeyWrap)
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_v2_Invalid,
+ ExpectedException = new ExpectedException(typeof(XmlReadException), "IDX30011"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_NoCipherValue_v2_Invalid),
+ });
+
+ // incorrect keywrap key
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, wrongKeyWrapKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Valid,
+ ExpectedException = new ExpectedException(typeof(SecurityTokenKeyWrapException), "IDX10659"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_Valid) + "_wrong_keyunwrap_key",
+ });
+
+ // some prefixes are missing/wrong
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_PrefixMissing_Invalid,
+ ExpectedException = new ExpectedException(typeof(System.Xml.XmlException)),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_PrefixMissing_Invalid),
+ });
+
+ // namespace is missing/wrong
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NamespaceMissing_Invalid,
+ ExpectedException = new ExpectedException(typeof(System.Xml.XmlException)),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_NamespaceMissing_Invalid),
+ });
+
+ // Uncomment tests below - when AES-GCM is released and supported
+ /*
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, wrongSessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ ExpectedException = new ExpectedException(typeof(SecurityTokenEncryptionFailedException), "IDX10618"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid) + "_wrong_decrypting_session_key",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_192_Invalid,
+ ExpectedException = new ExpectedException(typeof(ArgumentOutOfRangeException), "IDX10653"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_192_Invalid) + "_wrong_decrypting_session_key",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_EncryptionAlgorithmNotSupported_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13623"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_KeyWrap_EncryptionAlgorithmNotSupported_Invalid),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey),
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_EncryptionAlgorithmNotSupported_Invalid,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13623"),
+ TestId = nameof(ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_EncryptionAlgorithmNotSupported_Invalid),
+ });
+ */
+
+ // Throws as unsupported AES-GCM is used - remove when AES-GCM is released and supported
+ var encryptingCredentials_PreSharedSessionKey_AESGCM = new EncryptingCredentials(sessionKey, SecurityAlgorithms.Aes128Gcm);
+ var validationParams = CreateTokenValidationParameters(signingKey, sessionKey);
+ validationParams.CryptoProviderFactory = null;
+ tokenDescriptor_PreSharedSessionKey_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_PreSharedSessionKey_AESGCM);
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionDecryptionException), "IDX13623"),
+ ValidationParameters = validationParams,
+ Token = ReferenceTokens.Saml2Token_EncryptedAssertion_SessionKey_Valid,
+ TestId = "EncryptedAssertion_PreSharedSessionKey_AESGCM",
+ });
+
+ return theoryData;
+ }
+ }
+
+ [Theory, MemberData(nameof(WriteEncryptedTokenTheoryData))]
+ public void WriteEncryptedToken(Saml2TheoryData theoryData)
+ {
+ var context = TestUtilities.WriteHeader($"{this}.WriteEncryptedToken", theoryData);
+
+ try
+ {
+ var token = theoryData.Handler.WriteToken(theoryData.SecurityToken);
+ var saml2Token = theoryData.Handler.ReadSaml2Token(token);
+ IdentityComparer.AreEqual(saml2Token.Assertion.Encrypted, true, context); // token should be encrypted
+
+ if (string.IsNullOrEmpty(saml2Token.Assertion.EncryptedAssertion)) // if token is encrypted, EncryptedAssertion string should not be empty
+ context.Diffs.Add("!Assertion.EncryptedAssertion string should not be empty if Saml2Assertion.Encrypted == True");
+
+ theoryData.ExpectedException.ProcessNoException(context);
+ }
+ catch (Exception ex)
+ {
+ theoryData.ExpectedException.ProcessException(ex, context);
+ }
+
+ TestUtilities.AssertFailIfErrors(context);
+ }
+
+ public static TheoryData WriteEncryptedTokenTheoryData
+ {
+ get
+ {
+ // list keys used
+ var key = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256;
+ var sessionKey = KeyingMaterial.DefaultSymmetricSecurityKey_128;
+ var cert = KeyingMaterial.DefaultCert_2048;
+
+ var signingCredentials_Valid = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest);
+
+ // encrypting credentials (Pre_Shared for one scenario and KeyWrap for another one)
+ var encryptingCredentials_PreSharedSessionKey_Valid = new EncryptingCredentials(sessionKey, SecurityAlgorithms.Aes128Gcm);
+ var encryptingCredentials_X509_Valid = new X509EncryptingCredentials(cert);
+ var encryptingCredentials_X509_AlgNotSupported = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOAEP, SecurityAlgorithms.Aes128Gcm);
+ var encryptingCredentials_X509_EncNotSupported = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes128CbcHmacSha256);
+ var encryptingCredentials_PreSharedSessionKey_AlgNotNone = new EncryptingCredentials(sessionKey, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes128Gcm);
+
+ //SET HELPER CRYPTO PROVIDER FACTORY - remove when AES-GCM is released and supported
+ encryptingCredentials_PreSharedSessionKey_Valid.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_X509_Valid.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_X509_AlgNotSupported.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_X509_EncNotSupported.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_PreSharedSessionKey_AlgNotNone.CryptoProviderFactory = new AesGcmProviderFactory();
+
+ // token descriptors (Pre_Shared for one scenario and KeyWrap for another one)
+ var tokenDescriptor_PreSharedSessionKey_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_PreSharedSessionKey_Valid);
+ var tokenDescriptor_KeyWrap_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_X509_Valid);
+ var tokenDescriptor_KeyWrap_AlgotithmNotSupported = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_X509_AlgNotSupported);
+ var tokenDescriptor_KeyWrap_EncNotSupported = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_X509_EncNotSupported);
+ var tokenDescriptor_PreSharedSessionKey_AlgotithmNotNone = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_PreSharedSessionKey_AlgNotNone);
+
+ var tokenHandler = new Saml2SecurityTokenHandler();
+ var theoryData = new TheoryData();
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ First = true,
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = "EncryptedAssertion_PreSharedSessionKey_Valid",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_Valid) as Saml2SecurityToken,
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = "EncryptedAssertion_KeyWrap_Valid",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_AlgotithmNotSupported) as Saml2SecurityToken,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionEncryptionException), "IDX13627"),
+ TestId = "EncryptedAssertion_KeyWrap_AlgNotSupported",
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_EncNotSupported) as Saml2SecurityToken,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionEncryptionException), "IDX13625"),
+ TestId = "EncryptedAssertion_KeyWrap_EncNotSupported",
+ });
+
+ // when pre-shared session key is being used, Algorithm should be set to None
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_AlgotithmNotNone) as Saml2SecurityToken,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionEncryptionException), "IDX13626"),
+ TestId = "EncryptedAssertion_PreSharedSessionKey_AlgNotNone",
+ });
+
+ // Throws as unsupported AES-GCM is used - remove when AES-GCM is released and supported
+ var encryptingCredentials_PreSharedSessionKey_AESGCM = new EncryptingCredentials(sessionKey, SecurityAlgorithms.Aes128Gcm);
+ tokenDescriptor_PreSharedSessionKey_Valid = CreateTokenDescriptor(signingCredentials_Valid, encryptingCredentials_PreSharedSessionKey_AESGCM);
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_PreSharedSessionKey_Valid) as Saml2SecurityToken,
+ ExpectedException = new ExpectedException(typeof(Saml2SecurityTokenEncryptedAssertionEncryptionException), "IDX13601"),
+ TestId = "EncryptedAssertion_PreSharedSessionKey_AESGCM",
+ });
+
+ return theoryData;
+ }
+ }
+
+ [Theory, MemberData(nameof(RoundTripEncryptedTokenTheoryData))]
+ public void RoundTripEncryptedToken(Saml2TheoryData theoryData)
+ {
+ var context = TestUtilities.WriteHeader($"{this}.WriteEncryptedToken", theoryData);
+ context.PropertiesToIgnoreWhenComparing = new Dictionary>
+ {
+ { typeof(Saml2Assertion), new List { "IssueInstant", "Signature", "SigningCredentials", "EncryptingCredentials" } },
+ { typeof(Saml2SecurityToken), new List { "SigningKey" } },
+ };
+
+ try
+ {
+ var token = theoryData.Handler.WriteToken(theoryData.SecurityToken);
+ var saml2Token = theoryData.Handler.ReadSaml2Token(token);
+
+ IdentityComparer.AreEqual(saml2Token.Assertion.Encrypted, true); // token should be encrypted
+ if (string.IsNullOrEmpty(saml2Token.Assertion.EncryptedAssertion)) // if token is encrypted, EncryptedAssertion string should not be empty
+ context.Diffs.Add("!Assertion.EncryptedAssertion string should not be empty if Saml2Assertion.Encrypted == True");
+
+ theoryData.Handler.ValidateToken(token, theoryData.ValidationParameters, out SecurityToken validatedToken); // validate/decrypt token
+ IdentityComparer.AreEqual(validatedToken, theoryData.SecurityToken, context); // validated/decrypted token should be equal to the same token which was not encrypted
+ theoryData.ExpectedException.ProcessNoException(context);
+ }
+ catch (Exception ex)
+ {
+ theoryData.ExpectedException.ProcessException(ex, context);
+ }
+
+ TestUtilities.AssertFailIfErrors(context);
+ }
+
+ public static TheoryData RoundTripEncryptedTokenTheoryData
+ {
+ get
+ {
+ // list keys
+ var signingKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256;
+ var sessionKey128 = KeyingMaterial.DefaultSymmetricSecurityKey_128;
+ var sessionKey192 = KeyingMaterial.DefaultSymmetricSecurityKey_192;
+ var sessionKey256 = KeyingMaterial.DefaultSymmetricSecurityKey_256;
+ var cert = KeyingMaterial.DefaultCert_2048;
+
+ var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest);
+
+ // encrypting credentials (Pre_Shared for one scenario and KeyWrap for another one)
+ var encryptingCredentials128_PreShared = new EncryptingCredentials(sessionKey128, SecurityAlgorithms.Aes128Gcm);
+ var encryptingCredentials192_PreShared = new EncryptingCredentials(sessionKey192, SecurityAlgorithms.Aes192Gcm);
+ var encryptingCredentials256_PreShared = new EncryptingCredentials(sessionKey256, SecurityAlgorithms.Aes256Gcm);
+ var encryptingCredentials_KeyWrap_128_RSAOAEP = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes128Gcm);
+ var encryptingCredentials_KeyWrap_192_RSAOAEP = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes192Gcm);
+ var encryptingCredentials_KeyWrap_256_RSAOAEP = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes256Gcm);
+ var encryptingCredentials_KeyWrap_128_Wrong_RSAOAEP_Identifier = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes128Gcm);
+ var encryptingCredentials_KeyWrap_192_Wrong_RSAOAEP_Identifier = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192Gcm);
+ var encryptingCredentials_KeyWrap_256_Wrong_RSAOAEP_Identifier = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes256Gcm);
+
+ //SET HELPER CRYPTO PROVIDER FACTORY - remove when AES-GCM is released and supported
+ encryptingCredentials128_PreShared.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials192_PreShared.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials256_PreShared.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_KeyWrap_128_RSAOAEP.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_KeyWrap_192_RSAOAEP.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_KeyWrap_256_RSAOAEP.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_KeyWrap_128_Wrong_RSAOAEP_Identifier.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_KeyWrap_192_Wrong_RSAOAEP_Identifier.CryptoProviderFactory = new AesGcmProviderFactory();
+ encryptingCredentials_KeyWrap_256_Wrong_RSAOAEP_Identifier.CryptoProviderFactory = new AesGcmProviderFactory();
+
+ // token descriptors (Pre_Shared for one scenario and KeyWrap for another one)
+ var tokenDescriptor_128_PreShared = CreateTokenDescriptor(signingCredentials, encryptingCredentials128_PreShared);
+ var tokenDescriptor_192_PreShared = CreateTokenDescriptor(signingCredentials, encryptingCredentials192_PreShared);
+ var tokenDescriptor_256_PreShared = CreateTokenDescriptor(signingCredentials, encryptingCredentials256_PreShared);
+ var tokenDescriptor_KeyWrap_128_RSAOAEP = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_128_RSAOAEP);
+ var tokenDescriptor_KeyWrap_192_RSAOAEP = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_192_RSAOAEP);
+ var tokenDescriptor_KeyWrap_256_RSAOAEP = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_256_RSAOAEP);
+ var tokenDescriptor_KeyWrap_128_Wrong_RSAOAEP_Identifier = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_128_Wrong_RSAOAEP_Identifier);
+ var tokenDescriptor_KeyWrap_192_Wrong_RSAOAEP_Identifier = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_192_Wrong_RSAOAEP_Identifier);
+ var tokenDescriptor_KeyWrap_256_Wrong_RSAOAEP_Identifier = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_256_Wrong_RSAOAEP_Identifier);
+
+ var tokenDescriptor_KeyWrap_Signed = new SecurityTokenDescriptor
+ {
+ Audience = Default.Audience,
+ NotBefore = Default.NotBefore,
+ Expires = Default.Expires,
+ Issuer = Default.Issuer,
+ EncryptingCredentials = new X509EncryptingCredentials(KeyingMaterial.DefaultCert_2048), // encrypt with 'one-time-use' session key and wrap a session key using public cert
+ SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest),
+#pragma warning disable 0618
+ Subject = new ClaimsIdentity(Default.SamlClaims)
+#pragma warning restore 0618
+ };
+
+ var tokenHandler = new Saml2SecurityTokenHandler();
+ var theoryData = new TheoryData();
+
+ // test both scenarios and test all supported combinations (sessionKey-keywrapKey) in KeyWrap scenario
+ theoryData.Add(new Saml2TheoryData
+ {
+ First = true,
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_128_PreShared) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey128),
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = nameof(tokenDescriptor_128_PreShared),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_192_PreShared) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey192),
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = nameof(tokenDescriptor_192_PreShared),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_256_PreShared) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, sessionKey256),
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = nameof(tokenDescriptor_256_PreShared),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_128_RSAOAEP) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = nameof(tokenDescriptor_KeyWrap_128_RSAOAEP),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_192_RSAOAEP) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = nameof(tokenDescriptor_KeyWrap_192_RSAOAEP),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_256_RSAOAEP) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = nameof(tokenDescriptor_KeyWrap_256_RSAOAEP),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_128_Wrong_RSAOAEP_Identifier) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = nameof(tokenDescriptor_KeyWrap_128_Wrong_RSAOAEP_Identifier),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_192_Wrong_RSAOAEP_Identifier) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = nameof(tokenDescriptor_KeyWrap_192_Wrong_RSAOAEP_Identifier),
+ });
+
+ theoryData.Add(new Saml2TheoryData
+ {
+ SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_256_Wrong_RSAOAEP_Identifier) as Saml2SecurityToken,
+ ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
+ ExpectedException = ExpectedException.NoExceptionExpected,
+ TestId = nameof(tokenDescriptor_KeyWrap_256_Wrong_RSAOAEP_Identifier),
+ });
+
+ return theoryData;
+ }
+ }
+
+ // helper method to create a common SecurityTokenDescriptor
+ private static SecurityTokenDescriptor CreateTokenDescriptor(SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials)
+ {
+ return new SecurityTokenDescriptor
+ {
+ Audience = Default.Audience,
+ NotBefore = Default.NotBefore,
+ Expires = Default.Expires,
+ Issuer = Default.Issuer,
+ SigningCredentials = signingCredentials,
+ EncryptingCredentials = encryptingCredentials,
+#pragma warning disable 0618
+ Subject = new ClaimsIdentity(Default.SamlClaims),
+#pragma warning restore 0618
+ };
+ }
+
+ // helper method to create a common TokenValidationParameters
+ private static TokenValidationParameters CreateTokenValidationParameters(SecurityKey signingKey, SecurityKey decryptionKey)
+ {
+ return new TokenValidationParameters
+ {
+ IssuerSigningKey = signingKey,
+ TokenDecryptionKey = decryptionKey,
+ ValidAudience = Default.Audience,
+ ValidIssuer = Default.Issuer,
+ ValidateLifetime = false,
+ ValidateTokenReplay = false,
+ ValidateActor = false,
+ CryptoProviderFactory = new AesGcmProviderFactory(), // //SET HELPER CRYPTO PROVIDER FACTORY - remove when AES-GCM is released and supported
+ };
+ }
+
+ #endregion
+#endif
+ }
+}
+
+#pragma warning restore CS3016 // Arrays as attribute arguments is not CLS-compliant
diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SerializerTests.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SerializerTests.cs
index 91c56660c5..31380244f2 100644
--- a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SerializerTests.cs
+++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SerializerTests.cs
@@ -504,6 +504,11 @@ public static TheoryData ReadSubjectTheoryData
private class Saml2SerializerPublic : Saml2Serializer
{
+ public Saml2SerializerPublic() : base(new EncryptedAssertionHandler())
+ {
+
+ }
+
public Saml2Action ReadActionPublic(XmlDictionaryReader reader)
{
return base.ReadAction(reader);
diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2TheoryData.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2TheoryData.cs
index c2fe6f927c..cd5b93047c 100644
--- a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2TheoryData.cs
+++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2TheoryData.cs
@@ -72,7 +72,7 @@ public Saml2TheoryData(TokenTheoryData tokenTheoryData)
public string InclusiveNamespacesPrefixList { get; set; }
- public Saml2Serializer Saml2Serializer { get; set; } = new Saml2Serializer();
+ public Saml2Serializer Saml2Serializer { get; set; } = new Saml2Serializer(new EncryptedAssertionHandler());
public Saml2Subject Subject { get; set; }
}
diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/EncryptingCredentialsTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/EncryptingCredentialsTests.cs
index fff9137254..94e21282b6 100644
--- a/test/Microsoft.IdentityModel.Tokens.Tests/EncryptingCredentialsTests.cs
+++ b/test/Microsoft.IdentityModel.Tokens.Tests/EncryptingCredentialsTests.cs
@@ -81,7 +81,7 @@ public static TheoryData ConstructorATheoryData
new EncryptingCredentialsTheoryData
{
Key = null,
- Alg = SecurityAlgorithms.RsaOaepKeyWrap,
+ Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap,
Enc = SecurityAlgorithms.Aes128CbcHmacSha256,
ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'key'"),
TestId = "NullKey"
@@ -97,7 +97,7 @@ public static TheoryData ConstructorATheoryData
new EncryptingCredentialsTheoryData
{
Key = Default.AsymmetricEncryptionKeyPublic,
- Alg = SecurityAlgorithms.RsaOaepKeyWrap,
+ Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap,
Enc = String.Empty,
ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'enc'"),
TestId = "EmptyEncString"
@@ -113,7 +113,7 @@ public static TheoryData ConstructorATheoryData
new EncryptingCredentialsTheoryData
{
Key = Default.AsymmetricEncryptionKeyPublic,
- Alg = SecurityAlgorithms.RsaOaepKeyWrap,
+ Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap,
Enc = null,
ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'enc'"),
TestId = "NullEncString"
@@ -121,9 +121,16 @@ public static TheoryData ConstructorATheoryData
new EncryptingCredentialsTheoryData
{
Key = Default.AsymmetricEncryptionKeyPublic,
- Alg = SecurityAlgorithms.RsaOaepKeyWrap,
+ Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap,
Enc = SecurityAlgorithms.Aes128CbcHmacSha256,
TestId = "ValidTest"
+ },
+ new EncryptingCredentialsTheoryData
+ {
+ Key = Default.AsymmetricEncryptionKeyPublic,
+ Alg = SecurityAlgorithms.RsaOaepKeyWrap,
+ Enc = SecurityAlgorithms.Aes128CbcHmacSha256,
+ TestId = "ValidTest_WrongRsaOaepKeyWrapIdentifier"
}
};
}
diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/X509EncryptingCredentialsTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/X509EncryptingCredentialsTests.cs
index 53c3f78a62..c3b8889649 100644
--- a/test/Microsoft.IdentityModel.Tokens.Tests/X509EncryptingCredentialsTests.cs
+++ b/test/Microsoft.IdentityModel.Tokens.Tests/X509EncryptingCredentialsTests.cs
@@ -66,8 +66,8 @@ public static TheoryData ConstructorsTheory
new X509EncryptingCredentialsTheoryData
{
Certificate = null,
- Alg = SecurityAlgorithms.RsaOaepKeyWrap,
- Enc = SecurityAlgorithms.Aes128CbcHmacSha256,
+ Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap,
+ Enc = SecurityAlgorithms.Aes128Gcm,
ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'certificate'"),
TestId = "NullCertificate"
},
@@ -75,14 +75,14 @@ public static TheoryData ConstructorsTheory
{
Certificate = Default.Certificate,
Alg = String.Empty,
- Enc = SecurityAlgorithms.Aes128CbcHmacSha256,
+ Enc = SecurityAlgorithms.Aes128Gcm,
ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'alg'"),
TestId = "EmptyAlgString"
},
new X509EncryptingCredentialsTheoryData
{
Certificate = Default.Certificate,
- Alg = SecurityAlgorithms.RsaOaepKeyWrap,
+ Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap,
Enc = String.Empty,
ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'enc'"),
TestId = "EmptyEncString"
@@ -91,14 +91,14 @@ public static TheoryData ConstructorsTheory
{
Certificate = Default.Certificate,
Alg = null,
- Enc = SecurityAlgorithms.Aes128CbcHmacSha256,
+ Enc = SecurityAlgorithms.Aes128Gcm,
ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'alg'"),
TestId = "NullAlgString"
},
new X509EncryptingCredentialsTheoryData
{
Certificate = Default.Certificate,
- Alg = SecurityAlgorithms.RsaOaepKeyWrap,
+ Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap,
Enc = null,
ExpectedException = ExpectedException.ArgumentNullException("IDX10000: The parameter 'enc'"),
TestId = "NullEncString"
@@ -106,8 +106,8 @@ public static TheoryData ConstructorsTheory
new X509EncryptingCredentialsTheoryData
{
Certificate = Default.Certificate,
- Alg = SecurityAlgorithms.RsaOaepKeyWrap,
- Enc = SecurityAlgorithms.Aes128CbcHmacSha256,
+ Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap,
+ Enc = SecurityAlgorithms.Aes128Gcm,
TestId = "ValidTest"
}
};
diff --git a/test/Microsoft.IdentityModel.Xml.Tests/CipherDataTests.cs b/test/Microsoft.IdentityModel.Xml.Tests/CipherDataTests.cs
new file mode 100644
index 0000000000..531b520968
--- /dev/null
+++ b/test/Microsoft.IdentityModel.Xml.Tests/CipherDataTests.cs
@@ -0,0 +1,110 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+using System;
+using System.Collections.Generic;
+using Microsoft.IdentityModel.TestUtils;
+using Xunit;
+
+#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant
+
+namespace Microsoft.IdentityModel.Xml.Tests
+{
+ public class CipherDataTests
+ {
+ [Fact]
+ public void GetSets()
+ {
+ var type = typeof(CipherData);
+ var properties = type.GetProperties();
+ Assert.True(properties.Length == 1, $"Number of properties has changed from 1 to: {properties.Length}, adjust tests");
+
+ var cipherData = new CipherData();
+ var context = new GetSetContext
+ {
+ PropertyNamesAndSetGetValue = new List>>
+ {
+ new KeyValuePair>("CipherValue", new List