From 19239a8d947717fba5807407db7c56ff3fb57a06 Mon Sep 17 00:00:00 2001
From: Anders Abel <anders.abel@sustainsys.com>
Date: Mon, 6 Nov 2023 23:24:41 +0100
Subject: [PATCH] Clean build with .NET8

---
 Sustainsys.Saml2.sln                          |  1 +
 src/.editorconfig                             |  3 +
 .../Saml2Handler.cs                           | 24 ++++-
 .../Sustainsys.Saml2.AspNetCore.csproj        |  5 +
 .../Serialization/ISamlXmlReader.cs           |  4 +-
 src/Sustainsys.Saml2/Sustainsys.Saml2.csproj  |  5 +
 src/Sustainsys.Saml2/Xml/SignedXmlHelper.cs   | 24 +++--
 src/Sustainsys.Saml2/Xml/XmlHelpers.cs        |  2 +-
 src/Sustainsys.Saml2/Xml/XmlTraverser.cs      |  3 +-
 .../Saml2HandlerTests.cs                      |  5 +-
 .../Sustainsys.Saml2.AspNetCore.Tests.csproj  |  5 +
 .../Sustainsys.Saml2.Tests.Helpers.csproj     |  9 ++
 .../TestData.cs                               | 93 +++++++++----------
 .../Sustainsys.Saml2.Tests.csproj             |  8 +-
 .../Xml/SignedXmlHelperTests.cs               | 13 +--
 .../VerifySignature_NoReference.xml           |  1 +
 src/exclusion.dic                             |  2 +
 17 files changed, 127 insertions(+), 80 deletions(-)
 create mode 100644 src/Tests/Sustainsys.Saml2.Tests/Xml/SignedXmlHelperTests/VerifySignature_NoReference.xml
 create mode 100644 src/exclusion.dic

diff --git a/Sustainsys.Saml2.sln b/Sustainsys.Saml2.sln
index fa0ddb980..541e175fd 100644
--- a/Sustainsys.Saml2.sln
+++ b/Sustainsys.Saml2.sln
@@ -12,6 +12,7 @@ EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{67939779-582A-4972-9393-280BB0A6678B}"
 	ProjectSection(SolutionItems) = preProject
 		CONTRIBUTING.md = CONTRIBUTING.md
+		src\exclusion.dic = src\exclusion.dic
 		LICENSE = LICENSE
 		README.md = README.md
 		SECURITY.md = SECURITY.md
diff --git a/src/.editorconfig b/src/.editorconfig
index e16f2f810..8685d03cf 100644
--- a/src/.editorconfig
+++ b/src/.editorconfig
@@ -217,3 +217,6 @@ dotnet_naming_style.begins_with_i.required_prefix = I
 dotnet_naming_style.begins_with_i.required_suffix = 
 dotnet_naming_style.begins_with_i.word_separator = 
 dotnet_naming_style.begins_with_i.capitalization = pascal_case
+
+# Spelling
+spelling_exclusion_path = .\exclusion.dic
\ No newline at end of file
diff --git a/src/Sustainsys.Saml2.AspNetCore/Saml2Handler.cs b/src/Sustainsys.Saml2.AspNetCore/Saml2Handler.cs
index bcc134b70..ada94f81c 100644
--- a/src/Sustainsys.Saml2.AspNetCore/Saml2Handler.cs
+++ b/src/Sustainsys.Saml2.AspNetCore/Saml2Handler.cs
@@ -16,27 +16,37 @@ namespace Sustainsys.Saml2.AspNetCore;
 /// </summary>
 public class Saml2Handler : RemoteAuthenticationHandler<Saml2Options>
 {
+#if NET8_0_OR_GREATER
     /// <summary>
     /// Constructor
     /// </summary>
     /// <param name="options">Options</param>
     /// <param name="logger">Logger factory</param>
     /// <param name="encoder">Url encoder</param>
-    /// <param name="clock">System Clock</param>
     public Saml2Handler(
         IOptionsMonitor<Saml2Options> options,
         ILoggerFactory logger,
         UrlEncoder encoder
-#if NET8_0_OR_GREATER
         )
         : base(options, logger, encoder)
+    {}
 #else
-        ,
+
+    /// <summary>
+    /// Constructor
+    /// </summary>
+    /// <param name="options">Options</param>
+    /// <param name="logger">Logger factory</param>
+    /// <param name="encoder">Url encoder</param>
+    /// <param name="clock">System Clock</param>
+    public Saml2Handler(
+        IOptionsMonitor<Saml2Options> options,
+        ILoggerFactory logger,
+        UrlEncoder encoder,
         ISystemClock clock)
         : base(options, logger, encoder, clock)
+    { }
 #endif
-    {
-    }
 
     /// <summary>
     /// Create events by invoking Options.ServiceResolver.CreateEventsAsync()
@@ -95,7 +105,11 @@ protected override async Task HandleChallengeAsync(AuthenticationProperties prop
         var authnRequest = new AuthnRequest()
         {
             Issuer = Options.EntityId,
+#if NET8_0_OR_GREATER
+            IssueInstant = TimeProvider.GetUtcNow().DateTime,
+#else
             IssueInstant = Clock.UtcNow.DateTime,
+#endif
             AssertionConsumerServiceUrl = BuildRedirectUri(Options.CallbackPath)
         };
 
diff --git a/src/Sustainsys.Saml2.AspNetCore/Sustainsys.Saml2.AspNetCore.csproj b/src/Sustainsys.Saml2.AspNetCore/Sustainsys.Saml2.AspNetCore.csproj
index 0747ca5a1..16c2e133c 100644
--- a/src/Sustainsys.Saml2.AspNetCore/Sustainsys.Saml2.AspNetCore.csproj
+++ b/src/Sustainsys.Saml2.AspNetCore/Sustainsys.Saml2.AspNetCore.csproj
@@ -16,4 +16,9 @@
 		<ProjectReference Include="..\Sustainsys.Saml2\Sustainsys.Saml2.csproj" />
 	</ItemGroup>
 
+	<PropertyGroup>
+		<!--Restrict warning level to what is supported in .Net 6-->
+		<WarningLevel>6</WarningLevel>
+	</PropertyGroup>
+
 </Project>
diff --git a/src/Sustainsys.Saml2/Serialization/ISamlXmlReader.cs b/src/Sustainsys.Saml2/Serialization/ISamlXmlReader.cs
index ba58365b2..b251ecf1c 100644
--- a/src/Sustainsys.Saml2/Serialization/ISamlXmlReader.cs
+++ b/src/Sustainsys.Saml2/Serialization/ISamlXmlReader.cs
@@ -42,9 +42,9 @@ public interface ISamlXmlReader
     SamlResponse ReadSamlResponse(XmlTraverser source);
 
     /// <summary>
-    /// Read an AuthnReqeust
+    /// Read an <see cref="AuthnRequest"/>
     /// </summary>
     /// <param name="source">Xml Traverser to read from</param>
-    /// <returns>AutnnRequest</returns>
+    /// <returns><see cref="AuthnRequest"/></returns>
     AuthnRequest ReadAuthnRequest(XmlTraverser source);
 }
diff --git a/src/Sustainsys.Saml2/Sustainsys.Saml2.csproj b/src/Sustainsys.Saml2/Sustainsys.Saml2.csproj
index 89e759c9c..49927ea9f 100644
--- a/src/Sustainsys.Saml2/Sustainsys.Saml2.csproj
+++ b/src/Sustainsys.Saml2/Sustainsys.Saml2.csproj
@@ -18,4 +18,9 @@
 		<PackageReference Include="System.Security.Cryptography.Xml" Version="7.0.1" />	
 	</ItemGroup>
 
+	<PropertyGroup>
+		<!--Restrict warning level to what is supported in .Net 6-->
+		<WarningLevel>6</WarningLevel>
+	</PropertyGroup>
+
 </Project>
diff --git a/src/Sustainsys.Saml2/Xml/SignedXmlHelper.cs b/src/Sustainsys.Saml2/Xml/SignedXmlHelper.cs
index a4c1a6702..94cf8ca42 100644
--- a/src/Sustainsys.Saml2/Xml/SignedXmlHelper.cs
+++ b/src/Sustainsys.Saml2/Xml/SignedXmlHelper.cs
@@ -17,7 +17,7 @@ namespace Sustainsys.Saml2.Xml;
 public static class SignedXmlHelper
 {
     /// <summary>
-    /// Adds an envoleped signature to the node.
+    /// Adds an enveloped signature to the node.
     /// </summary>
     /// <param name="element">Element to sign</param>
     /// <param name="certificate">Certificate to use to sign</param>
@@ -31,7 +31,7 @@ public static void Sign(
     }
 
     /// <summary>
-    /// Adds an envoleped signature to the node.
+    /// Adds an enveloped signature to the node.
     /// </summary>
     /// <param name="element">Element to sign</param>
     /// <param name="certificate">Certificate to use to sign</param>
@@ -41,10 +41,7 @@ public static void Sign(
         X509Certificate2 certificate,
         XmlNode insertAfter)
     {
-        if(insertAfter == null)
-        {
-            throw new ArgumentNullException(nameof(insertAfter));
-        }
+        ArgumentNullException.ThrowIfNull(insertAfter);
 
         var signedXml = CreateSignedXml(element, certificate);
 
@@ -96,8 +93,10 @@ internal SignedXmlWithStrictIdResolution(XmlDocument xmlDocument)
         /// <param name="idValue">Id value to find</param>
         /// <returns>XmlElement</returns>
         /// <exception cref="CryptographicException">If not exactly one match</exception>
-        public override XmlElement GetIdElement(XmlDocument document, string idValue)
+        public override XmlElement GetIdElement(XmlDocument? document, string idValue)
         {
+            ArgumentNullException.ThrowIfNull(document);
+
             XmlConvert.VerifyNCName(idValue);
 
             var possibleNodes = document.SelectNodes($"//*[@ID=\"{idValue}\" or @Id=\"{idValue}\" or @id=\"{idValue}\"]")!;
@@ -138,7 +137,7 @@ public static (string? Error, SigningKey? WorkingKey) VerifySignature(
         string? error = null;
         SigningKey? workingKey = null;
 
-        if (signedXml.SignedInfo.References.Count != 1)
+        if (signedXml.SignedInfo!.References.Count != 1)
         {
             error += "The Signature should contain exactly one reference. ";
         }
@@ -146,6 +145,11 @@ public static (string? Error, SigningKey? WorkingKey) VerifySignature(
         {
             foreach (var key in keys)
             {
+                if (key.Certificate == null)
+                {
+                    throw new InvalidOperationException("Signing key certificate cannot be null");
+                }
+
                 if (signedXml.CheckSignature(key.Certificate, true))
                 {
                     workingKey = key;
@@ -172,7 +176,7 @@ public static (string? Error, SigningKey? WorkingKey) VerifySignature(
             }
             else
             {
-                var id = reference.Uri[1..]; // Drop off the #
+                var id = reference.Uri![1..]; // Drop off the #
 
                 var signedElement = signedXml.GetIdElement(signatureElement.OwnerDocument, id);
 
@@ -205,7 +209,7 @@ public static (string? Error, SigningKey? WorkingKey) VerifySignature(
         }
 
         // The algorithm names has the form http://foo/bar/xyz#rsa-sha256
-        var signingHash = signedXml.SignatureMethod[(signedXml.SignatureMethod.LastIndexOf('-') + 1)..];
+        var signingHash = signedXml.SignatureMethod![(signedXml.SignatureMethod!.LastIndexOf('-') + 1)..];
         if (!allowedHashAlgorithms.Contains(signingHash))
         {
             var allowed = string.Join(", ", allowedHashAlgorithms);
diff --git a/src/Sustainsys.Saml2/Xml/XmlHelpers.cs b/src/Sustainsys.Saml2/Xml/XmlHelpers.cs
index 4f4c72826..bc8be80e9 100644
--- a/src/Sustainsys.Saml2/Xml/XmlHelpers.cs
+++ b/src/Sustainsys.Saml2/Xml/XmlHelpers.cs
@@ -32,7 +32,7 @@ internal static string FormatId(byte[] bytes)
     /// Get an Xml traverser for an XmlDocument
     /// </summary>
     /// <param name="xmlElement">Source XmlElement. Typically the document element</param>
-    /// <returns>XmlTraverser locatet at DocumentElement</returns>
+    /// <returns>XmlTraverser located at DocumentElement</returns>
     public static XmlTraverser GetXmlTraverser(this XmlElement xmlElement)
         => new(xmlElement ?? throw new ArgumentException("DocumentElement cannot be null"));
 
diff --git a/src/Sustainsys.Saml2/Xml/XmlTraverser.cs b/src/Sustainsys.Saml2/Xml/XmlTraverser.cs
index ef4ff1486..a552a0497 100644
--- a/src/Sustainsys.Saml2/Xml/XmlTraverser.cs
+++ b/src/Sustainsys.Saml2/Xml/XmlTraverser.cs
@@ -250,7 +250,7 @@ public bool EnsureNamespace(string namespaceUri)
         return true;
     }
 
-    // TODO: Reorder params to follow XmlNode convention with localname, namespaceUri
+    // TODO: Reorder params to follow XmlNode convention with localName, namespaceUri
     /// <summary>
     /// Ensure that the current node has a specific localName and namespace.
     /// </summary>
@@ -329,7 +329,6 @@ public bool HasName(string namespaceUri, string localName)
     /// </summary>
     /// <param name="localName">Local name of attribute</param>
     /// <returns>Attribute value</returns>
-    /// <exception cref="SamlXmlException">If no such attribute is found.</exception>
     public string GetRequiredAttribute(string localName)
     {
         if (CurrentNode == null)
diff --git a/src/Tests/Sustainsys.Saml2.AspNetCore.Tests/Saml2HandlerTests.cs b/src/Tests/Sustainsys.Saml2.AspNetCore.Tests/Saml2HandlerTests.cs
index 9692f8d73..f80c1a11d 100644
--- a/src/Tests/Sustainsys.Saml2.AspNetCore.Tests/Saml2HandlerTests.cs
+++ b/src/Tests/Sustainsys.Saml2.AspNetCore.Tests/Saml2HandlerTests.cs
@@ -38,8 +38,7 @@ public class Saml2HandlerTests
 #if NET8_0_OR_GREATER
             );
 #else
-            ,
-            systemClock);
+            ,systemClock);
 #endif
 
         var scheme = new AuthenticationScheme("Saml2", "Saml2", typeof(Saml2Handler));
@@ -192,6 +191,6 @@ public async Task HandleRemoteAuthenticate()
         result.Should().BeTrue();
     }
 
-    // TODO: Use event to resolve IdentityProvider - presense of EntityId indicates if challenge or response processing
+    // TODO: Use event to resolve IdentityProvider - presence of EntityId indicates if challenge or response processing
     // TODO: Event when Xml was created
 }
\ No newline at end of file
diff --git a/src/Tests/Sustainsys.Saml2.AspNetCore.Tests/Sustainsys.Saml2.AspNetCore.Tests.csproj b/src/Tests/Sustainsys.Saml2.AspNetCore.Tests/Sustainsys.Saml2.AspNetCore.Tests.csproj
index 5b018184f..adcbd0039 100644
--- a/src/Tests/Sustainsys.Saml2.AspNetCore.Tests/Sustainsys.Saml2.AspNetCore.Tests.csproj
+++ b/src/Tests/Sustainsys.Saml2.AspNetCore.Tests/Sustainsys.Saml2.AspNetCore.Tests.csproj
@@ -32,4 +32,9 @@
 		<ProjectReference Include="..\Sustainsys.Saml2.Tests.Helpers\Sustainsys.Saml2.Tests.Helpers.csproj" />
 	</ItemGroup>
 
+	<PropertyGroup>
+		<!--Restrict warning level to what is supported in .Net 6-->
+		<WarningLevel>6</WarningLevel>
+	</PropertyGroup>
+	
 </Project>
diff --git a/src/Tests/Sustainsys.Saml2.Tests.Helpers/Sustainsys.Saml2.Tests.Helpers.csproj b/src/Tests/Sustainsys.Saml2.Tests.Helpers/Sustainsys.Saml2.Tests.Helpers.csproj
index cfedd615d..da4c1ce89 100644
--- a/src/Tests/Sustainsys.Saml2.Tests.Helpers/Sustainsys.Saml2.Tests.Helpers.csproj
+++ b/src/Tests/Sustainsys.Saml2.Tests.Helpers/Sustainsys.Saml2.Tests.Helpers.csproj
@@ -8,6 +8,10 @@
 		<IsPackable>false</IsPackable>
 	</PropertyGroup>
 
+	<PropertyGroup>
+		<NoWarn>1701;1702;IDE0039;IDE0290;IDE0300</NoWarn>
+	</PropertyGroup>
+
 	<ItemGroup>
 		<PackageReference Include="FluentAssertions" Version="6.6.0" />
 	</ItemGroup>
@@ -25,4 +29,9 @@
 		</None>
 	</ItemGroup>
 
+	<PropertyGroup>
+		<!--Restrict warning level to what is supported in .Net 6-->
+		<WarningLevel>6</WarningLevel>
+	</PropertyGroup>
+
 </Project>
diff --git a/src/Tests/Sustainsys.Saml2.Tests.Helpers/TestData.cs b/src/Tests/Sustainsys.Saml2.Tests.Helpers/TestData.cs
index f91d41b49..dc32dc3db 100644
--- a/src/Tests/Sustainsys.Saml2.Tests.Helpers/TestData.cs
+++ b/src/Tests/Sustainsys.Saml2.Tests.Helpers/TestData.cs
@@ -3,54 +3,53 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Xml;
 
-namespace Sustainsys.Saml2.Tests.Helpers
+namespace Sustainsys.Saml2.Tests.Helpers;
+
+public static class TestData
 {
-    public static class TestData
+    public static XmlTraverser GetXmlTraverser<TDirectory>([CallerMemberName] string? testName = null)
     {
-        public static XmlTraverser GetXmlTraverser<TDirectory>([CallerMemberName] string? testName = null)
-        {
-            var document = GetXmlDocument<TDirectory>(testName);
-
-            return new XmlTraverser(document.DocumentElement ?? throw new InvalidOperationException("XmlDoc contained no DocumentElement"));
-        }
-
-        public static XmlDocument GetXmlDocument<TDirectory>([CallerMemberName] string? testName = null)
-        {
-            ArgumentNullException.ThrowIfNull(testName);
-
-            var assemblyName = typeof(TDirectory).Assembly.GetName().Name!;
-
-            var fileName = "../../.."
-                + typeof(TDirectory).FullName![assemblyName.Length..].Replace('.', '/')
-                + "/" + testName + ".xml";
-
-            var document = new XmlDocument();
-            document.Load(fileName);
-            return document;
-        }
-
-        public static X509Certificate2 Certificate { get; } = new X509Certificate2("Sustainsys.Saml2.Tests.pfx");
-
-        public static SigningKey SigningKey { get; } = new()
-        {
-            Certificate = Certificate,
-            TrustLevel = TrustLevel.ConfiguredKey
-        };
-
-        public static SigningKey[] SingleSigningKey { get; } =
-        {
-            SigningKey
-        };
-
-        public static SigningKey SigningKey2 { get; } = new()
-        {
-            Certificate = new X509Certificate2("Sustainsys.Saml2.Tests2.pfx"),
-            TrustLevel = TrustLevel.TLS
-        };
-
-        public static SigningKey[] SingleSigningKey2 { get; } =
-        {
-            SigningKey2
-        };
+        var document = GetXmlDocument<TDirectory>(testName);
+
+        return new XmlTraverser(document.DocumentElement ?? throw new InvalidOperationException("XmlDoc contained no DocumentElement"));
     }
+
+    public static XmlDocument GetXmlDocument<TDirectory>([CallerMemberName] string? testName = null)
+    {
+        ArgumentNullException.ThrowIfNull(testName);
+
+        var assemblyName = typeof(TDirectory).Assembly.GetName().Name!;
+
+        var fileName = "../../.."
+            + typeof(TDirectory).FullName![assemblyName.Length..].Replace('.', '/')
+            + "/" + testName + ".xml";
+
+        var document = new XmlDocument();
+        document.Load(fileName);
+        return document;
+    }
+
+    public static X509Certificate2 Certificate { get; } = new X509Certificate2("Sustainsys.Saml2.Tests.pfx");
+
+    public static SigningKey SigningKey { get; } = new()
+    {
+        Certificate = Certificate,
+        TrustLevel = TrustLevel.ConfiguredKey
+    };
+
+    public static SigningKey[] SingleSigningKey { get; } =  
+    {
+        SigningKey
+    };
+
+    public static SigningKey SigningKey2 { get; } = new()
+    {
+        Certificate = new X509Certificate2("Sustainsys.Saml2.Tests2.pfx"),
+        TrustLevel = TrustLevel.TLS
+    };
+
+    public static SigningKey[] SingleSigningKey2 { get; } = new[]
+    {
+        SigningKey2
+    };
 }
\ No newline at end of file
diff --git a/src/Tests/Sustainsys.Saml2.Tests/Sustainsys.Saml2.Tests.csproj b/src/Tests/Sustainsys.Saml2.Tests/Sustainsys.Saml2.Tests.csproj
index df63c0987..4e6537a17 100644
--- a/src/Tests/Sustainsys.Saml2.Tests/Sustainsys.Saml2.Tests.csproj
+++ b/src/Tests/Sustainsys.Saml2.Tests/Sustainsys.Saml2.Tests.csproj
@@ -10,7 +10,7 @@
 	</PropertyGroup>
 
 	<PropertyGroup>
-	  <NoWarn>1701;1702;IDE0039</NoWarn>
+		<NoWarn>1701;1702;IDE0039;IDE0290;IDE0300</NoWarn>
 	</PropertyGroup>
 
 	<ItemGroup>
@@ -37,9 +37,9 @@
 	</ItemGroup>
 
 	<ItemGroup>
-	  <None Update="stubidp.sustainsys.com.cer">
-	    <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-	  </None>
+		<None Update="stubidp.sustainsys.com.cer">
+			<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+		</None>
 	</ItemGroup>
 
 </Project>
diff --git a/src/Tests/Sustainsys.Saml2.Tests/Xml/SignedXmlHelperTests.cs b/src/Tests/Sustainsys.Saml2.Tests/Xml/SignedXmlHelperTests.cs
index 4882b1684..81f328478 100644
--- a/src/Tests/Sustainsys.Saml2.Tests/Xml/SignedXmlHelperTests.cs
+++ b/src/Tests/Sustainsys.Saml2.Tests/Xml/SignedXmlHelperTests.cs
@@ -163,7 +163,7 @@ public void VerifySignature_SignatureWrapping()
     [Fact]
     public void VerifySignature_NoReference()
     {
-        var signedWithoutReference = @"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol"" xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"" ID=""Saml2Response_Validate_FalseOnMissingReference"" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z""><saml2:Issuer>https://idp.example.com</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Requester"" /></saml2p:Status><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#rsa-sha1"" /></SignedInfo><SignatureValue>tYFIoYmrzmp3H7TXm9IS8DW3buBZIb6sI2ycrn+AOnVcdYnPTJpk3ntHlqQKXNEyXgXZNdqEuFpgI1I0P0TlhM+C3rBJnflkApkxZkak5RwnJzDWTHpsSDjYcm+/XgBy3JVZJuMWb2YPaV8GB6cjBMDrENUEaoKRg+FpzPUZO1EOMcqbocXp5cHie1CkPnD1OtT/cuzMBUMpBGZMxjZwdFpOO7R3CUXh/McxKfoGUQGC3DVpt5T8uGkpj4KqZVPS/qTCRhbPRDjg73BdWbdkFpFWge8G/FgkYxr9LBE1TsrxptppO9xoA5jXwJVZaWndSMvo6TuOjUgqY2w5RTkqhA==</SignatureValue></Signature></saml2p:Response>";
+        var signedWithoutReference = File.ReadAllText("../../../Xml/SignedXmlHelperTests/VerifySignature_NoReference.xml");
 
         var xmlDoc = new XmlDocument();
         xmlDoc.LoadXml(signedWithoutReference);
@@ -330,7 +330,7 @@ public void VerifySignature_SigningAlgorithmStrength()
         reference.AddTransform(new XmlDsigExcC14NTransform());
         signedXml.AddReference(reference);
 
-        signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
+        signedXml.SignedInfo!.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
         signedXml.ComputeSignature();
 
         xd.DocumentElement!.AppendChild(signedXml.GetXml());
@@ -398,7 +398,7 @@ public void IsSignedByAny_NoKeyMatches_ButEmbeddedKeyValidatesContent()
     }
 
     [Fact]
-    public void VerifySignaure_RejectsDuplicateIdsEvenIfCaseDiffer()
+    public void VerifySignature_RejectsDuplicateIdsEvenIfCaseDiffer()
     {
         // Ensure that a document where referenced id exists in multiple
         // locations but ID is spelled Id or id is rejected. Allowing this is a
@@ -465,12 +465,13 @@ public void VerifySignature_RejectXmlLowerCaseIDs()
 
     private class SignRootSignedXml : SignedXml
     {
-        public SignRootSignedXml(XmlDocument xd) : base(xd) { }
+        public SignRootSignedXml(XmlDocument xd) : base(xd)
+        { }
 
         // This allows us to create a signature with invalid reference for the
         // VerifySignature_RequiresReferenceNCName test.
-        public override XmlElement GetIdElement(XmlDocument document, string idValue)
-            => document.DocumentElement!;
+        public override XmlElement GetIdElement(XmlDocument? document, string idValue)
+            => document!.DocumentElement!;
     }
 
     [Fact]
diff --git a/src/Tests/Sustainsys.Saml2.Tests/Xml/SignedXmlHelperTests/VerifySignature_NoReference.xml b/src/Tests/Sustainsys.Saml2.Tests/Xml/SignedXmlHelperTests/VerifySignature_NoReference.xml
new file mode 100644
index 000000000..ef1e2fd73
--- /dev/null
+++ b/src/Tests/Sustainsys.Saml2.Tests/Xml/SignedXmlHelperTests/VerifySignature_NoReference.xml
@@ -0,0 +1 @@
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="Saml2Response_Validate_FalseOnMissingReference" Version="2.0" IssueInstant="2013-01-01T00:00:00Z"><saml2:Issuer>https://idp.example.com</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester" /></saml2p:Status><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /></SignedInfo><SignatureValue>tYFIoYmrzmp3H7TXm9IS8DW3buBZIb6sI2ycrn+AOnVcdYnPTJpk3ntHlqQKXNEyXgXZNdqEuFpgI1I0P0TlhM+C3rBJnflkApkxZkak5RwnJzDWTHpsSDjYcm+/XgBy3JVZJuMWb2YPaV8GB6cjBMDrENUEaoKRg+FpzPUZO1EOMcqbocXp5cHie1CkPnD1OtT/cuzMBUMpBGZMxjZwdFpOO7R3CUXh/McxKfoGUQGC3DVpt5T8uGkpj4KqZVPS/qTCRhbPRDjg73BdWbdkFpFWge8G/FgkYxr9LBE1TsrxptppO9xoA5jXwJVZaWndSMvo6TuOjUgqY2w5RTkqhA==</SignatureValue></Signature></saml2p:Response>
\ No newline at end of file
diff --git a/src/exclusion.dic b/src/exclusion.dic
new file mode 100644
index 000000000..e746dd66f
--- /dev/null
+++ b/src/exclusion.dic
@@ -0,0 +1,2 @@
+Saml
+Sustainsys