Added support for negative serial numbers in X509IssuerSerialKeyIdentifierClause as proposed in RFC 5280

mcs/class/System.IdentityModel/System.IdentityModel.Tokens/X509IssuerSerialKeyIdentifierClause.cs

@@ -54,9 +54,23 @@ namespace System.IdentityModel.Tokens
 #if TARGET_DOTNET
 			throw new NotImplementedException ();
 #else			
-			return new BigInteger (FromBinHex (hexString)).ToString ();
+           // http://tools.ietf.org/html/rfc5280#section-4.1.2.2
+           // We SHOULD support negative numbers
+           var bytes = FromBinHex (hexString);
+			
+            var negative = bytes.Length > 0 && bytes[0] >= 0x80;
+			if (negative) 
+				for (int i = 0; i < bytes.Length; i++) 
+					bytes[i] = (byte) ~ bytes[i];
+        	
+			var big = new BigInteger (bytes);
+			if (negative) { 
+				big = big + 1;
+				return "-" + big.ToString();
+			} else 
+				return big.ToString ();
 #endif
-		}
+        }
 
 		public X509IssuerSerialKeyIdentifierClause (X509Certificate2 certificate)
 			: base (null)

mcs/class/System.IdentityModel/Test/System.IdentityModel.Tokens/X509IssuerSerialKeyIdentifierClauseTest.cs

@@ -40,6 +40,7 @@ namespace MonoTests.System.IdentityModel.Selectors
 	{
 		static readonly X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.pfx", "mono");
 		static readonly X509Certificate2 cert2 = new X509Certificate2 ("Test/Resources/test2.pfx", "mono");
+        static readonly X509Certificate2 cert3 = new X509Certificate2("Test/Resources/test_neg_serial.cer");
 
 		[Test]
 		public void Properties ()
@@ -50,5 +51,14 @@ namespace MonoTests.System.IdentityModel.Selectors
 			Assert.AreEqual ("22491767666218099257720700881460366085", ic.IssuerSerialNumber, "#2");
 			Assert.AreEqual (null, ic.ClauseType, "#3");
 		}
+
+        [Test]
+        public void NegativeSerialNumber()
+        {
+            var clause = new X509IssuerSerialKeyIdentifierClause (cert3);
+            Assert.AreEqual("CN=test, OU=cert, O=test, [email protected]", clause.IssuerName, "#1");
+            Assert.AreEqual("-168428216848510272180165529369113665228", clause.IssuerSerialNumber, "#2");
+            Assert.AreEqual(null, clause.ClauseType, "#3");
+        }
 	}
 }