Fixed FxCop messages in DNOA.Core #68

14 files changed, 86 insertions, 18 deletions

diff --git a/src/DotNetOpenAuth.Core/Assumes.cs b/src/DotNetOpenAuth.Core/Assumes.cs
index 8d8286e..b61fbd4 100644
--- a/src/DotNetOpenAuth.Core/Assumes.cs
+++ b/src/DotNetOpenAuth.Core/Assumes.cs
@@ -8,7 +8,9 @@ namespace DotNetOpenAuth {
 	using System;
 	using System.Collections.Generic;
 	using System.Diagnostics;
+	using System.Diagnostics.CodeAnalysis;
 	using System.Diagnostics.Contracts;
+	using System.Globalization;
 	using System.Linq;
 	using System.Text;
 
@@ -37,7 +39,7 @@ namespace DotNetOpenAuth {
 		[Pure, DebuggerStepThrough]
 		internal static void True(bool condition, string unformattedMessage, params object[] args) {
 			if (!condition) {
-				Fail(String.Format(unformattedMessage, args));
+				Fail(String.Format(CultureInfo.CurrentCulture, unformattedMessage, args));
 			}
 		}
 
@@ -57,6 +59,7 @@ namespace DotNetOpenAuth {
 		/// <summary>
 		/// An internal error exception that should never be caught.
 		/// </summary>
+		[SuppressMessage("Microsoft.Design", "CA1064:ExceptionsShouldBePublic", Justification = "This exception should never be caught.")]
 		[Serializable]
 		private class InternalErrorException : Exception {
 			/// <summary>
@@ -69,15 +72,8 @@ namespace DotNetOpenAuth {
 			/// Initializes a new instance of the <see cref="InternalErrorException"/> class.
 			/// </summary>
 			/// <param name="message">The message.</param>
-			internal InternalErrorException(string message) : base(message) {
-			}
-
-			/// <summary>
-			/// Initializes a new instance of the <see cref="InternalErrorException"/> class.
-			/// </summary>
-			/// <param name="message">The message.</param>
-			/// <param name="inner">The inner exception.</param>
-			internal InternalErrorException(string message, Exception inner) : base(message, inner) {
+			internal InternalErrorException(string message)
+				: base(message) {
 			}
 
 			/// <summary>
diff --git a/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationElement.cs b/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationElement.cs
index 5b0efd8..edbb614 100644
--- a/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationElement.cs
+++ b/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationElement.cs
@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.Configuration {
 	using System;
 	using System.Configuration;
+	using System.Diagnostics.CodeAnalysis;
 	using System.Diagnostics.Contracts;
 	using System.IO;
 	using System.Reflection;
@@ -92,6 +93,7 @@ namespace DotNetOpenAuth.Configuration {
 		/// <param name="defaultValue">The value to return if no type is given in the .config file.</param>
 		/// <param name="allowInternals">if set to <c>true</c> then internal types may be instantiated.</param>
 		/// <returns>The newly instantiated type.</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		public T CreateInstance(T defaultValue, bool allowInternals) {
 			Contract.Ensures(Contract.Result<T>() != null || Contract.Result<T>() == defaultValue);
 
diff --git a/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj b/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj
index 3b36226..9b8a613 100644
--- a/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj
+++ b/src/DotNetOpenAuth.Core/DotNetOpenAuth.Core.csproj
@@ -121,7 +121,6 @@
     <Compile Include="Configuration\HostNameOrRegexCollection.cs" />
     <Compile Include="Configuration\HostNameElement.cs" />
     <Compile Include="IEmbeddedResourceRetrieval.cs" />
-    <Compile Include="GlobalSuppressions.cs" />
     <Compile Include="Logger.cs" />
     <Compile Include="Loggers\ILog.cs" />
     <Compile Include="Loggers\Log4NetLogger.cs" />
@@ -140,7 +139,6 @@
   </ItemGroup>
   <ItemGroup>
     <None Include="Configuration\DotNetOpenAuth.xsd" />
-    <None Include="Migrated rules for DotNetOpenAuth.ruleset" />
   </ItemGroup>
   <ItemGroup>
     <EmbeddedResource Include="Strings.resx">
diff --git a/src/DotNetOpenAuth.Core/Messaging/BinaryDataBagFormatter.cs b/src/DotNetOpenAuth.Core/Messaging/BinaryDataBagFormatter.cs
index 12ef6a5..4f4bf0e 100644
--- a/src/DotNetOpenAuth.Core/Messaging/BinaryDataBagFormatter.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/BinaryDataBagFormatter.cs
@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.Messaging {
 	using System;
 	using System.Collections.Generic;
+	using System.Diagnostics.CodeAnalysis;
 	using System.Diagnostics.Contracts;
 	using System.IO;
 	using System.Linq;
@@ -52,6 +53,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// </summary>
 		/// <param name="message">The message.</param>
 		/// <returns>The buffer containing the serialized data.</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		protected override byte[] SerializeCore(T message) {
 			using (var stream = new MemoryStream()) {
 				message.Serialize(stream);
@@ -64,6 +66,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// </summary>
 		/// <param name="message">The message instance to initialize with data from the buffer.</param>
 		/// <param name="data">The data buffer.</param>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		protected override void DeserializeCore(T message, byte[] data) {
 			using (var stream = new MemoryStream(data)) {
 				message.Deserialize(stream);
diff --git a/src/DotNetOpenAuth.Core/Messaging/Bindings/AsymmetricCryptoKeyStoreWrapper.cs b/src/DotNetOpenAuth.Core/Messaging/Bindings/AsymmetricCryptoKeyStoreWrapper.cs
index ae50716..4cb5337 100644
--- a/src/DotNetOpenAuth.Core/Messaging/Bindings/AsymmetricCryptoKeyStoreWrapper.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/Bindings/AsymmetricCryptoKeyStoreWrapper.cs
@@ -154,6 +154,7 @@ namespace DotNetOpenAuth.Messaging.Bindings {
 			/// Invariant conditions.
 			/// </summary>
 			[ContractInvariantMethod]
+			[SuppressMessage("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode", Justification = "Code contracts")]
 			[SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Justification = "Required for code contracts.")]
 			private void ObjectInvariant() {
 				Contract.Invariant(this.EncryptedKey != null);
diff --git a/src/DotNetOpenAuth.Core/Messaging/Channel.cs b/src/DotNetOpenAuth.Core/Messaging/Channel.cs
index 18071ed..201d861 100644
--- a/src/DotNetOpenAuth.Core/Messaging/Channel.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/Channel.cs
@@ -817,7 +817,7 @@ namespace DotNetOpenAuth.Messaging {
 			if (tooLargeForGet) {
 				ErrorUtilities.VerifyProtocol(
 					(message.HttpMethods & HttpDeliveryMethods.PostRequest) == HttpDeliveryMethods.PostRequest,
-					"Message too large for a HTTP GET, and HTTP POST is not allowed for this message type.");
+					MessagingStrings.MessageExceedsGetSizePostNotAllowed);
 			}
 
 			// If GET didn't work out, for whatever reason...
@@ -873,6 +873,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <param name="message">The message to forward.</param>
 		/// <param name="fields">The pre-serialized fields from the message.</param>
 		/// <returns>The encoded HTTP response.</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		protected virtual OutgoingWebResponse CreateFormPostResponse(IDirectedProtocolMessage message, IDictionary<string, string> fields) {
 			Requires.NotNull(message, "message");
 			Requires.True(message.Recipient != null, "message", MessagingStrings.DirectedMessageMissingRecipient);
@@ -946,6 +947,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <param name="message">The message to serialize.</param>
 		/// <returns>A JSON string.</returns>
 		[SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "This Dispose is safe.")]
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		protected virtual string SerializeAsJson(IMessage message) {
 			Requires.NotNull(message, "message");
 
@@ -966,6 +968,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// </summary>
 		/// <param name="json">A JSON string.</param>
 		/// <returns>The simple "key":"value" pairs from a JSON-encoded object.</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		protected virtual IDictionary<string, string> DeserializeFromJson(string json) {
 			Requires.NotNullOrEmpty(json, "json");
 
diff --git a/src/DotNetOpenAuth.Core/Messaging/DataBagFormatterBase.cs b/src/DotNetOpenAuth.Core/Messaging/DataBagFormatterBase.cs
index 0437c89..43df1f5 100644
--- a/src/DotNetOpenAuth.Core/Messaging/DataBagFormatterBase.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/DataBagFormatterBase.cs
@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.Messaging {
 	using System;
 	using System.Collections.Generic;
+	using System.Diagnostics.CodeAnalysis;
 	using System.Diagnostics.Contracts;
 	using System.IO;
 	using System.Linq;
@@ -143,6 +144,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// </summary>
 		/// <param name="message">The message to serialize.  Must not be null.</param>
 		/// <returns>A non-null, non-empty value.</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		public string Serialize(T message) {
 			message.UtcCreationDate = DateTime.UtcNow;
 
@@ -191,6 +193,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <param name="containingMessage">The message that contains the <see cref="DataBag"/> serialized value.  Must not be nulll.</param>
 		/// <param name="value">The serialized form of the <see cref="DataBag"/> to deserialize.  Must not be null or empty.</param>
 		/// <returns>The deserialized value.  Never null.</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		public T Deserialize(IProtocolMessage containingMessage, string value) {
 			string symmetricSecretHandle = null;
 			if (this.encrypted && this.cryptoKeyStore != null) {
@@ -271,6 +274,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <returns>
 		///   <c>true</c> if the signature is valid; otherwise, <c>false</c>.
 		/// </returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		private bool IsSignatureValid(byte[] signedData, byte[] signature, string symmetricSecretHandle) {
 			Requires.NotNull(signedData, "signedData");
 			Requires.NotNull(signature, "signature");
@@ -292,6 +296,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <returns>
 		/// The calculated signature.
 		/// </returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		private byte[] CalculateSignature(byte[] bytesToSign, string symmetricSecretHandle) {
 			Requires.NotNull(bytesToSign, "bytesToSign");
 			Requires.ValidState(this.asymmetricSigning != null || this.cryptoKeyStore != null);
@@ -303,7 +308,7 @@ namespace DotNetOpenAuth.Messaging {
 				}
 			} else {
 				var key = this.cryptoKeyStore.GetKey(this.cryptoKeyBucket, symmetricSecretHandle);
-				ErrorUtilities.VerifyProtocol(key != null, "Missing decryption key.");
+				ErrorUtilities.VerifyProtocol(key != null, MessagingStrings.MissingDecryptionKeyForHandle, this.cryptoKeyBucket, symmetricSecretHandle);
 				using (var symmetricHasher = new HMACSHA256(key.Key)) {
 					return symmetricHasher.ComputeHash(bytesToSign);
 				}
@@ -346,7 +351,7 @@ namespace DotNetOpenAuth.Messaging {
 				return this.asymmetricEncrypting.DecryptWithRandomSymmetricKey(value);
 			} else {
 				var key = this.cryptoKeyStore.GetKey(this.cryptoKeyBucket, symmetricSecretHandle);
-				ErrorUtilities.VerifyProtocol(key != null, "Missing decryption key.");
+				ErrorUtilities.VerifyProtocol(key != null, MessagingStrings.MissingDecryptionKeyForHandle, this.cryptoKeyBucket, symmetricSecretHandle);
 				return MessagingUtilities.Decrypt(value, key.Key);
 			}
 		}
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingStrings.Designer.cs b/src/DotNetOpenAuth.Core/Messaging/MessagingStrings.Designer.cs
index 3ad2bdd..2fe273f 100644
--- a/src/DotNetOpenAuth.Core/Messaging/MessagingStrings.Designer.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/MessagingStrings.Designer.cs
@@ -295,6 +295,15 @@ namespace DotNetOpenAuth.Messaging {
         }
         
         /// <summary>
+        ///   Looks up a localized string similar to Message too large for a HTTP GET, and HTTP POST is not allowed for this message type..
+        /// </summary>
+        internal static string MessageExceedsGetSizePostNotAllowed {
+            get {
+                return ResourceManager.GetString("MessageExceedsGetSizePostNotAllowed", resourceCulture);
+            }
+        }
+        
+        /// <summary>
         ///   Looks up a localized string similar to The {0} message does not support extensions..
         /// </summary>
         internal static string MessageNotExtensible {
@@ -349,6 +358,15 @@ namespace DotNetOpenAuth.Messaging {
         }
         
         /// <summary>
+        ///   Looks up a localized string similar to Missing decryption key for bucket &quot;{0}&quot; handle &quot;{1}&quot;.
+        /// </summary>
+        internal static string MissingDecryptionKeyForHandle {
+            get {
+                return ResourceManager.GetString("MissingDecryptionKeyForHandle", resourceCulture);
+            }
+        }
+        
+        /// <summary>
         ///   Looks up a localized string similar to A non-empty string was expected..
         /// </summary>
         internal static string NonEmptyStringExpected {
@@ -520,6 +538,15 @@ namespace DotNetOpenAuth.Messaging {
         }
         
         /// <summary>
+        ///   Looks up a localized string similar to Unexpected buffer length..
+        /// </summary>
+        internal static string UnexpectedBufferLength {
+            get {
+                return ResourceManager.GetString("UnexpectedBufferLength", resourceCulture);
+            }
+        }
+        
+        /// <summary>
         ///   Looks up a localized string similar to The array must not be empty..
         /// </summary>
         internal static string UnexpectedEmptyArray {
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingStrings.resx b/src/DotNetOpenAuth.Core/Messaging/MessagingStrings.resx
index 5f3f79a..fbdb63d 100644
--- a/src/DotNetOpenAuth.Core/Messaging/MessagingStrings.resx
+++ b/src/DotNetOpenAuth.Core/Messaging/MessagingStrings.resx
@@ -324,4 +324,13 @@
   <data name="ExpectedParameterWasMissing" xml:space="preserve">
     <value>The message part {0} was expected in the {1} message but was not found.</value>
   </data>
+  <data name="MessageExceedsGetSizePostNotAllowed" xml:space="preserve">
+    <value>Message too large for a HTTP GET, and HTTP POST is not allowed for this message type.</value>
+  </data>
+  <data name="MissingDecryptionKeyForHandle" xml:space="preserve">
+    <value>Missing decryption key for bucket "{0}" handle "{1}"</value>
+  </data>
+  <data name="UnexpectedBufferLength" xml:space="preserve">
+    <value>Unexpected buffer length.</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
index ac9f53e..8d25064 100644
--- a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
@@ -585,6 +585,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <param name="buffer">The buffer to encrypt.</param>
 		/// <param name="key">The symmetric secret to use to encrypt the buffer.  Allowed values are 128, 192, or 256 bytes in length.</param>
 		/// <returns>The encrypted buffer</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		internal static byte[] Encrypt(byte[] buffer, byte[] key) {
 			using (SymmetricAlgorithm crypto = CreateSymmetricAlgorithm(key)) {
 				using (var ms = new MemoryStream()) {
@@ -609,6 +610,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <param name="key">The symmetric secret to use to decrypt the buffer.  Allowed values are 128, 192, and 256.</param>
 		/// <returns>The encrypted buffer</returns>
 		[SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "This Dispose is safe.")]
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		internal static byte[] Decrypt(byte[] buffer, byte[] key) {
 			using (SymmetricAlgorithm crypto = CreateSymmetricAlgorithm(key)) {
 				using (var ms = new MemoryStream(buffer)) {
@@ -664,6 +666,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <param name="crypto">The asymmetric encryption provider to use for encryption.</param>
 		/// <param name="buffer">The buffer to encrypt.</param>
 		/// <returns>The encrypted data.</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		internal static byte[] EncryptWithRandomSymmetricKey(this RSACryptoServiceProvider crypto, byte[] buffer) {
 			Requires.NotNull(crypto, "crypto");
 			Requires.NotNull(buffer, "buffer");
@@ -699,6 +702,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <param name="buffer">The buffer to decrypt.</param>
 		/// <returns>The decrypted data.</returns>
 		[SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "This Dispose is safe.")]
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		internal static byte[] DecryptWithRandomSymmetricKey(this RSACryptoServiceProvider crypto, byte[] buffer) {
 			Requires.NotNull(crypto, "crypto");
 			Requires.NotNull(buffer, "buffer");
@@ -781,6 +785,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <param name="buffer">The buffer to compress.</param>
 		/// <returns>The compressed data.</returns>
 		[SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "This Dispose is safe.")]
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		internal static byte[] Compress(byte[] buffer) {
 			Requires.NotNull(buffer, "buffer");
 			Contract.Ensures(Contract.Result<byte[]>() != null);
@@ -799,6 +804,8 @@ namespace DotNetOpenAuth.Messaging {
 		/// </summary>
 		/// <param name="buffer">The buffer to decompress.</param>
 		/// <returns>The decompressed data.</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
+		[SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "This Dispose is safe.")]
 		internal static byte[] Decompress(byte[] buffer) {
 			Requires.NotNull(buffer, "buffer");
 			Contract.Ensures(Contract.Result<byte[]>() != null);
@@ -1543,7 +1550,7 @@ namespace DotNetOpenAuth.Messaging {
 			Requires.NotNull(reader, "reader");
 			int length = reader.ReadInt32();
 			byte[] buffer = new byte[length];
-			ErrorUtilities.VerifyProtocol(reader.Read(buffer, 0, length) == length, "Unexpected buffer length.");
+			ErrorUtilities.VerifyProtocol(reader.Read(buffer, 0, length) == length, MessagingStrings.UnexpectedBufferLength);
 			return buffer;
 		}
 
@@ -1654,6 +1661,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// </summary>
 		/// <param name="key">The symmetric key to use for encryption/decryption.</param>
 		/// <returns>A symmetric algorithm.</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		private static SymmetricAlgorithm CreateSymmetricAlgorithm(byte[] key) {
 			SymmetricAlgorithm result = null;
 			try {
diff --git a/src/DotNetOpenAuth.Core/Reporting.cs b/src/DotNetOpenAuth.Core/Reporting.cs
index 4ec8637..a7940b6 100644
--- a/src/DotNetOpenAuth.Core/Reporting.cs
+++ b/src/DotNetOpenAuth.Core/Reporting.cs
@@ -28,6 +28,7 @@ namespace DotNetOpenAuth {
 	/// The statistical reporting mechanism used so this library's project authors
 	/// know what versions and features are in use.
 	/// </summary>
+	[SuppressMessage("Microsoft.Design", "CA1053:StaticHolderTypesShouldNotHaveConstructors", Justification = "This class is derived from, so it can't be static.")]
 	public class Reporting {
 		/// <summary>
 		/// A UTF8 encoder that doesn't emit the preamble.  Used for mid-stream writers.
@@ -119,6 +120,12 @@ namespace DotNetOpenAuth {
 		}
 
 		/// <summary>
+		/// Initializes a new instance of the <see cref="Reporting"/> class.
+		/// </summary>
+		protected Reporting() {
+		}
+
+		/// <summary>
 		/// Gets or sets a value indicating whether this reporting is enabled.
 		/// </summary>
 		/// <value><c>true</c> if enabled; otherwise, <c>false</c>.</value>
@@ -367,6 +374,7 @@ namespace DotNetOpenAuth {
 		/// Assembles a report for submission.
 		/// </summary>
 		/// <returns>A stream that contains the report.</returns>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "If we dispose of the StreamWriter, it disposes of the underlying stream.")]
 		private static Stream GetReport() {
 			var stream = new MemoryStream();
 			try {
@@ -553,6 +561,7 @@ namespace DotNetOpenAuth {
 		/// The identifier is made persistent by storing the identifier in isolated storage.
 		/// If an existing identifier is not found, a new one is created, persisted, and returned.
 		/// </remarks>
+		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "No apparent problem.  False positive?")]
 		private static Guid GetOrCreateOriginIdentity() {
 			Requires.ValidState(file != null);
 			Contract.Ensures(Contract.Result<Guid>() != Guid.Empty);
diff --git a/src/DotNetOpenAuth.Core/Requires.cs b/src/DotNetOpenAuth.Core/Requires.cs
index dbcf5ff..8aa15dd 100644
--- a/src/DotNetOpenAuth.Core/Requires.cs
+++ b/src/DotNetOpenAuth.Core/Requires.cs
@@ -134,7 +134,7 @@ namespace DotNetOpenAuth {
 		[Pure, DebuggerStepThrough]
 		internal static void True(bool condition, string parameterName, string unformattedMessage, params object[] args) {
 			if (!condition) {
-				throw new ArgumentException(String.Format(unformattedMessage, args), parameterName);
+				throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, unformattedMessage, args), parameterName);
 			}
 
 			Contract.EndContractBlock();
diff --git a/src/DotNetOpenAuth.Core/Migrated rules for DotNetOpenAuth.ruleset b/src/DotNetOpenAuth.ruleset
index 0ba4e6e..3222fb0 100644
--- a/src/DotNetOpenAuth.Core/Migrated rules for DotNetOpenAuth.ruleset
+++ b/src/DotNetOpenAuth.ruleset
@@ -2,6 +2,7 @@
 <RuleSet Name="Migrated rules for DotNetOpenAuth.ruleset" Description="This rule set was created from the CodeAnalysisRules property for the &quot;Debug (Any CPU)&quot; configuration in project &quot;C:\Users\andarno\git\dotnetopenid\src\DotNetOpenAuth\DotNetOpenAuth.csproj&quot;." ToolsVersion="10.0">
   <IncludeAll Action="Warning" />
   <Rules AnalyzerId="Microsoft.Analyzers.ManagedCodeAnalysis" RuleNamespace="Microsoft.Rules.Managed">
+    <Rule Id="CA1026" Action="None" />
     <Rule Id="CA1054" Action="None" />
     <Rule Id="CA1055" Action="None" />
     <Rule Id="CA1056" Action="None" />
diff --git a/src/DotNetOpenAuth.Core/GlobalSuppressions.cs b/src/GlobalSuppressions.cs
index 2bc6c04..39d5c6f 100644
--- a/src/DotNetOpenAuth.Core/GlobalSuppressions.cs
+++ b/src/GlobalSuppressions.cs
@@ -67,4 +67,10 @@ using System.Diagnostics.CodeAnalysis;
 [assembly: SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "iframe", Scope = "resource", Target = "DotNetOpenAuth.OpenId.OpenIdStrings.resources")]
 [assembly: SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "Sig", Scope = "resource", Target = "DotNetOpenAuth.OpenId.OpenIdStrings.resources")]
 [assembly: SuppressMessage("Microsoft.Naming", "CA1701:ResourceStringCompoundWordsShouldBeCasedCorrectly", MessageId = "DSig", Scope = "resource", Target = "DotNetOpenAuth.OpenId.OpenIdStrings.resources")]
-[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1020:AvoidNamespacesWithFewTypes", Scope = "namespace", Target = "DotNetOpenAuth.OAuth2.ChannelElements")]
+[assembly: SuppressMessage("Microsoft.Design", "CA1020:AvoidNamespacesWithFewTypes", Scope = "namespace", Target = "DotNetOpenAuth.OAuth2.ChannelElements")]
+[assembly: SuppressMessage("Microsoft.Portability", "CA1903:UseOnlyApiFromTargetedFramework", MessageId = "System.Web.Abstractions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35")]
+[assembly: SuppressMessage("Microsoft.Design", "CA1026:DefaultParametersShouldNotBeUsed", Justification = "We don't have to cater to lesser CLR languages.")]
+[assembly: SuppressMessage("Microsoft.Design", "CA1065:DoNotRaiseExceptionsInUnexpectedLocations", Scope = "member", Target = "DotNetOpenAuth.Messaging.IHttpDirectResponseContract.#DotNetOpenAuth.Messaging.IHttpDirectResponse.Headers", Justification = "Code contract")]
+[assembly: SuppressMessage("Microsoft.Design", "CA1033:InterfaceMethodsShouldBeCallableByChildTypes", Scope = "member", Target = "DotNetOpenAuth.Messaging.IHttpDirectResponseContract.#DotNetOpenAuth.Messaging.IHttpDirectResponse.Headers", Justification = "Code contract")]
+[assembly: SuppressMessage("Microsoft.Design", "CA1065:DoNotRaiseExceptionsInUnexpectedLocations", Scope = "member", Target = "DotNetOpenAuth.Messaging.IHttpDirectResponseContract.#DotNetOpenAuth.Messaging.IHttpDirectResponse.HttpStatusCode", Justification = "Code contract")]
+[assembly: SuppressMessage("Microsoft.Design", "CA1033:InterfaceMethodsShouldBeCallableByChildTypes", Scope = "member", Target = "DotNetOpenAuth.Messaging.IHttpDirectResponseContract.#DotNetOpenAuth.Messaging.IHttpDirectResponse.HttpStatusCode", Justification = "Code contract")]