#1 of what will be doubtless many. Right now I’ve started to put things away, so I don’t know when I’ll have the ability to produce a proper errata to Wrox requirements, so rather than have you struggle I’m posting the correction(s) here.

Listing 10-11 on page 251 is incorrect, and if ran no X509 signing certificate will be extracted, although the XML signature will be verified. The code should be as follows:

public static bool VerifySignature(XmlDocument document, out X509Certificate signingCertificate)
{
    // Create a new SignedXml object and load
    // the signed XML document.
    SignedXml signedXml = new SignedXml(document);

    // Find the "Signature" node and create a new
    // XmlNodeList object.
    XmlNodeList nodeList = document.GetElementsByTagName("Signature");
    if (nodeList.Count <= 0)
    {
        throw new CryptographicException("No signature found.");
    }

    // Load the first <signature> node.
    signedXml.LoadXml((XmlElement)nodeList[0]);

    signingCertificate = null;
    

    // Extract the signing certificate.
    foreach (KeyInfoClause keyInfoClause in signedXml.KeyInfo)
    {
        if (!(keyInfoClause is KeyInfoX509Data))
        {
            continue;
        }

        KeyInfoX509Data keyInfoX509Data = keyInfoClause as KeyInfoX509Data;
        if ((keyInfoX509Data.Certificates != null) && (keyInfoX509Data.Certificates.Count == 1))
        {
            signingCertificate = (X509Certificate)keyInfoX509Data.Certificates[0];
        }
    }
    
    // Check the signature.
    return signedXml.CheckSignature();
}

Apologies for that, I can only blame my fat fingers as I cut and pasted into Word.

(I’ve edited the title because Jon Skeet {yes, that Jon Skeet} is a pedant).