Ejemplos de ICryptoSignatureVerifier en C# (CSharp)

Ejemplo n.º 1

        public void VerifyWithModifiedSignedBytesTest()
        {
            string encodedModifiedSignedBytes = "0029020456C0D6A904210187EBC5594827DC2B3F87918DC7AFE8A528E844D65918CD525984D65981C2C79A";
            // valid from 2016.01.01 - 2026.01.01
            string encodedCert =
                "308201A730820110A003020102021000BAA25764984826073CEF1BEEAA7B6F300D06092A864886F70D01010B050030123110300E06035504030C0774657374696E67301E170D3136303130313030303030305A170D3236303130313030303030305A30123110300E06035504030C0774657374696E6730819F300D06092A864886F70D010101050003818D0030818902818100E66DC137E4F856EADB0D47C280BED297D70191287919FD6EBF1195DF5E821EA867F861E551A37762E3CAEBB32B1DE7E0143529F1678A87BCE2C8E5D5185F25EEC3ABC7E295EEBC64EFE4BC8ADB412A99D3F9125D30C45F887632DE4B95AA169B79D1A6FD4E735255632341ED41B5BFA828975A4F1501B02C2277CA15BD470DAB0203010001300D06092A864886F70D01010B05000381810057B6B2BED11E7DC06E7A7AD77D1922C33FE8BDEBDC48B20A9444F807AA6017890E10B21C6FA5C4795AF32B9A45E9C560580115C8DF09E4ACA8E69C2757F9CAAB3007B548A567DBE8FB228EFF4F3D7995B3B2F008F3D62BECB3D2E80827A17B42B9C8C8C0280565868D572BBE7E4916E4888D8F503BEC1561CF4A1495C43C6420";

            string encodedSignature =
                "308006092A864886F70D010702A0803080020101310F300D06096086480165030402010500308006092A864886F70D0107010000A080308201A730820110A003020102021000FA0A522D88F59EFD6B8D79217B94C7300D06092A864886F70D01010B050030123110300E06035504030C0774657374696E67301E170D3136303130313030303030305A170D3236303130313030303030305A30123110300E06035504030C0774657374696E6730819F300D06092A864886F70D010101050003818D0030818902818100E66DC137E4F856EADB0D47C280BED297D70191287919FD6EBF1195DF5E821EA867F861E551A37762E3CAEBB32B1DE7E0143529F1678A87BCE2C8E5D5185F25EEC3ABC7E295EEBC64EFE4BC8ADB412A99D3F9125D30C45F887632DE4B95AA169B79D1A6FD4E735255632341ED41B5BFA828975A4F1501B02C2277CA15BD470DAB0203010001300D06092A864886F70D01010B0500038181000E2B265923ED37069FEA637264A3A9D8CBFD14A6732D380B54C61FADAF4F94DBE99E51409E25535896D9EB77328AF92B572E3E037AA0E052E89A067A77F448A0DFCDB432A45EED103B0182835638C048BE0668AD659E2E93DA056E44BC8180F9637D797E1072B4F99684EC5BEBF47E7194FB2A33B95CD08B6D2932303B8EFD2100003182013B30820137020101302630123110300E06035504030C0774657374696E67021000FA0A522D88F59EFD6B8D79217B94C7300D06096086480165030402010500A069301806092A864886F70D010903310B06092A864886F70D010701301C06092A864886F70D010905310F170D3137313131333133313831335A302F06092A864886F70D01090431220420F083925226E0D857E5320AB3544F754B2FA74B364268BC755987C518083D2940300D06092A864886F70D0101010500048180990B1C530CAED23935CB286774C6089AEA1E5593AEFCE56284517B1BEB00AE2F5C90212CD9ACD95A974F11F8FC68A53E16E2471682E61CDB461BA59037F56CBB6E55CA6B1A8A49B5A316A2B45274DB36E75CB1E0403A7C0B6DBEA52F0EBAA843E64CD97B878B216E1F0656B747A925E337EA375A3885623205351FC3721D5F1D000000000000";

            PkiVerificationFailedException ex = Assert.Throws <PkiVerificationFailedException>(delegate
            {
                ICryptoSignatureVerifier verifier = KsiProvider.CreatePkcs7CryptoSignatureVerifier();
                verifier.Verify(Base16.Decode(encodedModifiedSignedBytes),
                                Base16.Decode(encodedSignature),
                                new CryptoSignatureVerificationData(Base16.Decode(encodedCert)));
            });

            Assert.That(
                ex.Message.StartsWith("Failed to verify PKCS#7 signature") &&
                (
                    // separate error messages for Microsoft and Bouncy Castle
                    ex.InnerException.Message.StartsWith("The hash value is not correct") ||
                    ex.InnerException.Message.StartsWith("message-digest attribute value does not match calculated value")
                ),
                "Unexpected exception message: " + ex.Message);
        }

Ejemplo n.º 2

        public void VerifyWithPublicationsFileCertTest()
        {
            PublicationsFile         pubsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);
            ICryptoSignatureVerifier verifier = KsiProvider.CreatePkcs7CryptoSignatureVerifier();

            verifier.Verify(pubsFile.GetSignedBytes(), pubsFile.GetSignatureValue(), new CryptoSignatureVerificationData(GetFileBytes(Resources.PkiTrustProvider_CustomCert)));
        }

Ejemplo n.º 3

        public void SignatureBytesNullTest()
        {
            string encodedCert =
                "308201A730820110A003020102021000BAA25764984826073CEF1BEEAA7B6F300D06092A864886F70D01010B050030123110300E06035504030C0774657374696E67301E170D3136303130313030303030305A170D3236303130313030303030305A30123110300E06035504030C0774657374696E6730819F300D06092A864886F70D010101050003818D0030818902818100E66DC137E4F856EADB0D47C280BED297D70191287919FD6EBF1195DF5E821EA867F861E551A37762E3CAEBB32B1DE7E0143529F1678A87BCE2C8E5D5185F25EEC3ABC7E295EEBC64EFE4BC8ADB412A99D3F9125D30C45F887632DE4B95AA169B79D1A6FD4E735255632341ED41B5BFA828975A4F1501B02C2277CA15BD470DAB0203010001300D06092A864886F70D01010B05000381810057B6B2BED11E7DC06E7A7AD77D1922C33FE8BDEBDC48B20A9444F807AA6017890E10B21C6FA5C4795AF32B9A45E9C560580115C8DF09E4ACA8E69C2757F9CAAB3007B548A567DBE8FB228EFF4F3D7995B3B2F008F3D62BECB3D2E80827A17B42B9C8C8C0280565868D572BBE7E4916E4888D8F503BEC1561CF4A1495C43C6420";

            ICryptoSignatureVerifier verifier = KsiProvider.CreatePkcs7CryptoSignatureVerifier();
            ArgumentNullException    ex       = Assert.Throws <ArgumentNullException>(delegate
            {
                verifier.Verify(Base16.Decode("01"), null, new CryptoSignatureVerificationData(Base16.Decode(encodedCert)));
            });

            Assert.That(ex.ParamName == "signatureBytes", "Unexpected exception message: " + ex.Message);
        }

Ejemplo n.º 4

Archivo: RsaCryptoSignatureVerifierTests.cs Proyecto: betosmith2000/ksi-net-sdk

        public void SignatureBytesNullTest()
        {
            string encodedCert =
                "308201A730820110A00302010202100096577055BF04943952E580CD2DF257300D06092A864886F70D01010B050030123110300E06035504030C0774657374696E67301E170D3136303130313030303030305A170D3236303130313030303030305A30123110300E06035504030C0774657374696E6730819F300D06092A864886F70D010101050003818D0030818902818100E66DC137E4F856EADB0D47C280BED297D70191287919FD6EBF1195DF5E821EA867F861E551A37762E3CAEBB32B1DE7E0143529F1678A87BCE2C8E5D5185F25EEC3ABC7E295EEBC64EFE4BC8ADB412A99D3F9125D30C45F887632DE4B95AA169B79D1A6FD4E735255632341ED41B5BFA828975A4F1501B02C2277CA15BD470DAB0203010001300D06092A864886F70D01010B050003818100A7668A7341CC50F71045D80419AFC648FAA869DCDAD248C7BCA171EBDF54EA4FFE7D339B5A227402A2E23B554BF0E1570FFB6D0F47F3EE155984CCD3A3676C66A780560CE0A3B75B0F6D83D25FBE0B19B7491114529F208470060BFEAB1F91CA59940D53FCFA277B6E3BAE0057AD7CD2C9549B9CCF4FBF942E37B13ACC430302";

            ICryptoSignatureVerifier verifier = KsiProvider.CreateRsaCryptoSignatureVerifier("SHA256");
            ArgumentNullException    ex       = Assert.Throws <ArgumentNullException>(delegate
            {
                verifier.Verify(Base16.Decode("01"), null, new CryptoSignatureVerificationData(Base16.Decode(encodedCert)));
            });

            Assert.That(ex.ParamName == "signatureBytes", "Unexpected exception message: " + ex.Message);
        }

Ejemplo n.º 5

        public void NoTrustAnchorsTest()
        {
            string encodedSignedBytes = "3029020456C0D6A904210187EBC5594827DC2B3F87918DC7AFE8A528E844D65918CD525984D65981C2C79A";

            string encodedSignature =
                "308006092A864886F70D010702A0803080020101310F300D06096086480165030402010500308006092A864886F70D0107010000A080308201A730820110A003020102021000BAA25764984826073CEF1BEEAA7B6F300D06092A864886F70D01010B050030123110300E06035504030C0774657374696E67301E170D3136303130313030303030305A170D3236303130313030303030305A30123110300E06035504030C0774657374696E6730819F300D06092A864886F70D010101050003818D0030818902818100E66DC137E4F856EADB0D47C280BED297D70191287919FD6EBF1195DF5E821EA867F861E551A37762E3CAEBB32B1DE7E0143529F1678A87BCE2C8E5D5185F25EEC3ABC7E295EEBC64EFE4BC8ADB412A99D3F9125D30C45F887632DE4B95AA169B79D1A6FD4E735255632341ED41B5BFA828975A4F1501B02C2277CA15BD470DAB0203010001300D06092A864886F70D01010B05000381810057B6B2BED11E7DC06E7A7AD77D1922C33FE8BDEBDC48B20A9444F807AA6017890E10B21C6FA5C4795AF32B9A45E9C560580115C8DF09E4ACA8E69C2757F9CAAB3007B548A567DBE8FB228EFF4F3D7995B3B2F008F3D62BECB3D2E80827A17B42B9C8C8C0280565868D572BBE7E4916E4888D8F503BEC1561CF4A1495C43C642000003182013B30820137020101302630123110300E06035504030C0774657374696E67021000BAA25764984826073CEF1BEEAA7B6F300D06096086480165030402010500A069301806092A864886F70D010903310B06092A864886F70D010701301C06092A864886F70D010905310F170D3137313130393133333235335A302F06092A864886F70D01090431220420F083925226E0D857E5320AB3544F754B2FA74B364268BC755987C518083D2940300D06092A864886F70D01010105000481809BC20BF93B9190207D585A4638AFBB3BCDB740E6030F1B56A922E7E1B25024F3DCE9F2B63B693281E5056D7BA4553814B1FF8E4A38955DAF0FA9B26D468B29D8137E1EE0FAF3A9D8FD1E5EBFF0560C51684B93735E3D1A2313484AF62EC2FD39BA7BA2781818BB38BFE2D33C2C23F74AB4F43824D4209E3DA211F1DB990DCD0D000000000000";

            ICryptoSignatureVerifier verifier = KsiProvider.CreatePkcs7CryptoSignatureVerifier();
            ArgumentException        ex       = Assert.Throws <ArgumentException>(delegate
            {
                verifier.Verify(Base16.Decode(encodedSignedBytes), Base16.Decode(encodedSignature), null);
            });

            Assert.That(ex.Message.StartsWith("No trust anchors given."), "Unexpected exception message: " + ex.Message);
        }

Ejemplo n.º 6

Archivo: RsaCryptoSignatureVerifierTests.cs Proyecto: betosmith2000/ksi-net-sdk

        public void CryptoSignatureVerificationDataNullTest()
        {
            string encodedSignedBytes = "3029020456C0D6A904210187EBC5594827DC2B3F87918DC7AFE8A528E844D65918CD525984D65981C2C79A";

            string encodedSignature =
                "4B08D8DE7AFB3390FD6F315877EBEB55DA4F259E57BC6A282EA00373D43FC32ECC462500CACD353DFE4916EBFD58B89D72F204668223177263DF1963934326EAABE70FDB70C9238C35C3BBAC842FE9BF205C5AD0AE5A691CC26306AAB20129FA5F9C8711E4D0ED3118FFE32B6C97572A8D6700A3471B90023A60FF71C9558E0C";

            ICryptoSignatureVerifier verifier = KsiProvider.CreateRsaCryptoSignatureVerifier("SHA256");
            ArgumentNullException    ex       = Assert.Throws <ArgumentNullException>(delegate
            {
                verifier.Verify(Base16.Decode(encodedSignedBytes), Base16.Decode(encodedSignature), null);
            });

            Assert.That(ex.ParamName == "data", "Unexpected exception message: " + ex.Message);
        }

Ejemplo n.º 7

Archivo: RsaCryptoSignatureVerifierTests.cs Proyecto: betosmith2000/ksi-net-sdk

        public void SignedBytesNullTest()
        {
            string encodedCert =
                "308201A730820110A00302010202100096577055BF04943952E580CD2DF257300D06092A864886F70D01010B050030123110300E06035504030C0774657374696E67301E170D3136303130313030303030305A170D3236303130313030303030305A30123110300E06035504030C0774657374696E6730819F300D06092A864886F70D010101050003818D0030818902818100E66DC137E4F856EADB0D47C280BED297D70191287919FD6EBF1195DF5E821EA867F861E551A37762E3CAEBB32B1DE7E0143529F1678A87BCE2C8E5D5185F25EEC3ABC7E295EEBC64EFE4BC8ADB412A99D3F9125D30C45F887632DE4B95AA169B79D1A6FD4E735255632341ED41B5BFA828975A4F1501B02C2277CA15BD470DAB0203010001300D06092A864886F70D01010B050003818100A7668A7341CC50F71045D80419AFC648FAA869DCDAD248C7BCA171EBDF54EA4FFE7D339B5A227402A2E23B554BF0E1570FFB6D0F47F3EE155984CCD3A3676C66A780560CE0A3B75B0F6D83D25FBE0B19B7491114529F208470060BFEAB1F91CA59940D53FCFA277B6E3BAE0057AD7CD2C9549B9CCF4FBF942E37B13ACC430302";

            string encodedSignature =
                "4B08D8DE7AFB3390FD6F315877EBEB55DA4F259E57BC6A282EA00373D43FC32ECC462500CACD353DFE4916EBFD58B89D72F204668223177263DF1963934326EAABE70FDB70C9238C35C3BBAC842FE9BF205C5AD0AE5A691CC26306AAB20129FA5F9C8711E4D0ED3118FFE32B6C97572A8D6700A3471B90023A60FF71C9558E0C";

            ICryptoSignatureVerifier verifier = KsiProvider.CreateRsaCryptoSignatureVerifier("SHA256");
            ArgumentNullException    ex       = Assert.Throws <ArgumentNullException>(delegate
            {
                verifier.Verify(null, Base16.Decode(encodedSignature), new CryptoSignatureVerificationData(Base16.Decode(encodedCert)));
            });

            Assert.That(ex.ParamName == "signedBytes", "Unexpected exception message: " + ex.Message);
        }

Ejemplo n.º 8

Archivo: RsaCryptoSignatureVerifierTests.cs Proyecto: betosmith2000/ksi-net-sdk

        public void VerifyWithTimeTest()
        {
            string encodedSignedBytes = "3029020456C0D6A904210187EBC5594827DC2B3F87918DC7AFE8A528E844D65918CD525984D65981C2C79A";
            // valid from 2016.01.01 - 2026.01.01
            string encodedCert =
                "308201A730820110A00302010202100096577055BF04943952E580CD2DF257300D06092A864886F70D01010B050030123110300E06035504030C0774657374696E67301E170D3136303130313030303030305A170D3236303130313030303030305A30123110300E06035504030C0774657374696E6730819F300D06092A864886F70D010101050003818D0030818902818100E66DC137E4F856EADB0D47C280BED297D70191287919FD6EBF1195DF5E821EA867F861E551A37762E3CAEBB32B1DE7E0143529F1678A87BCE2C8E5D5185F25EEC3ABC7E295EEBC64EFE4BC8ADB412A99D3F9125D30C45F887632DE4B95AA169B79D1A6FD4E735255632341ED41B5BFA828975A4F1501B02C2277CA15BD470DAB0203010001300D06092A864886F70D01010B050003818100A7668A7341CC50F71045D80419AFC648FAA869DCDAD248C7BCA171EBDF54EA4FFE7D339B5A227402A2E23B554BF0E1570FFB6D0F47F3EE155984CCD3A3676C66A780560CE0A3B75B0F6D83D25FBE0B19B7491114529F208470060BFEAB1F91CA59940D53FCFA277B6E3BAE0057AD7CD2C9549B9CCF4FBF942E37B13ACC430302";

            string encodedSignature =
                "4B08D8DE7AFB3390FD6F315877EBEB55DA4F259E57BC6A282EA00373D43FC32ECC462500CACD353DFE4916EBFD58B89D72F204668223177263DF1963934326EAABE70FDB70C9238C35C3BBAC842FE9BF205C5AD0AE5A691CC26306AAB20129FA5F9C8711E4D0ED3118FFE32B6C97572A8D6700A3471B90023A60FF71C9558E0C";

            ICryptoSignatureVerifier verifier = KsiProvider.CreateRsaCryptoSignatureVerifier("SHA256");

            verifier.Verify(Base16.Decode(encodedSignedBytes),
                            Base16.Decode(encodedSignature),
                            new CryptoSignatureVerificationData(Base16.Decode(encodedCert), Util.ConvertDateTimeToUnixTime(new DateTime(2016, 1, 1, 0, 0, 0, DateTimeKind.Utc))));
        }

Ejemplo n.º 9

        /// <summary>
        ///     Verify bytes with x509 signature.
        /// </summary>
        /// <param name="signedBytes">Bytes to be verified</param>
        /// <param name="signatureBytes">Byte array containing signature</param>
        public void Verify(byte[] signedBytes, byte[] signatureBytes)
        {
            if (signedBytes == null)
            {
                throw new ArgumentNullException(nameof(signedBytes));
            }

            if (signatureBytes == null)
            {
                throw new ArgumentNullException(nameof(signatureBytes));
            }

            ICryptoSignatureVerifier verifier = KsiProvider.CreatePkcs7CryptoSignatureVerifier(_trustStore, _certificateRdnSelector);

            verifier.Verify(signedBytes, signatureBytes, null);
        }

Ejemplo n.º 10

        /// <see cref="VerificationRule.Verify" />
        public override VerificationResult Verify(IVerificationContext context)
        {
            IKsiSignature signature = GetSignature(context);
            CalendarAuthenticationRecord calendarAuthenticationRecord = GetCalendarAuthenticationRecord(signature);
            SignatureData signatureData = calendarAuthenticationRecord.SignatureData;

            byte[] certificateBytes = GetPublicationsFile(context).FindCertificateById(signatureData.GetCertificateId());

            if (certificateBytes == null)
            {
                throw new KsiVerificationException("No certificate found in publications file with id: " + Base16.Encode(signatureData.GetCertificateId()) + ".");
            }

            byte[] signedBytes = calendarAuthenticationRecord.PublicationData.Encode();

            try
            {
                ICryptoSignatureVerifier        cryptoSignatureVerifier = CryptoSignatureVerifierFactory.GetCryptoSignatureVerifierByOid(signatureData.SignatureType);
                CryptoSignatureVerificationData data = new CryptoSignatureVerificationData(certificateBytes, signature.AggregationTime);
                cryptoSignatureVerifier.Verify(signedBytes, signatureData.GetSignatureValue(), data);
            }
            catch (PkiVerificationFailedCertNotValidException ex)
            {
                Logger.Debug(ex);
                return(new VerificationResult(GetRuleName(), VerificationResultCode.Fail, VerificationError.Key03));
            }
            catch (PkiVerificationFailedException ex)
            {
                Logger.Debug("Could not verify signature.{0}Signature type: {1}{0}{2}{0}{3}",
                             Environment.NewLine,
                             signatureData.SignatureType,
                             ex,
                             ex.AdditionalInfo);
                return(new VerificationResult(GetRuleName(), VerificationResultCode.Fail, VerificationError.Key02));
            }
            catch (PkiVerificationErrorException ex)
            {
                Logger.Debug("Signature verification error.{0}Signature type: {1}{0}{2}",
                             Environment.NewLine,
                             signatureData.SignatureType,
                             ex);
                return(new VerificationResult(GetRuleName(), VerificationResultCode.Fail, VerificationError.Key02));
            }

            return(new VerificationResult(GetRuleName(), VerificationResultCode.Ok));
        }

Ejemplo n.º 11

Archivo: RsaCryptoSignatureVerifierTests.cs Proyecto: betosmith2000/ksi-net-sdk

        public void VerifyWithRandomCertBytesTest()
        {
            string encodedSignedBytes = "3029020456C0D6A904210187EBC5594827DC2B3F87918DC7AFE8A528E844D65918CD525984D65981C2C79A";

            string encodedSignature =
                "4B08D8DE7AFB3390FD6F315877EBEB55DA4F259E57BC6A282EA00373D43FC32ECC462500CACD353DFE4916EBFD58B89D72F204668223177263DF1963934326EAABE70FDB70C9238C35C3BBAC842FE9BF205C5AD0AE5A691CC26306AAB20129FA5F9C8711E4D0ED3118FFE32B6C97572A8D6700A3471B90023A60FF71C9558E0C";

            string encodedCert = "0102030405";

            ICryptoSignatureVerifier      verifier = KsiProvider.CreateRsaCryptoSignatureVerifier("SHA256");
            PkiVerificationErrorException ex       = Assert.Throws <PkiVerificationErrorException>(delegate
            {
                verifier.Verify(Base16.Decode(encodedSignedBytes),
                                Base16.Decode(encodedSignature),
                                new CryptoSignatureVerificationData(Base16.Decode(encodedCert)));
            });

            Assert.That(ex.Message.StartsWith("Could not create certificate from given bytes"), "Unexpected exception message: " + ex.Message);
        }

Ejemplo n.º 12

Archivo: RsaCryptoSignatureVerifierTests.cs Proyecto: betosmith2000/ksi-net-sdk

        public void VerifyWithRandomSignatureBytesTest()
        {
            string encodedSignedBytes = "3029020456C0D6A904210187EBC5594827DC2B3F87918DC7AFE8A528E844D65918CD525984D65981C2C79A";
            // valid from 2016.01.01 - 2026.01.01
            string encodedCert =
                "308201A730820110A00302010202100096577055BF04943952E580CD2DF257300D06092A864886F70D01010B050030123110300E06035504030C0774657374696E67301E170D3136303130313030303030305A170D3236303130313030303030305A30123110300E06035504030C0774657374696E6730819F300D06092A864886F70D010101050003818D0030818902818100E66DC137E4F856EADB0D47C280BED297D70191287919FD6EBF1195DF5E821EA867F861E551A37762E3CAEBB32B1DE7E0143529F1678A87BCE2C8E5D5185F25EEC3ABC7E295EEBC64EFE4BC8ADB412A99D3F9125D30C45F887632DE4B95AA169B79D1A6FD4E735255632341ED41B5BFA828975A4F1501B02C2277CA15BD470DAB0203010001300D06092A864886F70D01010B050003818100A7668A7341CC50F71045D80419AFC648FAA869DCDAD248C7BCA171EBDF54EA4FFE7D339B5A227402A2E23B554BF0E1570FFB6D0F47F3EE155984CCD3A3676C66A780560CE0A3B75B0F6D83D25FBE0B19B7491114529F208470060BFEAB1F91CA59940D53FCFA277B6E3BAE0057AD7CD2C9549B9CCF4FBF942E37B13ACC430302";

            string encodedSignature = "0102030405";

            ICryptoSignatureVerifier       verifier = KsiProvider.CreateRsaCryptoSignatureVerifier("SHA256");
            PkiVerificationFailedException ex       = Assert.Throws <PkiVerificationFailedException>(delegate
            {
                verifier.Verify(Base16.Decode(encodedSignedBytes),
                                Base16.Decode(encodedSignature),
                                new CryptoSignatureVerificationData(Base16.Decode(encodedCert)));
            });

            Assert.That(ex.Message.StartsWith("Failed to verify RSA signature"), "Unexpected exception message: " + ex.Message);
            Assert.IsNull(ex.InnerException);
        }

Ejemplo n.º 13

        public void VerifyWithRandomSignatureBytesTest()
        {
            string encodedSignedBytes = "3029020456C0D6A904210187EBC5594827DC2B3F87918DC7AFE8A528E844D65918CD525984D65981C2C79A";
            // valid from 2016.01.01 - 2026.01.01
            string encodedCert =
                "308201A730820110A003020102021000BAA25764984826073CEF1BEEAA7B6F300D06092A864886F70D01010B050030123110300E06035504030C0774657374696E67301E170D3136303130313030303030305A170D3236303130313030303030305A30123110300E06035504030C0774657374696E6730819F300D06092A864886F70D010101050003818D0030818902818100E66DC137E4F856EADB0D47C280BED297D70191287919FD6EBF1195DF5E821EA867F861E551A37762E3CAEBB32B1DE7E0143529F1678A87BCE2C8E5D5185F25EEC3ABC7E295EEBC64EFE4BC8ADB412A99D3F9125D30C45F887632DE4B95AA169B79D1A6FD4E735255632341ED41B5BFA828975A4F1501B02C2277CA15BD470DAB0203010001300D06092A864886F70D01010B05000381810057B6B2BED11E7DC06E7A7AD77D1922C33FE8BDEBDC48B20A9444F807AA6017890E10B21C6FA5C4795AF32B9A45E9C560580115C8DF09E4ACA8E69C2757F9CAAB3007B548A567DBE8FB228EFF4F3D7995B3B2F008F3D62BECB3D2E80827A17B42B9C8C8C0280565868D572BBE7E4916E4888D8F503BEC1561CF4A1495C43C6420";

            string encodedSignature = "0102030405";

            ICryptoSignatureVerifier      verifier = KsiProvider.CreatePkcs7CryptoSignatureVerifier();
            PkiVerificationErrorException ex       = Assert.Throws <PkiVerificationErrorException>(delegate
            {
                verifier.Verify(Base16.Decode(encodedSignedBytes),
                                Base16.Decode(encodedSignature),
                                new CryptoSignatureVerificationData(Base16.Decode(encodedCert)));
            });

            // separate error messages for Microsoft and Bouncy Castle
            Assert.That(ex.Message.StartsWith("Error when verifying PKCS#7 signature") || ex.Message.StartsWith("Cannot create signature from signatureBytes"),
                        "Unexpected exception message: " + ex.Message);
        }