PrimarySignature CreateKeyVaultPrimarySignature(SignPackageRequest request, SignatureContent signatureContent, SignatureType signatureType) { // Get the chain var getter = typeof(SignPackageRequest).GetProperty("Chain", BindingFlags.Instance | BindingFlags.NonPublic) .GetGetMethod(true); var certs = (IReadOnlyList <X509Certificate2>)getter.Invoke(request, null); var attribs = SigningUtility.CreateSignedAttributes(request, certs); // Convert .NET crypto attributes to Bouncy Castle var attribTable = new AttributeTable(new Asn1EncodableVector(attribs.Cast <CryptographicAttributeObject>() .Select(ToBcAttribute) .ToArray())); // SignerInfo generator setup var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder() .WithSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(attribTable)); // Subject Key Identifier (SKI) is smaller and less prone to accidental matching than issuer and serial // number. However, to ensure cross-platform verification, SKI should only be used if the certificate // has the SKI extension attribute. // Try to look for the value var bcCer = DotNetUtilities.FromX509Certificate(request.Certificate); var ext = bcCer.GetExtensionValue(new DerObjectIdentifier(Oids.SubjectKeyIdentifier)); SignerInfoGenerator signerInfoGenerator; if (ext != null) { var ski = new SubjectKeyIdentifierStructure(ext); signerInfoGenerator = signerInfoGeneratorBuilder.Build(new RsaSignatureFactory(HashAlgorithmToBouncyCastle(request.SignatureHashAlgorithm), provider), ski.GetKeyIdentifier()); } else { signerInfoGenerator = signerInfoGeneratorBuilder.Build(new RsaSignatureFactory(HashAlgorithmToBouncyCastle(request.SignatureHashAlgorithm), provider), bcCer); } var generator = new CmsSignedDataGenerator(); generator.AddSignerInfoGenerator(signerInfoGenerator); // Get the chain as bc certs generator.AddCertificates(X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs.Select(DotNetUtilities.FromX509Certificate). ToList()))); var msg = new CmsProcessableByteArray(signatureContent.GetBytes()); var data = generator.Generate(msg, true); var encoded = data.ContentInfo.GetDerEncoded(); return(PrimarySignature.Load(encoded)); }
/* * /// <exception cref="System.IO.IOException"></exception> * public override Document ExtendDocument(Document document, Document originalDocument * , SignatureParameters parameters) * { * CAdESSignatureExtension extension = GetExtensionProfile(parameters); * if (extension != null) * { * return extension.ExtendSignatures(document, originalDocument, parameters); * } * else * { * //LOG.Info("No extension for " + parameters.SignatureFormat); * } * return document; * } */ private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ISignatureFactory factory, SignatureParameters parameters, CAdESProfileBES cadesProfile, bool includeUnsignedAttributes, CmsSignedData originalSignedData ) { var signedAttrGen = new DefaultSignedAttributeTableGenerator( new AttributeTable(cadesProfile.GetSignedAttributes(parameters))); SimpleAttributeTableGenerator unsignedAttrGen = null; if (includeUnsignedAttributes) { var attributes = cadesProfile.GetUnsignedAttributes(parameters); if (attributes.Count != 0) { unsignedAttrGen = new SimpleAttributeTableGenerator(new AttributeTable(attributes)); } } SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(); sigInfoGeneratorBuilder.WithSignedAttributeGenerator(signedAttrGen); if (unsignedAttrGen != null) { sigInfoGeneratorBuilder.WithUnsignedAttributeGenerator(unsignedAttrGen); } CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSignerInfoGenerator(sigInfoGeneratorBuilder.Build(factory, parameters.SigningCertificate)); if (originalSignedData != null) { generator.AddSigners(originalSignedData.GetSignerInfos()); } var certs = new List <X509Certificate>(); certs.Add(parameters.SigningCertificate); if (parameters.CertificateChain != null) { foreach (X509Certificate cert in parameters.CertificateChain) { if (!cert.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN)) { certs.Add(cert); } } } IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); generator.AddCertificates(certStore); if (originalSignedData != null) { generator.AddCertificates(originalSignedData.GetCertificates("Collection")); } return(generator); }
byte[] CreateKeyVaultSignature(X509Certificate2 publicCert, SignatureManifest signatureManifest) { var chain = new X509Chain(); chain.Build(publicCert); // Get the chain as bc certs var additionals = chain.ChainElements.Cast <X509ChainElement>() .Select(ce => DotNetUtilities.FromX509Certificate(ce.Certificate)) .ToList(); chain.Dispose(); var bcCer = DotNetUtilities.FromX509Certificate(publicCert); var store = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(additionals)); var generator = new CmsSignedDataGenerator(); var builder = new SignerInfoGeneratorBuilder(); var b = builder.Build(new RsaSignatureFactory("SHA256WITHRSA", provider), bcCer); generator.AddSignerInfoGenerator(b); generator.AddCertificates(store); var msg = new CmsProcessableByteArray(signatureManifest.GetBytes()); var data = generator.Generate(msg, true); var encoded = data.GetEncoded(); return(encoded); }
public void SignedCmsRoundTripWithBouncyCastleLocalCertificate() { var content = "This is some content"; // Get cert var netcert = GetLocalSignerCert(); var chain = new X509Chain(); chain.Build(netcert); // Get the chain without the root CA var additionals = chain.ChainElements.Cast <X509ChainElement>() .Where(ce => ce.Certificate.Issuer != ce.Certificate.SubjectName.Name) .Select(ce => DotNetUtilities.FromX509Certificate(ce.Certificate)) .ToList(); chain.Dispose(); var bcCer = DotNetUtilities.FromX509Certificate(netcert); var bcKey = DotNetUtilities.GetRsaKeyPair(netcert.GetRSAPrivateKey()); var store = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(additionals)); var generator = new CmsSignedDataGenerator(); var builder = new SignerInfoGeneratorBuilder(); var b = builder.Build(new Asn1SignatureFactory("SHA256WITHRSA", bcKey.Private), bcCer); generator.AddSignerInfoGenerator(b); // generator.AddSigner(bcKey.Private, bcCer, CmsSignedDataGenerator.DigestSha256); generator.AddCertificates(store); var msg = new CmsProcessableByteArray(Encoding.UTF8.GetBytes(content)); var data = generator.Generate(msg, true); var encoded = data.GetEncoded(); var signedCms = new SignedCms(); signedCms.Decode(encoded); signedCms.CheckSignature(true); // don't validate the certiciate itself here var cContent = signedCms.ContentInfo.Content; var str = Encoding.UTF8.GetString(cContent); Assert.Equal(content, str); }
public void AssinarCriptografar(EnvioRemessaCobrancaBradescoJson model) { try { var utilClass = new MetodosUteis(); var encoding = new UTF8Encoding(); var generator = new CmsSignedDataGenerator(); var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(); var certList = new ArrayList(); var criticas = utilClass.Criticas(model); if (criticas.Any()) { return; } var data = utilClass.ConverterParaJsonAspasSimples(model); var privateCert = this.RetornaCertificado(); //convertendo certificado para objeto que o bouncycastle conhece var bouncyCastleKey = DotNetUtilities.GetKeyPair(privateCert.PrivateKey).Private; var x5091 = new X509Certificate(privateCert.RawData); var x509CertBouncyCastle = DotNetUtilities.FromX509Certificate(x5091); generator.AddSignerInfoGenerator(signerInfoGeneratorBuilder.Build(new Asn1SignatureFactory("SHA256WithRSA", bouncyCastleKey), x509CertBouncyCastle)); //criando certstore que o bouncycastle conhece certList.Add(x509CertBouncyCastle); var store509BouncyCastle = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certList)); generator.AddCertificates(store509BouncyCastle); var messageBytes = encoding.GetBytes(data); var cmsdata = new CmsProcessableByteArray(messageBytes); //assina var signeddata = generator.Generate(cmsdata, true); var mensagemFinal = signeddata.GetEncoded(); //converte para base64 que eh o formato que o serviço espera var mensagemConvertidaparaBase64 = Convert.ToBase64String(mensagemFinal); //chama serviço convertendo a string na base64 em bytes EnviaParaWebService(ParametrosUteis.RetornaUrlEnvio(), encoding.GetBytes(mensagemConvertidaparaBase64)); } catch (Exception ex) { throw ex; } }
public async void SignedCmsRoundTripWithKeyVault() { using (var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateConfiguration)) { var content = "This is some content"; var publicCert = materialized.PublicCertificate; // Get cert var chain = new X509Chain(); chain.Build(publicCert); // Get the chain without the root CA var additionals = chain.ChainElements.Cast <X509ChainElement>() .Where(ce => ce.Certificate.Issuer != ce.Certificate.SubjectName.Name) .Select(ce => DotNetUtilities.FromX509Certificate(ce.Certificate)) .ToList(); chain.Dispose(); var bcCer = DotNetUtilities.FromX509Certificate(publicCert); var store = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(additionals)); var generator = new CmsSignedDataGenerator(); var builder = new SignerInfoGeneratorBuilder(); var b = builder.Build(new RsaSignatureFactory("SHA256WITHRSA", materialized.ToRSA()), bcCer); generator.AddSignerInfoGenerator(b); generator.AddCertificates(store); var msg = new CmsProcessableByteArray(Encoding.UTF8.GetBytes(content)); var data = generator.Generate(msg, true); var encoded = data.GetEncoded(); var signedCms = new SignedCms(); signedCms.Decode(encoded); signedCms.CheckSignature(true); // don't validate the certiciate itself here var cContent = signedCms.ContentInfo.Content; var str = Encoding.UTF8.GetString(cContent); Assert.Equal(content, str); } }
private static void SavePkcs7Data(X509Certificate bcCertificate, Pkcs10CertificationRequest request, AsymmetricKeyParameter privateKey) { var requestBytes = request.GetEncoded(); var typedData = new CmsProcessableByteArray(requestBytes); var gen = new CmsSignedDataGenerator(); var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(); var factory = new Asn1SignatureFactory(SingingAlgorithm, privateKey); gen.AddSignerInfoGenerator(signerInfoGeneratorBuilder.Build(factory, bcCertificate)); gen.AddCertificates(MakeCertStore(bcCertificate)); var signed = gen.Generate(typedData, true); var signedBytes = signed.GetEncoded(); var cmsBase64 = Convert.ToBase64String(signedBytes); /* * you can check cert data here - https://lapo.it/asn1js * just copy+paste cmsBase64 string */ var cmsData = new StringBuilder(); cmsData.Append("-----BEGIN CMS-----"); cmsData.Append("\\n"); var certLength = cmsBase64.Length; for (var i = 0; i < certLength; i += 64) { var substr = certLength - i >= 64 ? cmsBase64.Substring(i, 64) : cmsBase64.Substring(i); cmsData.Append(substr); cmsData.Append("\\n"); } cmsData.Append("-----END CMS-----"); cmsData.Append("\\n"); var cmsString = cmsData.ToString(); //add to http request in bank for approving you certificate //after you will need copy bank certificate what approved you certificate from API File.WriteAllText(@"certificate.cms", cmsString); }
private byte[] Authenticode(byte[] bRequest, DateTime signTime) { string requestString = ""; for (int i = 0; i < bRequest.Length; i++) { if (bRequest[i] >= 32) { requestString += (char)bRequest[i]; } } bRequest = Convert.FromBase64String(requestString); Asn1InputStream asn1InputStream = new Asn1InputStream(bRequest); Asn1Sequence instance = Asn1Sequence.GetInstance(asn1InputStream.ReadObject()); Asn1Sequence instance2 = Asn1Sequence.GetInstance(instance[1]); Asn1TaggedObject instance3 = Asn1TaggedObject.GetInstance(instance2[1]); Asn1OctetString instance4 = Asn1OctetString.GetInstance(instance3.GetObject()); byte[] octets = instance4.GetOctets(); asn1InputStream.Close(); Asn1EncodableVector signedAttributes = new Asn1EncodableVector(); signedAttributes.Add(new Attribute(CmsAttributes.ContentType, new DerSet(new DerObjectIdentifier("1.2.840.113549.1.7.1")))); signedAttributes.Add(new Attribute(CmsAttributes.SigningTime, new DerSet(new DerUtcTime(signTime)))); AttributeTable signedAttributesTable = new AttributeTable(signedAttributes); signedAttributesTable.ToAsn1EncodableVector(); DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributesTable); SignerInfoGeneratorBuilder signerInfoBuilder = new SignerInfoGeneratorBuilder(); signerInfoBuilder.WithSignedAttributeGenerator(signedAttributeGenerator); ISignatureFactory signatureFactory = new Asn1SignatureFactory(hashAlg + "WithRSA", priKey); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSignerInfoGenerator(signerInfoBuilder.Build(signatureFactory, x509Cert)); generator.AddCertificates(x509Store); CmsSignedData cmsSignedData = generator.Generate(new CmsProcessableByteArray(octets), true); byte[] result = cmsSignedData.ContentInfo.GetEncoded("DER"); return(Encoding.ASCII.GetBytes(Convert.ToBase64String(result).ToArray())); }
public string Signer(string message) { if (_certificate == null) { throw new Exception("Certificado não localizado."); } if (_certificate.PrivateKey == null) { throw new Exception("chave privada não localizada no certificado."); } //convertendo certificado para objeto que o bouncycastle conhece var bouncyCastleKey = DotNetUtilities.GetKeyPair(_certificate.PrivateKey).Private; var x5091 = new X509Certificate(_certificate.RawData); var x509CertBouncyCastle = DotNetUtilities.FromX509Certificate(x5091); var generator = new CmsSignedDataGenerator(); var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(); generator.AddSignerInfoGenerator( signerInfoGeneratorBuilder.Build(new Asn1SignatureFactory("SHA256WithRSA", bouncyCastleKey), x509CertBouncyCastle)); //criando certstore que o bouncycastle conhece IList certList = new ArrayList(); certList.Add(x509CertBouncyCastle); var store509BouncyCastle = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certList)); generator.AddCertificates(store509BouncyCastle); var encoding = new UTF8Encoding(); var messageBytes = encoding.GetBytes(message); var cmsdata = new CmsProcessableByteArray(messageBytes); //assina var signeddata = generator.Generate(cmsdata, true); var finalMessage = signeddata.GetEncoded(); //converte para base64 que eh o formato que o serviço espera return(Convert.ToBase64String(finalMessage)); }
private CmsSignedDataGenerator CreateCMSSignedDataGenerator(SignatureParameters parameters, CAdESProfileBES cadesProfile, bool includeUnsignedAttributes = true, CmsSignedData originalSignedData = null, byte[] signature = null) { CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); X509Certificate signerCertificate = parameters.SigningCertificate; CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator(new AttributeTable(cadesProfile.GetSignedAttributes(parameters) as System.Collections.IDictionary)); CmsAttributeTableGenerator unsignedAttrGen = new SimpleAttributeTableGenerator(includeUnsignedAttributes ? new AttributeTable(cadesProfile.GetUnsignedAttributes(parameters) as System.Collections.IDictionary) : null); var builder = new SignerInfoGeneratorBuilder().WithSignedAttributeGenerator(signedAttrGen).WithUnsignedAttributeGenerator(unsignedAttrGen); generator.AddSignerInfoGenerator(builder.Build(new ReadySignatureFactory(new PreComputedSigner(signature), parameters.DigestWithEncriptionOID), signerCertificate)); if (originalSignedData != null) { generator.AddSigners(originalSignedData.GetSignerInfos()); } var certs = new List <X509Certificate> { parameters.SigningCertificate }; if (parameters.CertificateChain != null) { foreach (X509Certificate c in parameters.CertificateChain) { if (!c.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN)) { certs.Add(c); } } } IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); generator.AddCertificates(certStore); if (originalSignedData != null) { generator.AddCertificates(originalSignedData.GetCertificates("Collection")); } return(generator); }
private static string Cms(string data) { var requestBytes = Encoding.UTF8.GetBytes(data); var typedData = new CmsProcessableByteArray(requestBytes); var gen = new CmsSignedDataGenerator(); var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(); var attrs = GetSigningParameters(); var parameters = new DefaultSignedAttributeTableGenerator(attrs); signerInfoGeneratorBuilder.WithSignedAttributeGenerator(parameters); var factory = new Asn1SignatureFactory(SingingAlgorithm, GetKey()); var bcCertificate = GetBankCertificate(); gen.AddSignerInfoGenerator(signerInfoGeneratorBuilder.Build(factory, bcCertificate)); gen.AddCertificates(MakeCertStore(bcCertificate)); var signed = gen.Generate(typedData, false); var signedBytes = signed.GetEncoded(); return(Convert.ToBase64String(signedBytes)); }
private void AssinarCriptografar(EnvioRemessaCobrancaBradescoJson model) { try { //exemplo validacao var validador = new ValidarModelo(); var criticas = validador.Criticas(model); if (criticas.Any()) { return; } var data = ConverterParaJsonAspasSimples(model); var encoding = new UTF8Encoding(); var messageBytes = encoding.GetBytes(data); var impressaDigitalCertificado = ConfigurationManager.AppSettings["ImpressaoDigitalCertificado"]; // certificado precisa ser instalado na máquina local e na pasta pessoal, diferente disso alterar linha abaixo var store = new X509Store(StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); var privateCert = store.Certificates.Cast <X509Certificate2>().FirstOrDefault(cert => cert.Thumbprint == impressaDigitalCertificado && cert.HasPrivateKey); if (privateCert == null) { throw new Exception("Certificado não localizado."); } if (privateCert.PrivateKey == null) { throw new Exception("chave privada não localizada no certificado."); } //convertendo certificado para objeto que o bouncycastle conhece var bouncyCastleKey = DotNetUtilities.GetKeyPair(privateCert.PrivateKey).Private; var x5091 = new X509Certificate(privateCert.RawData); var x509CertBouncyCastle = DotNetUtilities.FromX509Certificate(x5091); var generator = new CmsSignedDataGenerator(); var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(); generator.AddSignerInfoGenerator( signerInfoGeneratorBuilder.Build(new Asn1SignatureFactory("SHA256WithRSA", bouncyCastleKey), x509CertBouncyCastle)); //criando certstore que o bouncycastle conhece IList certList = new ArrayList(); certList.Add(x509CertBouncyCastle); var store509BouncyCastle = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certList)); generator.AddCertificates(store509BouncyCastle); var cmsdata = new CmsProcessableByteArray(messageBytes); //assina var signeddata = generator.Generate(cmsdata, true); var mensagemFinal = signeddata.GetEncoded(); //converte para base64 que eh o formato que o serviço espera var mensagemConvertidaparaBase64 = Convert.ToBase64String(mensagemFinal); //chama serviço convertendo a string na base64 em bytes CriarServicoWebEEnviar("url_servico_bradesco_consta_manual", encoding.GetBytes(mensagemConvertidaparaBase64)); } catch (Exception ex) { throw; } }
private void overrideAttrsTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs) { SignerInfoGeneratorBuilder signerInfoGenBuilder = new SignerInfoGeneratorBuilder(); IssuerSerial issuerSerial = new IssuerSerial( new GeneralNames( new GeneralName( X509CertificateStructure.GetInstance(cert.GetEncoded()).Issuer)), new DerInteger(cert.SerialNumber)); byte[] certHash256; byte[] certHash; { Asn1DigestFactory digCalc = Asn1DigestFactory.Get(OiwObjectIdentifiers.IdSha1); IStreamCalculator calc = digCalc.CreateCalculator(); using (Stream s = calc.Stream) { byte[] crt = cert.GetEncoded(); s.Write(crt, 0, crt.Length); } certHash = ((SimpleBlockResult)calc.GetResult()).Collect(); } { Asn1DigestFactory digCalc = Asn1DigestFactory.Get(NistObjectIdentifiers.IdSha256); IStreamCalculator calc = digCalc.CreateCalculator(); using (Stream s = calc.Stream) { byte[] crt = cert.GetEncoded(); s.Write(crt, 0, crt.Length); } certHash256 = ((SimpleBlockResult)calc.GetResult()).Collect(); } EssCertID essCertID = new EssCertID(certHash, issuerSerial); EssCertIDv2 essCertIDv2 = new EssCertIDv2(certHash256, issuerSerial); signerInfoGenBuilder.WithSignedAttributeGenerator(new TestAttrGen(essCertID, essCertIDv2)); Asn1SignatureFactory sigfact = new Asn1SignatureFactory("SHA1WithRSA", privateKey); SignerInfoGenerator signerInfoGenerator = signerInfoGenBuilder.Build(sigfact, cert); TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(signerInfoGenerator, Asn1DigestFactory.Get(OiwObjectIdentifiers.IdSha1), new DerObjectIdentifier("1.2"), true); tsTokenGen.SetCertificates(certs); TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100)); TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed); TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow); tsResp = new TimeStampResponse(tsResp.GetEncoded()); TimeStampToken tsToken = tsResp.TimeStampToken; tsToken.Validate(cert); Asn1.Cms.AttributeTable table = tsToken.SignedAttributes; Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate], "no signingCertificate attribute found"); Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificateV2], "no signingCertificateV2 attribute found"); SigningCertificate sigCert = SigningCertificate.GetInstance(table[PkcsObjectIdentifiers.IdAASigningCertificate].AttrValues[0]); Assert.IsTrue(cert.CertificateStructure.Issuer.Equals(sigCert.GetCerts()[0].IssuerSerial.Issuer.GetNames()[0].Name)); Assert.IsTrue(cert.CertificateStructure.SerialNumber.Value.Equals(sigCert.GetCerts()[0].IssuerSerial.Serial.Value)); Assert.IsTrue(Arrays.AreEqual(certHash, sigCert.GetCerts()[0].GetCertHash())); SigningCertificate sigCertV2 = SigningCertificate.GetInstance(table[PkcsObjectIdentifiers.IdAASigningCertificateV2].AttrValues[0]); Assert.IsTrue(cert.CertificateStructure.Issuer.Equals(sigCertV2.GetCerts()[0].IssuerSerial.Issuer.GetNames()[0].Name)); Assert.IsTrue(cert.CertificateStructure.SerialNumber.Value.Equals(sigCertV2.GetCerts()[0].IssuerSerial.Serial.Value)); Assert.IsTrue(Arrays.AreEqual(certHash256, sigCertV2.GetCerts()[0].GetCertHash())); }