/// <summary>
/// Encodes and signs the content using the signer object used in
/// </summary>
/// <returns>
/// An instance of <see cref="PkcsSignerInfo"/> class.
/// </returns>
/// <remarks>
/// Before signing, the method adds two authenticated attributes: content type and message digest. Authenticated attributes are then
/// signed with signer's private key.
/// </remarks>
public PkcsSignerInfo Encode()
{
if (_authAttributes.All(x => x.Oid.Value != MESSAGE_DIGEST))
{
throw new InvalidOperationException();
}
// version
var builder = new Asn1Builder().AddInteger(Version);
// signerIdentifier
builder.AddDerData(signerCert.Encode());
// digestAlgorithm
builder.AddDerData(hashAlgId.RawData);
// authenticatedAttributes
if (_authAttributes.Any())
{
builder.AddExplicit(0, _authAttributes.Encode(), false);
}
// digestEncryptionAlgorithm
builder.AddDerData(pubKeyAlgId.RawData);
// encryptedDigest
builder.AddOctetString(hashValue);
// unauthenticatedAttributes
if (_unauthAttributes.Any())
{
builder.AddExplicit(1, UnauthenticatedAttributes.Encode(), false);
}
// wrap
return(new PkcsSignerInfo(builder.GetEncoded()));
}
Byte[] encodeCTL()
{
var builder = new Asn1Builder()
.AddDerData(new X509EnhancedKeyUsageExtension(SubjectUsages, false).RawData);
var rawData = new List <Byte>(new X509EnhancedKeyUsageExtension(SubjectUsages, false).RawData);
if (!String.IsNullOrEmpty(ListIdentifier))
{
builder.AddOctetString(Encoding.Unicode.GetBytes(ListIdentifier + "\0"));
}
if (SequenceNumber != null)
{
builder.AddInteger(SequenceNumber.Value);
}
builder.AddDerData(Asn1Utils.EncodeDateTime(ThisUpdate.ToUniversalTime()));
if (NextUpdate != null)
{
builder.AddDerData(Asn1Utils.EncodeDateTime(NextUpdate.Value.ToUniversalTime()));
}
return(builder.AddDerData(new AlgorithmIdentifier(HashAlgorithm, new Byte[0]).RawData)
.AddDerData(Entries.Encode())
.GetRawData());
}