public static void RemoveCounterSignature_UsesLiveState()
{
SignedCms cms = new SignedCms();
cms.Decode(SignedDocuments.OneRsaSignerTwoRsaCounterSigners);
SignerInfo signerInfo = cms.SignerInfos[0];
SignerInfo counterSigner = signerInfo.CounterSignerInfos[0];
Assert.Equal(
SubjectIdentifierType.SubjectKeyIdentifier,
counterSigner.SignerIdentifier.Type);
int countBefore = cms.Certificates.Count;
Assert.Equal(signerInfo.Certificate, counterSigner.Certificate);
signerInfo.RemoveCounterSignature(counterSigner);
Assert.Single(cms.SignerInfos);
// Removing a CounterSigner doesn't update the current object, it updates
// the underlying SignedCms object, and a new signer has to be retrieved.
Assert.Equal(2, signerInfo.CounterSignerInfos.Count);
Assert.Single(cms.SignerInfos[0].CounterSignerInfos);
Assert.Equal(countBefore, cms.Certificates.Count);
// Even though the CounterSignerInfos collection still contains this, the live
// document doesn't.
Assert.Throws <CryptographicException>(
() => signerInfo.RemoveCounterSignature(counterSigner));
// Assert.NotThrows
cms.CheckSignature(true);
cms.CheckHash();
}
public static void RemoveCounterSignature_MatchesNoSignature()
{
SignedCms cms = new SignedCms();
cms.Decode(SignedDocuments.RsaPkcs1CounterSignedWithNoSignature);
SignerInfo signerInfo = cms.SignerInfos[0];
SignerInfo counterSigner = signerInfo.CounterSignerInfos[0];
Assert.Single(signerInfo.CounterSignerInfos);
Assert.Equal(SubjectIdentifierType.NoSignature, counterSigner.SignerIdentifier.Type);
int countBefore = cms.Certificates.Count;
// cms.CheckSignature fails because there's a NoSignature countersigner:
Assert.Throws <CryptographicException>(() => cms.CheckSignature(true));
signerInfo.RemoveCounterSignature(counterSigner);
// Removing a CounterSigner doesn't update the current object, it updates
// the underlying SignedCms object, and a new signer has to be retrieved.
Assert.Single(signerInfo.CounterSignerInfos);
Assert.Empty(cms.SignerInfos[0].CounterSignerInfos);
// This certificate is still in use, since we counter-signed ourself,
// and the remaining countersigner is us.
Assert.Equal(countBefore, cms.Certificates.Count);
// And we succeed now, because we got rid of the NoSignature signer.
cms.CheckSignature(true);
}
public static void RemoveCounterSignature_MatchesSubjectKeyIdentifier()
{
SignedCms cms = new SignedCms();
cms.Decode(SignedDocuments.OneRsaSignerTwoRsaCounterSigners);
SignerInfo signerInfo = cms.SignerInfos[0];
SignerInfo counterSigner = signerInfo.CounterSignerInfos[0];
Assert.Equal(
SubjectIdentifierType.SubjectKeyIdentifier,
counterSigner.SignerIdentifier.Type);
int countBefore = cms.Certificates.Count;
Assert.Equal(signerInfo.Certificate, counterSigner.Certificate);
signerInfo.RemoveCounterSignature(counterSigner);
Assert.Single(cms.SignerInfos);
// Removing a CounterSigner doesn't update the current object, it updates
// the underlying SignedCms object, and a new signer has to be retrieved.
Assert.Equal(2, signerInfo.CounterSignerInfos.Count);
Assert.Single(cms.SignerInfos[0].CounterSignerInfos);
// This certificate is still in use, since we counter-signed ourself,
// and the remaining countersigner is us.
Assert.Equal(countBefore, cms.Certificates.Count);
// Assert.NotThrows
cms.CheckSignature(true);
cms.CheckHash();
}
public static void RemoveCounterSignature_MatchesIssuerAndSerialNumber()
{
SignedCms cms = new SignedCms();
cms.Decode(SignedDocuments.OneRsaSignerTwoRsaCounterSigners);
SignerInfo signerInfo = cms.SignerInfos[0];
SignerInfo counterSigner = signerInfo.CounterSignerInfos[1];
Assert.Equal(
SubjectIdentifierType.IssuerAndSerialNumber,
counterSigner.SignerIdentifier.Type);
int countBefore = cms.Certificates.Count;
Assert.NotEqual(signerInfo.Certificate, counterSigner.Certificate);
signerInfo.RemoveCounterSignature(counterSigner);
Assert.Single(cms.SignerInfos);
// Removing a CounterSigner doesn't update the current object, it updates
// the underlying SignedCms object, and a new signer has to be retrieved.
Assert.Equal(2, signerInfo.CounterSignerInfos.Count);
Assert.Single(cms.SignerInfos[0].CounterSignerInfos);
Assert.Equal(countBefore, cms.Certificates.Count);
// Assert.NotThrows
cms.CheckSignature(true);
cms.CheckHash();
}
public static void RemoveCounterSignature_EncodedInSingleAttribute_BySignerInfo(int indexToRemove)
{
SignedCms cms = new SignedCms();
cms.Decode(SignedDocuments.RsaPkcs1TwoCounterSignaturesInSingleAttribute);
SignerInfo signerInfo = cms.SignerInfos[0];
SignerInfoCollection counterSigners = signerInfo.CounterSignerInfos;
Assert.Equal(2, counterSigners.Count);
signerInfo.RemoveCounterSignature(counterSigners[indexToRemove]);
Assert.Equal(1, signerInfo.CounterSignerInfos.Count);
cms.CheckSignature(true);
byte[] encoded = cms.Encode();
cms.Decode(encoded);
Assert.Equal(1, cms.SignerInfos[0].CounterSignerInfos.Count);
cms.CheckSignature(true);
}