public CmsSigner(SubjectIdentifierType signerIdentifierType, X509Certificate2?certificate, AsymmetricAlgorithm?privateKey)
{
switch (signerIdentifierType)
{
case SubjectIdentifierType.Unknown:
_signerIdentifierType = SubjectIdentifierType.IssuerAndSerialNumber;
IncludeOption = X509IncludeOption.ExcludeRoot;
break;
case SubjectIdentifierType.IssuerAndSerialNumber:
_signerIdentifierType = signerIdentifierType;
IncludeOption = X509IncludeOption.ExcludeRoot;
break;
case SubjectIdentifierType.SubjectKeyIdentifier:
_signerIdentifierType = signerIdentifierType;
IncludeOption = X509IncludeOption.ExcludeRoot;
break;
case SubjectIdentifierType.NoSignature:
_signerIdentifierType = signerIdentifierType;
IncludeOption = X509IncludeOption.None;
break;
default:
_signerIdentifierType = SubjectIdentifierType.IssuerAndSerialNumber;
IncludeOption = X509IncludeOption.ExcludeRoot;
break;
}
Certificate = certificate;
DigestAlgorithm = s_defaultAlgorithm.CopyOid();
PrivateKey = privateKey;
}
/// <summary>
/// Create a CertBag for a specified certificate type and encoding.
/// </summary>
/// <param name="certificateType">The identifier for the certificate type</param>
/// <param name="encodedCertificate">The encoded value</param>
/// <remarks>
/// No validation is done to ensure that the <paramref name="encodedCertificate"/> value is
/// correct for the indicated <paramref name="certificateType"/>. Note that for X.509
/// public-key certificates the correct encoding for a CertBag value is to wrap the
/// DER-encoded certificate in an OCTET STRING.
/// </remarks>
public Pkcs12CertBag(Oid certificateType, ReadOnlyMemory <byte> encodedCertificate)
: base(
Oids.Pkcs12CertBag,
EncodeBagValue(certificateType, encodedCertificate),
skipCopy: true)
{
_certTypeOid = certificateType.CopyOid();
_decoded = CertBagAsn.Decode(EncodedBagValue, AsnEncodingRules.BER);
IsX509Certificate = _decoded.CertId == Oids.Pkcs12X509CertBagType;
}
private static ContentInfo MakeEmptyContentInfo() => new ContentInfo(s_cmsDataOid.CopyOid(), Array.Empty <byte>());