internal async Task CountersignAsync()
{
PrimarySignature primarySignature;
using (var archiveReader = new PackageArchiveReader(SignedPackage))
{
primarySignature = await archiveReader.GetPrimarySignatureAsync(CancellationToken.None);
}
using (var request = new UnknownSignPackageRequest(
new X509Certificate2(Certificate),
HashAlgorithmName.SHA256))
{
var cmsSigner = SigningUtility.CreateCmsSigner(request, NullLogger.Instance);
var signedCms = primarySignature.SignedCms;
signedCms.SignerInfos[0].ComputeCounterSignature(cmsSigner);
primarySignature = PrimarySignature.Load(signedCms.Encode());
}
using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false))
using (var signedPackage = new MemoryStream())
using (var archive = new SignedPackageArchive(originalPackage, signedPackage))
using (var signatureStream = new MemoryStream(primarySignature.GetBytes()))
{
await archive.AddSignatureAsync(signatureStream, CancellationToken.None);
SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false);
}
var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage);
Assert.True(isSigned);
}
// This generates a package with a basic signed CMS.
// The signature MUST NOT have any signed or unsigned attributes.
public static async Task <FileInfo> SignPackageFileWithBasicSignedCmsAsync(
TestDirectory directory,
FileInfo packageFile,
X509Certificate2 certificate)
{
var signatureContent = CreateSignatureContent(packageFile);
var signedPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString()));
var signature = CreateSignature(signatureContent, certificate);
using (var packageReadStream = packageFile.OpenRead())
using (var packageWriteStream = signedPackageFile.OpenWrite())
using (var package = new SignedPackageArchive(packageReadStream, packageWriteStream))
using (var signatureStream = new MemoryStream(signature.Encode()))
{
await package.AddSignatureAsync(signatureStream, CancellationToken.None);
}
return(signedPackageFile);
}
// This generates a package with a basic signed CMS.
// The signature MUST NOT have any signed or unsigned attributes.
public static async Task <FileInfo> SignPackageFileWithBasicSignedCmsAsync(
TestDirectory directory,
FileInfo packageFile,
X509Certificate2 certificate)
{
SignatureContent signatureContent;
using (var stream = packageFile.OpenRead())
using (var hashAlgorithm = HashAlgorithmName.SHA256.GetHashProvider())
{
var hash = hashAlgorithm.ComputeHash(stream, leaveStreamOpen: false);
signatureContent = new SignatureContent(SigningSpecifications.V1, HashAlgorithmName.SHA256, Convert.ToBase64String(hash));
}
var signedPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString()));
var cmsSigner = new CmsSigner(certificate)
{
DigestAlgorithm = HashAlgorithmName.SHA256.ConvertToOid(),
IncludeOption = X509IncludeOption.WholeChain
};
var contentInfo = new ContentInfo(signatureContent.GetBytes());
var signature = new SignedCms(contentInfo);
signature.ComputeSignature(cmsSigner);
Assert.Empty(signature.SignerInfos[0].SignedAttributes);
Assert.Empty(signature.SignerInfos[0].UnsignedAttributes);
using (var packageReadStream = packageFile.OpenRead())
using (var packageWriteStream = signedPackageFile.OpenWrite())
using (var package = new SignedPackageArchive(packageReadStream, packageWriteStream))
using (var signatureStream = new MemoryStream(signature.Encode()))
{
await package.AddSignatureAsync(signatureStream, CancellationToken.None);
}
return(signedPackageFile);
}
