/// <summary> /// Timestamps the specified signature using external Time-Stamp Authority. /// </summary> /// <param name="tsaUrl"> /// An URL to a Time-Stamp Authority. /// </param> /// <param name="hashAlgorithm"> /// Hash algorithm to use by TSA to sign response. /// </param> /// <param name="signerInfoIndex"> /// A zero-based index of signature to timestamp. Default value is 0. /// </param> /// <remarks>This method adds an RFC3161 Counter Signature.</remarks> public void AddTimestamp(String tsaUrl, Oid hashAlgorithm, Int32 signerInfoIndex = 0) { var tspReq = new TspRfc3161Request(hashAlgorithm, cms.SignerInfos[signerInfoIndex].EncryptedHash) { TsaUrl = new Uri(tsaUrl) }; TspResponse rsp = tspReq.SendRequest(); var builder = new SignedCmsBuilder(cms); builder.AddTimestamp(rsp, 0); decode(builder.Encode().RawData); }
/// <summary> /// Encodes and signs current trust list using signer certificate and optional certificate chain to include in CTL. /// </summary> /// <param name="signer">signing object that contains public certificate, private key and signing configuration.</param> /// <param name="chain"> /// Signing certificate chain to add to CMS. This parameter is optional. If not specified, only leaf (signing) certificate /// is added to certificate list. /// </param> /// <returns> /// An instance of <see cref="X509CertificateTrustList"/> class that represents signed certificate trust list. /// </returns> public X509CertificateTrustList Sign(MessageSigner signer, X509Certificate2Collection chain) { var cmsBuilder = new SignedCmsBuilder(oid, encodeCTL()); cmsBuilder.DigestAlgorithms.Add(new AlgorithmIdentifier(signer.HashingAlgorithm.ToOid(), new Byte[0])); foreach (X509CertificateTrustListEntry entry in Entries.Where(x => x.Certificate != null)) { cmsBuilder.Certificates.Add(entry.Certificate); } var signedCms = cmsBuilder.Sign(signer, chain); return(new X509CertificateTrustList(signedCms.RawData)); }