/// <summary>
/// Timestamps the specified signature using external Time-Stamp Authority.
/// </summary>
/// <param name="tsaUrl">
/// An URL to a Time-Stamp Authority.
/// </param>
/// <param name="hashAlgorithm">
/// Hash algorithm to use by TSA to sign response.
/// </param>
/// <param name="signerInfoIndex">
/// A zero-based index of signature to timestamp. Default value is 0.
/// </param>
/// <remarks>This method adds an RFC3161 Counter Signature.</remarks>
public void AddTimestamp(String tsaUrl, Oid hashAlgorithm, Int32 signerInfoIndex = 0)
{
var tspReq = new TspRfc3161Request(hashAlgorithm, cms.SignerInfos[signerInfoIndex].EncryptedHash)
{
TsaUrl = new Uri(tsaUrl)
};
TspResponse rsp = tspReq.SendRequest();
var builder = new SignedCmsBuilder(cms);
builder.AddTimestamp(rsp, 0);
decode(builder.Encode().RawData);
}
/// <summary>
/// Encodes and signs current trust list using signer certificate and optional certificate chain to include in CTL.
/// </summary>
/// <param name="signer">signing object that contains public certificate, private key and signing configuration.</param>
/// <param name="chain">
/// Signing certificate chain to add to CMS. This parameter is optional. If not specified, only leaf (signing) certificate
/// is added to certificate list.
/// </param>
/// <returns>
/// An instance of <see cref="X509CertificateTrustList"/> class that represents signed certificate trust list.
/// </returns>
public X509CertificateTrustList Sign(MessageSigner signer, X509Certificate2Collection chain)
{
var cmsBuilder = new SignedCmsBuilder(oid, encodeCTL());
cmsBuilder.DigestAlgorithms.Add(new AlgorithmIdentifier(signer.HashingAlgorithm.ToOid(), new Byte[0]));
foreach (X509CertificateTrustListEntry entry in Entries.Where(x => x.Certificate != null))
{
cmsBuilder.Certificates.Add(entry.Certificate);
}
var signedCms = cmsBuilder.Sign(signer, chain);
return(new X509CertificateTrustList(signedCms.RawData));
}
