internal async Task CountersignAsync() { PrimarySignature primarySignature; using (var archiveReader = new PackageArchiveReader(SignedPackage)) { primarySignature = await archiveReader.GetPrimarySignatureAsync(CancellationToken.None); } using (var request = new UnknownSignPackageRequest( new X509Certificate2(Certificate), HashAlgorithmName.SHA256)) { var cmsSigner = SigningUtility.CreateCmsSigner(request, NullLogger.Instance); var signedCms = primarySignature.SignedCms; signedCms.SignerInfos[0].ComputeCounterSignature(cmsSigner); primarySignature = PrimarySignature.Load(signedCms.Encode()); } using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false)) using (var signedPackage = new MemoryStream()) using (var archive = new SignedPackageArchive(originalPackage, signedPackage)) using (var signatureStream = new MemoryStream(primarySignature.GetBytes())) { await archive.AddSignatureAsync(signatureStream, CancellationToken.None); SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false); } var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage); Assert.True(isSigned); }
// This generates a package with a basic signed CMS. // The signature MUST NOT have any signed or unsigned attributes. public static async Task <FileInfo> SignPackageFileWithBasicSignedCmsAsync( TestDirectory directory, FileInfo packageFile, X509Certificate2 certificate) { var signatureContent = CreateSignatureContent(packageFile); var signedPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString())); var signature = CreateSignature(signatureContent, certificate); using (var packageReadStream = packageFile.OpenRead()) using (var packageWriteStream = signedPackageFile.OpenWrite()) using (var package = new SignedPackageArchive(packageReadStream, packageWriteStream)) using (var signatureStream = new MemoryStream(signature.Encode())) { await package.AddSignatureAsync(signatureStream, CancellationToken.None); } return(signedPackageFile); }
// This generates a package with a basic signed CMS. // The signature MUST NOT have any signed or unsigned attributes. public static async Task <FileInfo> SignPackageFileWithBasicSignedCmsAsync( TestDirectory directory, FileInfo packageFile, X509Certificate2 certificate) { SignatureContent signatureContent; using (var stream = packageFile.OpenRead()) using (var hashAlgorithm = HashAlgorithmName.SHA256.GetHashProvider()) { var hash = hashAlgorithm.ComputeHash(stream, leaveStreamOpen: false); signatureContent = new SignatureContent(SigningSpecifications.V1, HashAlgorithmName.SHA256, Convert.ToBase64String(hash)); } var signedPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString())); var cmsSigner = new CmsSigner(certificate) { DigestAlgorithm = HashAlgorithmName.SHA256.ConvertToOid(), IncludeOption = X509IncludeOption.WholeChain }; var contentInfo = new ContentInfo(signatureContent.GetBytes()); var signature = new SignedCms(contentInfo); signature.ComputeSignature(cmsSigner); Assert.Empty(signature.SignerInfos[0].SignedAttributes); Assert.Empty(signature.SignerInfos[0].UnsignedAttributes); using (var packageReadStream = packageFile.OpenRead()) using (var packageWriteStream = signedPackageFile.OpenWrite()) using (var package = new SignedPackageArchive(packageReadStream, packageWriteStream)) using (var signatureStream = new MemoryStream(signature.Encode())) { await package.AddSignatureAsync(signatureStream, CancellationToken.None); } return(signedPackageFile); }