internal async Task CountersignAsync()
            {
                PrimarySignature primarySignature;

                using (var archiveReader = new PackageArchiveReader(SignedPackage))
                {
                    primarySignature = await archiveReader.GetPrimarySignatureAsync(CancellationToken.None);
                }

                using (var request = new UnknownSignPackageRequest(
                           new X509Certificate2(Certificate),
                           HashAlgorithmName.SHA256))
                {
                    var cmsSigner = SigningUtility.CreateCmsSigner(request, NullLogger.Instance);
                    var signedCms = primarySignature.SignedCms;

                    signedCms.SignerInfos[0].ComputeCounterSignature(cmsSigner);

                    primarySignature = PrimarySignature.Load(signedCms.Encode());
                }

                using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false))
                    using (var signedPackage = new MemoryStream())
                        using (var archive = new SignedPackageArchive(originalPackage, signedPackage))
                            using (var signatureStream = new MemoryStream(primarySignature.GetBytes()))
                            {
                                await archive.AddSignatureAsync(signatureStream, CancellationToken.None);

                                SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false);
                            }

                var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage);

                Assert.True(isSigned);
            }
        // This generates a package with a basic signed CMS.
        // The signature MUST NOT have any signed or unsigned attributes.
        public static async Task <FileInfo> SignPackageFileWithBasicSignedCmsAsync(
            TestDirectory directory,
            FileInfo packageFile,
            X509Certificate2 certificate)
        {
            var signatureContent  = CreateSignatureContent(packageFile);
            var signedPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString()));
            var signature         = CreateSignature(signatureContent, certificate);

            using (var packageReadStream = packageFile.OpenRead())
                using (var packageWriteStream = signedPackageFile.OpenWrite())
                    using (var package = new SignedPackageArchive(packageReadStream, packageWriteStream))
                        using (var signatureStream = new MemoryStream(signature.Encode()))
                        {
                            await package.AddSignatureAsync(signatureStream, CancellationToken.None);
                        }

            return(signedPackageFile);
        }
        // This generates a package with a basic signed CMS.
        // The signature MUST NOT have any signed or unsigned attributes.
        public static async Task <FileInfo> SignPackageFileWithBasicSignedCmsAsync(
            TestDirectory directory,
            FileInfo packageFile,
            X509Certificate2 certificate)
        {
            SignatureContent signatureContent;

            using (var stream = packageFile.OpenRead())
                using (var hashAlgorithm = HashAlgorithmName.SHA256.GetHashProvider())
                {
                    var hash = hashAlgorithm.ComputeHash(stream, leaveStreamOpen: false);
                    signatureContent = new SignatureContent(SigningSpecifications.V1, HashAlgorithmName.SHA256, Convert.ToBase64String(hash));
                }

            var signedPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString()));
            var cmsSigner         = new CmsSigner(certificate)
            {
                DigestAlgorithm = HashAlgorithmName.SHA256.ConvertToOid(),
                IncludeOption   = X509IncludeOption.WholeChain
            };

            var contentInfo = new ContentInfo(signatureContent.GetBytes());
            var signature   = new SignedCms(contentInfo);

            signature.ComputeSignature(cmsSigner);

            Assert.Empty(signature.SignerInfos[0].SignedAttributes);
            Assert.Empty(signature.SignerInfos[0].UnsignedAttributes);

            using (var packageReadStream = packageFile.OpenRead())
                using (var packageWriteStream = signedPackageFile.OpenWrite())
                    using (var package = new SignedPackageArchive(packageReadStream, packageWriteStream))
                        using (var signatureStream = new MemoryStream(signature.Encode()))
                        {
                            await package.AddSignatureAsync(signatureStream, CancellationToken.None);
                        }

            return(signedPackageFile);
        }