diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs
index f2bf172ed8..100a241502 100644
--- a/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs
+++ b/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs
@@ -372,46 +372,6 @@ public virtual void SetFieldNameToSigFieldWithoutWidgetsTest() {
reader.Close();
}
- [NUnit.Framework.Test]
- public virtual void PrepareDocumentTestWithSHA256() {
- PdfReader reader = new PdfReader(new MemoryStream(CreateSimpleDocument()));
- ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
- PdfSigner signer = new PdfSigner(reader, outputStream, new StampingProperties());
- String fieldName = signer.fieldName;
- int estimatedSize = 8079;
- byte[] digest = signer.PrepareDocumentForSignature(DigestAlgorithms.SHA256, PdfName.Adobe_PPKLite, PdfName
- .Adbe_pkcs7_detached, estimatedSize, false);
- PdfReader resultReader = new PdfReader(new MemoryStream(outputStream.ToArray()));
- PdfDocument resultDoc = new PdfDocument(resultReader);
- SignatureUtil signatureUtil = new SignatureUtil(resultDoc);
- PdfSignature signature = signatureUtil.GetSignature(fieldName);
- NUnit.Framework.Assert.AreEqual(estimatedSize, signature.GetContents().GetValueBytes().Length);
- }
-
- [NUnit.Framework.Test]
- public virtual void AddSignatureToPreparedDocumentTest() {
- PdfReader reader = new PdfReader(new MemoryStream(CreateSimpleDocument()));
- ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
- PdfSigner signer = new PdfSigner(reader, outputStream, new StampingProperties());
- String fieldName = signer.fieldName;
- int estimatedSize = 8079;
- byte[] digest = signer.PrepareDocumentForSignature(DigestAlgorithms.SHA256, PdfName.Adobe_PPKLite, PdfName
- .Adbe_pkcs7_detached, estimatedSize, false);
- PdfReader resultReader = new PdfReader(new MemoryStream(outputStream.ToArray()));
- PdfDocument resultDoc = new PdfDocument(resultReader);
- ByteArrayOutputStream completedOutputStream = new ByteArrayOutputStream();
- byte[] testData = ByteUtils.GetIsoBytes("Some data to test the signature addition with");
- PdfSigner.AddSignatureToPreparedDocument(resultDoc, fieldName, completedOutputStream, testData);
- resultReader = new PdfReader(new MemoryStream(completedOutputStream.ToArray()));
- resultDoc = new PdfDocument(resultReader);
- SignatureUtil signatureUtil = new SignatureUtil(resultDoc);
- PdfSignature signature = signatureUtil.GetSignature(fieldName);
- byte[] content = signature.GetContents().GetValueBytes();
- for (int i = 0; i < testData.Length; i++) {
- NUnit.Framework.Assert.AreEqual(testData[i], content[i]);
- }
- }
-
private static byte[] CreateDocumentWithEmptyField() {
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
PdfDocument pdfDocument = new PdfDocument(new PdfWriter(outputStream));
diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs
new file mode 100644
index 0000000000..ccad772b59
--- /dev/null
+++ b/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs
@@ -0,0 +1,114 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2024 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales. For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+using System;
+using System.IO;
+using iText.Bouncycastleconnector;
+using iText.Commons.Bouncycastle;
+using iText.IO.Source;
+using iText.Kernel.Pdf;
+using iText.Test;
+
+namespace iText.Signatures {
+ [NUnit.Framework.Category("BouncyCastleUnitTest")]
+ public class PdfTwoPhaseSignerUnitTest : ExtendedITextTest {
+ private static readonly IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.GetFactory();
+
+ private static readonly byte[] OWNER = "owner".GetBytes(System.Text.Encoding.UTF8);
+
+ private static readonly byte[] USER = "user".GetBytes(System.Text.Encoding.UTF8);
+
+ private static readonly String PDFA_RESOURCES = iText.Test.TestUtil.GetParentProjectDirectory(NUnit.Framework.TestContext
+ .CurrentContext.TestDirectory) + "/resources/itext/signatures/pdfa/";
+
+ private static readonly String DESTINATION_FOLDER = NUnit.Framework.TestContext.CurrentContext.TestDirectory
+ + "/test/itext/signatures/Pdf2PhaseSignerUnitTest/";
+
+ private static readonly String CERTS_SRC = iText.Test.TestUtil.GetParentProjectDirectory(NUnit.Framework.TestContext
+ .CurrentContext.TestDirectory) + "/resources/itext/signatures/certs/";
+
+ private static readonly char[] PASSWORD = "testpassphrase".ToCharArray();
+
+ [NUnit.Framework.OneTimeSetUp]
+ public static void Before() {
+ CreateOrClearDestinationFolder(DESTINATION_FOLDER);
+ }
+
+ [NUnit.Framework.Test]
+ public virtual void PrepareDocumentTestWithSHA256() {
+ PdfReader reader = new PdfReader(new MemoryStream(CreateSimpleDocument()));
+ ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+ PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream);
+ int estimatedSize = 8079;
+ SignerProperties signerProperties = new SignerProperties();
+ byte[] digest = signer.PrepareDocumentForSignature(signerProperties, DigestAlgorithms.SHA256, PdfName.Adobe_PPKLite
+ , PdfName.Adbe_pkcs7_detached, estimatedSize, false);
+ String fieldName = signerProperties.GetFieldName();
+ PdfReader resultReader = new PdfReader(new MemoryStream(outputStream.ToArray()));
+ PdfDocument resultDoc = new PdfDocument(resultReader);
+ SignatureUtil signatureUtil = new SignatureUtil(resultDoc);
+ PdfSignature signature = signatureUtil.GetSignature(fieldName);
+ NUnit.Framework.Assert.AreEqual(estimatedSize, signature.GetContents().GetValueBytes().Length);
+ }
+
+ [NUnit.Framework.Test]
+ public virtual void AddSignatureToPreparedDocumentTest() {
+ PdfReader reader = new PdfReader(new MemoryStream(CreateSimpleDocument()));
+ ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+ PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream);
+ int estimatedSize = 8079;
+ SignerProperties signerProperties = new SignerProperties();
+ byte[] digest = signer.PrepareDocumentForSignature(signerProperties, DigestAlgorithms.SHA256, PdfName.Adobe_PPKLite
+ , PdfName.Adbe_pkcs7_detached, estimatedSize, false);
+ String fieldName = signerProperties.GetFieldName();
+ PdfReader resultReader = new PdfReader(new MemoryStream(outputStream.ToArray()));
+ PdfDocument resultDoc = new PdfDocument(resultReader);
+ ByteArrayOutputStream completedOutputStream = new ByteArrayOutputStream();
+ byte[] testData = ByteUtils.GetIsoBytes("Some data to test the signature addition with");
+ PdfTwoPhaseSigner.AddSignatureToPreparedDocument(resultDoc, fieldName, completedOutputStream, testData);
+ resultReader = new PdfReader(new MemoryStream(completedOutputStream.ToArray()));
+ resultDoc = new PdfDocument(resultReader);
+ SignatureUtil signatureUtil = new SignatureUtil(resultDoc);
+ PdfSignature signature = signatureUtil.GetSignature(fieldName);
+ byte[] content = signature.GetContents().GetValueBytes();
+ for (int i = 0; i < testData.Length; i++) {
+ NUnit.Framework.Assert.AreEqual(testData[i], content[i]);
+ }
+ }
+
+ private static byte[] CreateSimpleDocument() {
+ return CreateSimpleDocument(PdfVersion.PDF_1_7);
+ }
+
+ private static byte[] CreateSimpleDocument(PdfVersion version) {
+ ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+ WriterProperties writerProperties = new WriterProperties();
+ if (null != version) {
+ writerProperties.SetPdfVersion(version);
+ }
+ PdfDocument document = new PdfDocument(new PdfWriter(outputStream, writerProperties));
+ document.AddNewPage();
+ document.Close();
+ return outputStream.ToArray();
+ }
+ }
+}
diff --git a/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs b/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs
index 4ef946f7f7..5492337358 100644
--- a/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs
+++ b/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs
@@ -128,13 +128,13 @@ public virtual void TestGetSizeEstimation() {
si.SetOcspResponses(fakeOcspREsponses);
si.SetCrlResponses(JavaCollectionsUtil.SingletonList(testCrlResponse));
si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512));
- si.SetSigningCertificateAndAddToSignedAttributes(signCert, SecurityIDs.ID_SHA512);
si.SetSignatureAlgorithm(new AlgorithmIdentifier(SignatureMechanisms.GetSignatureMechanismOid("RSA", DigestAlgorithms
.SHA512)));
+ si.SetSigningCertificateAndAddToSignedAttributes(signCert, SecurityIDs.ID_SHA512);
si.SetSignature(new byte[256]);
sut.SetSignerInfo(si);
long size = sut.GetSizeEstimation();
- NUnit.Framework.Assert.AreEqual(4827, size);
+ NUnit.Framework.Assert.AreEqual(4821, size);
}
[NUnit.Framework.Test]
diff --git a/itext.tests/itext.sign.tests/itext/signatures/cms/CMSTestHelper.cs b/itext.tests/itext.sign.tests/itext/signatures/cms/CMSTestHelper.cs
index 1514110e0a..368e9693de 100644
--- a/itext.tests/itext.sign.tests/itext/signatures/cms/CMSTestHelper.cs
+++ b/itext.tests/itext.sign.tests/itext/signatures/cms/CMSTestHelper.cs
@@ -126,49 +126,49 @@ internal class CMSTestHelper {
+ "fZ9dnvLL/Ncb34yHo0TVBy9bvbVEuWE/Skg5ygHQzBkXeETUMgvu+PhBCQq8BDFpv3o45LhZHnXWbRGUXnLhVrVE8F1FK7EW6y/N"
+ "PLKNu3R1lt7g/zX7481b6g0z7Exj";
- internal const String EXPECTED_RESULT_CMS_CONTAINER_TEST = "MIIS1wYJKoZIhvcNAQcCoIISyDCCEsQCAQExDzANBglghkgBZQMEAgMFADALBgkqhkiG9w0BBwGg"
- + "ggvqMIID6jCCAtKgAwIBAgIEWOeR1jANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJCWTEOMAwG" + "A1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4"
- + "dFRlc3RSb290MCAXDTE3MDQwNzEzMjAwMVoYDzIxMTcwNDA3MTMyMDAxWjBUMQswCQYDVQQGEwJC" + "WTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQD"
- + "DA1pVGV4dFRlc3RSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/fz7iq1wzhM" + "MYcGfmMmteCY/ZtdE26PB1OTTBuDSN86sVNmur5FV/mLPU9ZK2ofrs+wMrqn0agmFlRl4dThf5u5"
- + "WSEQ/ARwXzYOn2uEkwR/0dwwZUL3VWhrPSD5SxX5MzFo8UXTNlXW2bClLC0FQU2qLjIwwRFwwWDS" + "QPR8r/Mv181RljVpEjPk6DfkDtHWWA4daGlQU0nXbuZszplviPafXmyKn+2w4G9Jw/8pHIK2VhWY"
- + "stLI+bUZk662ZVldNvnpMyHn12FfB0Nbf/Z6V2WTGviEr8EEE2cA7I+H7ZGUDzug7umNCCJn3ilC" + "6vAt9i9OLaZRDh6jPMOjMUizTwIDAQABo4HBMIG+MA8GA1UdEwEB/wQFMAMBAf8wfwYDVR0jBHgw"
- + "doAUXSpxda7d2L5ZuiCxZpHJdjZTXO6hWKRWMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5z" + "azEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0VGVzdFJvb3SC"
- + "BFjnkdYwHQYDVR0OBBYEFF0qcXWu3di+WbogsWaRyXY2U1zuMAsGA1UdDwQEAwIB9jANBgkqhkiG" + "9w0BAQsFAAOCAQEAdhby6EaopoUF8j7oR44Mhe/N3y9hzGb/zLmmgTavPd2plv6NlAPt9W+8rezK"
- + "O6jQCsBRFw8JY+Lx6j3W0K6rWigBpPGU/B/0bXLlOIv2a4uW8nBmq6jxAe5Xbtwm8HcKOOLMzxPI" + "ChHJIJy5NWw9ArD4Ul+FEt/VuEW1NfPZm1U5ixMOrBfn0C8pxIX4+VSHN9I8WoFjSfYX4Y3ldRLT"
- + "eqxQrhZQlbhGNymp3Kcvtuq5At6vopskyB8Q1b7L4e+hRWK2prz/7p4Bdhu2TmkEfWZcYKpgrkVF" + "qa/Z1uZ0q4KVBOP3cyaQmqRXTV37SfpNyHAJdol5ueF68VVVNZFRXzCCA/cwggLfoAMCAQICBFxs"
- + "KrcwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQK" + "DAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdDAgFw0xOTAyMTkx"
- + "NjE2NDdaGA8yMTE5MDIxOTE2MTY0N1owYTELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4w" + "DAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEjMCEGA1UEAwwaaVRleHRUZXN0SW50ZXJtZWRp"
- + "YXRlUnNhMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1ZSP/QPAJgCYLo40PZzLP" + "UiTPvdV4YM9ZyQbpPuAaM9/+dD98m/DHhNRquKEeEyBOtqhQRaEq6dXezcY/omjpnVB1d8qymAKF"
- + "HjDCwmay2g1V7xCq+NguScY6FfSS0qf4BR9l7RM5RFJRGBqqLSX0KpSuzrnwH4W1+uvbzXasrIRa" + "8VnhrrT3d5NdrrJfR8u54j0iCvaytDvL0itefp3hMmayGmcTqNFR82raZoTnN7sJXVcIaSJBfgyh"
- + "e3W0Lspcap3s9Kjtq6LN3UB6Tu8HpGjJa9AMflTAIGWKyovHYgycTOlRxCictiEfTDzd653667J/" + "4PIANUWQkrqXcEV/AgMBAAGjgcEwgb4wDwYDVR0TAQH/BAUwAwEB/zB/BgNVHSMEeDB2gBRdKnF1"
- + "rt3Yvlm6ILFmkcl2NlNc7qFYpFYwVDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYD" + "VQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdIIEWOeR1jAd"
- + "BgNVHQ4EFgQU+fZz3YlV41AjV8fQsSoS9TYj5HEwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUA" + "A4IBAQCFLmV4qA6fnMfqyY92jpnbbuhwNQBq06tRdTsT6jLmzUSSh+dUYpSaA6Q4lbr8l9EJnIci"
- + "01L0Sqddt5ujasib+fVdp8M2dBgR6jEt0k5cHemhx6wpgHfqBCI0CGq4tG6wc30CF9rhV4HvouH0" + "DZnccjW+ku/Os3Wg8LW+0TXBsCfLCW+S4OfEC/PMhB7aVXoV9SlCGrFnfU/Ae4q2RhZypSj95XEX"
- + "ZJyGSC8cJzOtKy9tRSKflcoUO+6tnl488E0ZYyPWSkeK50ZIlmaf7qcc/oJU0yH9ukYJ32beta3U" + "7fyG+/cvYnRYv6hG0TCelU//3mJ3jKeCS5QHtbeiIUNlMIID/TCCAuWgAwIBAgIEXGwsIjANBgkq"
- + "hkiG9w0BAQsFADBhMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0" + "MQ0wCwYDVQQLDAR0ZXN0MSMwIQYDVQQDDBppVGV4dFRlc3RJbnRlcm1lZGlhdGVSc2EwMTAgFw0x"
- + "OTAyMTkxNjIwMTVaGA8yMTE5MDIxOTE2MjAxNVowYDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1p" + "bnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEiMCAGA1UEAwwZaVRleHRUZXN0UnNh"
- + "Q2VydFdpdGhDaGFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMNBVdCUyzCDrYJU" + "zgkZj4O8yQlnNfBTcbjr4wBB9Fgin88wRh1Q28/6MYyZvBDZ/O8irgcXtxYPPZ5sEfvYETZRX/4N"
- + "cfaX50Yjs7cBttY2ycRUEeSqyOfpV+llNoaMPh4n3DLmGEgAiqOf7sS4II3sSCMfkmTAPLxsXMxz" + "jFoZBIBd43p6QrgXnxLnnQiRTRyfx2O+yPlb6oQZMc1Li5uENrPMmYyPVSt+Kx9qa47Ieh9NQxWM"
- + "i41ad7gVWwLSyB8zydYtpZYh4/6/KtVRecV1aNh7Wzr9idprmP1SPijsiiSj/gIuZGHnRkkayJfg" + "Y9x8bLuCcKQr+3JN0b3NxjUCAwEAAaOBuzCBuDAJBgNVHRMEAjAAMH8GA1UdIwR4MHaAFPn2c92J"
- + "VeNQI1fH0LEqEvU2I+RxoVikVjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV" + "BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290ggRcbCq3MB0G"
- + "A1UdDgQWBBT9n6P7M0+sxcQZaLmT3nHvwMtcDjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQAD" + "ggEBAKw+KJXyMz3jXoeNpRVpUp2vVt/qxdHkXMmHB8Govrri6+ys6GX1qNi6ORkr6mxS58/h+V5X"
- + "a0vnZv+Vgs/278MSfWXA5LZT+JduDp8gNN7GLQ2wu6WEDEAcG2RfjPJuuToml4iHk+2z3feUQLbd" + "D89R4bM6W0FwZhz149Secf6gm/M2RmeftODgU9Sej59ByLRGxqhrfBlNCbu08SrEY4HxaRawWX2S"
- + "v1tkTsqkyXT5C59s7Q2jzRSFvuF59LsDU36JEUB0cMth3z7ebmmB9oVXaauCwWp3XwEQtCGg1Rcf" + "Ll7BdsrObHVF87AW3j55qCKuyO9C8BvYLCv9GdF9LbYxggaxMIIGrQIBATBpMGExCzAJBgNVBAYT"
- + "AkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxIzAhBgNV" + "BAMMGmlUZXh0VGVzdEludGVybWVkaWF0ZVJzYTAxAgRcbCwiMA0GCWCGSAFlAwQCAwUAoIIFGTAY"
- + "BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMIHXBgsqhkiG9w0BCRACLzGBxzCBxDCBwTCBvjALBglg" + "hkgBZQMEAgMEQAJAICi7FPbZ7MwuzR4m/aK+S1eD6bzTwuOyR7FTgIO8qLDmq9xnUmiZk1Qx7DIA"
- + "ZJkHriWUtM6HRka/few5zPQwbTBlpGMwYTELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4w" + "DAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEjMCEGA1UEAwwaaVRleHRUZXN0SW50ZXJtZWRp"
- + "YXRlUnNhMDECBFxsLCIwggETBgkqhkiG9w0BCQQxggEEBIIBAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAwggMKBgkqhkiG9y8BAQgwggL7oIIB2DCCAdQwggHQMIG5AgEBMA0GCSqGSIb3DQEB"
- + "CwUAMGAxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwGA1UECgwFaVRleHQxDTALBgNV" + "BAsMBHRlc3QxIjAgBgNVBAMMGWlUZXh0VGVzdFJzYUNlcnRXaXRoQ2hhaW4XDTAwMDIxMzE0MTQw"
- + "MloXDTAwMDMxNTE0MTQwMlowJTAjAgRcbCwiFw0wMDAzMTUxNDE0MDJaMAwwCgYDVR0VBAMKAQEw" + "DQYJKoZIhvcNAQELBQADggEBAIeIbqsKfjoikO+0dfZJEz9rOr6uGu9lnlrG+gEiR5GjV58DBufx"
- + "/7RXbBHEG8YVawTCC5OXNdLdtP1wN+9HUcoOyNR+9xIRzi0TPO9etmidXVDdndMR7hIGMl2Vi8Kg" + "05hdGWXLjyqLoi4vcyHjQQ7PQASFHxKGERjjcVtE3cOWVLMdk6n/+z8l5dfBNrDsIS/SaiVuXeCb"
- + "pfeCVYfSj2ICPfswg902kDHWyNCrdoJuMwTEszsHpcgviDqRFVIVpi6lVSJRPJAlpCBoWbaqFCcH" + "UVZ4tERvMcJkTKJ9/o4FhNWr6lpi9JwQ6BJQOQ1IfephWG4ELRlkx0yGfuyXZZ2hggEbMIIBFzCC"
- + "ARMKAQCgggEMMIIBCAYJKwYBBQUHMAEBBIH6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADANBgkqhkiG" + "9w0BAQ0FAASCAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+ internal const String EXPECTED_RESULT_CMS_CONTAINER_TEST = "MIIS0QYJKoZIhvcNAQcCoIISwjCCEr4CAQExDTALBglghkgBZQMEAgMwCwYJKoZIhvcNAQcBoIIL\n"
+ + "6jCCA+owggLSoAMCAQICBFjnkdYwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQlkxDjAMBgNV\n" + "BAcMBU1pbnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRU\n"
+ + "ZXN0Um9vdDAgFw0xNzA0MDcxMzIwMDFaGA8yMTE3MDQwNzEzMjAwMVowVDELMAkGA1UEBhMCQlkx\n" + "DjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwN\n"
+ + "aVRleHRUZXN0Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM/38+4qtcM4TDGH\n" + "Bn5jJrXgmP2bXRNujwdTk0wbg0jfOrFTZrq+RVf5iz1PWStqH67PsDK6p9GoJhZUZeHU4X+buVkh\n"
+ + "EPwEcF82Dp9rhJMEf9HcMGVC91Voaz0g+UsV+TMxaPFF0zZV1tmwpSwtBUFNqi4yMMERcMFg0kD0\n" + "fK/zL9fNUZY1aRIz5Og35A7R1lgOHWhpUFNJ127mbM6Zb4j2n15sip/tsOBvScP/KRyCtlYVmLLS\n"
+ + "yPm1GZOutmVZXTb56TMh59dhXwdDW3/2eldlkxr4hK/BBBNnAOyPh+2RlA87oO7pjQgiZ94pQurw\n" + "LfYvTi2mUQ4eozzDozFIs08CAwEAAaOBwTCBvjAPBgNVHRMBAf8EBTADAQH/MH8GA1UdIwR4MHaA\n"
+ + "FF0qcXWu3di+WbogsWaRyXY2U1zuoVikVjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sx\n" + "DjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290ggRY\n"
+ + "55HWMB0GA1UdDgQWBBRdKnF1rt3Yvlm6ILFmkcl2NlNc7jALBgNVHQ8EBAMCAfYwDQYJKoZIhvcN\n" + "AQELBQADggEBAHYW8uhGqKaFBfI+6EeODIXvzd8vYcxm/8y5poE2rz3dqZb+jZQD7fVvvK3syjuo\n"
+ + "0ArAURcPCWPi8eo91tCuq1ooAaTxlPwf9G1y5TiL9muLlvJwZquo8QHuV27cJvB3CjjizM8TyAoR\n" + "ySCcuTVsPQKw+FJfhRLf1bhFtTXz2ZtVOYsTDqwX59AvKcSF+PlUhzfSPFqBY0n2F+GN5XUS03qs\n"
+ + "UK4WUJW4RjcpqdynL7bquQLer6KbJMgfENW+y+HvoUVitqa8/+6eAXYbtk5pBH1mXGCqYK5FRamv\n" + "2dbmdKuClQTj93MmkJqkV01d+0n6TchwCXaJebnhevFVVTWRUV8wggP3MIIC36ADAgECAgRcbCq3\n"
+ + "MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwGA1UECgwF\n" + "aVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0VGVzdFJvb3QwIBcNMTkwMjE5MTYx\n"
+ + "NjQ3WhgPMjExOTAyMTkxNjE2NDdaMGExCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwG\n" + "A1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxIzAhBgNVBAMMGmlUZXh0VGVzdEludGVybWVkaWF0\n"
+ + "ZVJzYTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWUj/0DwCYAmC6OND2cyz1Ik\n" + "z73VeGDPWckG6T7gGjPf/nQ/fJvwx4TUarihHhMgTraoUEWhKunV3s3GP6Jo6Z1QdXfKspgChR4w\n"
+ + "wsJmstoNVe8QqvjYLknGOhX0ktKn+AUfZe0TOURSURgaqi0l9CqUrs658B+Ftfrr2812rKyEWvFZ\n" + "4a6093eTXa6yX0fLueI9Igr2srQ7y9IrXn6d4TJmshpnE6jRUfNq2maE5ze7CV1XCGkiQX4MoXt1\n"
+ + "tC7KXGqd7PSo7auizd1Aek7vB6RoyWvQDH5UwCBlisqLx2IMnEzpUcQonLYhH0w83eud+uuyf+Dy\n" + "ADVFkJK6l3BFfwIDAQABo4HBMIG+MA8GA1UdEwEB/wQFMAMBAf8wfwYDVR0jBHgwdoAUXSpxda7d\n"
+ + "2L5ZuiCxZpHJdjZTXO6hWKRWMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwGA1UE\n" + "CgwFaVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0VGVzdFJvb3SCBFjnkdYwHQYD\n"
+ + "VR0OBBYEFPn2c92JVeNQI1fH0LEqEvU2I+RxMAsGA1UdDwQEAwIBhjANBgkqhkiG9w0BAQsFAAOC\n" + "AQEAhS5leKgOn5zH6smPdo6Z227ocDUAatOrUXU7E+oy5s1EkofnVGKUmgOkOJW6/JfRCZyHItNS\n"
+ + "9EqnXbebo2rIm/n1XafDNnQYEeoxLdJOXB3pocesKYB36gQiNAhquLRusHN9Ahfa4VeB76Lh9A2Z\n" + "3HI1vpLvzrN1oPC1vtE1wbAnywlvkuDnxAvzzIQe2lV6FfUpQhqxZ31PwHuKtkYWcqUo/eVxF2Sc\n"
+ + "hkgvHCczrSsvbUUin5XKFDvurZ5ePPBNGWMj1kpHiudGSJZmn+6nHP6CVNMh/bpGCd9m3rWt1O38\n" + "hvv3L2J0WL+oRtEwnpVP/95id4yngkuUB7W3oiFDZTCCA/0wggLloAMCAQICBFxsLCIwDQYJKoZI\n"
+ + "hvcNAQELBQAwYTELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQKDAVpVGV4dDEN\n" + "MAsGA1UECwwEdGVzdDEjMCEGA1UEAwwaaVRleHRUZXN0SW50ZXJtZWRpYXRlUnNhMDEwIBcNMTkw\n"
+ + "MjE5MTYyMDE1WhgPMjExOTAyMTkxNjIwMTVaMGAxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5z\n" + "azEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxIjAgBgNVBAMMGWlUZXh0VGVzdFJzYUNl\n"
+ + "cnRXaXRoQ2hhaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDQVXQlMswg62CVM4J\n" + "GY+DvMkJZzXwU3G46+MAQfRYIp/PMEYdUNvP+jGMmbwQ2fzvIq4HF7cWDz2ebBH72BE2UV/+DXH2\n"
+ + "l+dGI7O3AbbWNsnEVBHkqsjn6VfpZTaGjD4eJ9wy5hhIAIqjn+7EuCCN7EgjH5JkwDy8bFzMc4xa\n" + "GQSAXeN6ekK4F58S550IkU0cn8djvsj5W+qEGTHNS4ubhDazzJmMj1UrfisfamuOyHofTUMVjIuN\n"
+ + "Wne4FVsC0sgfM8nWLaWWIeP+vyrVUXnFdWjYe1s6/Ynaa5j9Uj4o7Ioko/4CLmRh50ZJGsiX4GPc\n" + "fGy7gnCkK/tyTdG9zcY1AgMBAAGjgbswgbgwCQYDVR0TBAIwADB/BgNVHSMEeDB2gBT59nPdiVXj\n"
+ + "UCNXx9CxKhL1NiPkcaFYpFYwVDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQK\n" + "DAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdIIEXGwqtzAdBgNV\n"
+ + "HQ4EFgQU/Z+j+zNPrMXEGWi5k95x78DLXA4wCwYDVR0PBAQDAgbAMA0GCSqGSIb3DQEBCwUAA4IB\n" + "AQCsPiiV8jM9416HjaUVaVKdr1bf6sXR5FzJhwfBqL664uvsrOhl9ajYujkZK+psUufP4fleV2tL\n"
+ + "52b/lYLP9u/DEn1lwOS2U/iXbg6fIDTexi0NsLulhAxAHBtkX4zybrk6JpeIh5Pts933lEC23Q/P\n" + "UeGzOltBcGYc9ePUnnH+oJvzNkZnn7Tg4FPUno+fQci0Rsaoa3wZTQm7tPEqxGOB8WkWsFl9kr9b\n"
+ + "ZE7KpMl0+QufbO0No80Uhb7hefS7A1N+iRFAdHDLYd8+3m5pgfaFV2mrgsFqd18BELQhoNUXHy5e\n" + "wXbKzmx1RfOwFt4+eagirsjvQvAb2Cwr/RnRfS22MYIGrTCCBqkCAQEwaTBhMQswCQYDVQQGEwJC\n"
+ + "WTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MSMwIQYDVQQD\n" + "DBppVGV4dFRlc3RJbnRlcm1lZGlhdGVSc2EwMQIEXGwsIjALBglghkgBZQMEAgOgggUZMBgGCSqG\n"
+ + "SIb3DQEJAzELBgkqhkiG9w0BBwEwgdcGCyqGSIb3DQEJEAIvMYHHMIHEMIHBMIG+MAsGCWCGSAFl\n" + "AwQCAwRAAkAgKLsU9tnszC7NHib9or5LV4PpvNPC47JHsVOAg7yosOar3GdSaJmTVDHsMgBkmQeu\n"
+ + "JZS0zodGRr997DnM9DBtMGWkYzBhMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV\n" + "BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MSMwIQYDVQQDDBppVGV4dFRlc3RJbnRlcm1lZGlhdGVS\n"
+ + "c2EwMQIEXGwsIjCCARMGCSqGSIb3DQEJBDGCAQQEggEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAADCCAwoGCSqGSIb3LwEBCDCCAvugggHYMIIB1DCCAdAwgbkCAQEwDQYJKoZIhvcNAQELBQAw\n"
+ + "YDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwE\n" + "dGVzdDEiMCAGA1UEAwwZaVRleHRUZXN0UnNhQ2VydFdpdGhDaGFpbhcNMDAwMjEzMTQxNDAyWhcN\n"
+ + "MDAwMzE1MTQxNDAyWjAlMCMCBFxsLCIXDTAwMDMxNTE0MTQwMlowDDAKBgNVHRUEAwoBATANBgkq\n" + "hkiG9w0BAQsFAAOCAQEAh4huqwp+OiKQ77R19kkTP2s6vq4a72WeWsb6ASJHkaNXnwMG5/H/tFds\n"
+ + "EcQbxhVrBMILk5c10t20/XA370dRyg7I1H73EhHOLRM87162aJ1dUN2d0xHuEgYyXZWLwqDTmF0Z\n" + "ZcuPKouiLi9zIeNBDs9ABIUfEoYRGONxW0Tdw5ZUsx2Tqf/7PyXl18E2sOwhL9JqJW5d4Jul94JV\n"
+ + "h9KPYgI9+zCD3TaQMdbI0Kt2gm4zBMSzOwelyC+IOpEVUhWmLqVVIlE8kCWkIGhZtqoUJwdRVni0\n" + "RG8xwmRMon3+jgWE1avqWmL0nBDoElA5DUh96mFYbgQtGWTHTIZ+7JdlnaGCARswggEXMIIBEwoB\n"
+ + "AKCCAQwwggEIBgkrBgEFBQcwAQEEgfoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAsGCSqGSIb3DQEB\n" + "DQSCAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
internal const String MESSAGE_DIGEST_STRING = "This a a 'long' string representing the message digest\r\n"
+ "0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789\r\n"
@@ -289,24 +289,24 @@ internal class CMSTestHelper {
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
- internal const String EXPECTEDRESULT_4 = "MIIHtQIBATBpMGExCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwGA1UECgwFaVRleHQx"
- + "DTALBgNVBAsMBHRlc3QxIzAhBgNVBAMMGmlUZXh0VGVzdEludGVybWVkaWF0ZVJzYTAxAgRcbCwi" + "MA0GCWCGSAFlAwQCAwUAoIIFCzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMIHXBgsqhkiG9w0B"
- + "CRACLzGBxzCBxDCBwTCBvjALBglghkgBZQMEAgMEQAJAICi7FPbZ7MwuzR4m/aK+S1eD6bzTwuOy" + "R7FTgIO8qLDmq9xnUmiZk1Qx7DIAZJkHriWUtM6HRka/few5zPQwbTBlpGMwYTELMAkGA1UEBhMC"
- + "QlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEjMCEGA1UE" + "AwwaaVRleHRUZXN0SW50ZXJtZWRpYXRlUnNhMDECBFxsLCIwggQTBgkqhkiG9w0BCQQxggQEBIIE"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw"
- + "DQYJKoZIhvcNAQEKBQAEggIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAChFDASBgkqhkiG9w0BCQUxBQIDAeJA";
+ internal const String EXPECTEDRESULT_4 = "MIIHsQIBATBpMGExCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwGA1UECgwFaVRleHQx\n"
+ + "DTALBgNVBAsMBHRlc3QxIzAhBgNVBAMMGmlUZXh0VGVzdEludGVybWVkaWF0ZVJzYTAxAgRcbCwi\n" + "MAsGCWCGSAFlAwQCA6CCBQswGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATCB1wYLKoZIhvcNAQkQ\n"
+ + "Ai8xgccwgcQwgcEwgb4wCwYJYIZIAWUDBAIDBEACQCAouxT22ezMLs0eJv2ivktXg+m808Ljskex\n" + "U4CDvKiw5qvcZ1JomZNUMewyAGSZB64llLTOh0ZGv33sOcz0MG0wZaRjMGExCzAJBgNVBAYTAkJZ\n"
+ + "MQ4wDAYDVQQHDAVNaW5zazEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxIzAhBgNVBAMM\n" + "GmlUZXh0VGVzdEludGVybWVkaWF0ZVJzYTAxAgRcbCwiMIIEEwYJKoZIhvcNAQkEMYIEBASCBAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAsG\n"
+ + "CSqGSIb3DQEBCgSCAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAKEUMBIGCSqGSIb3DQEJBTEFAgMB4kA=";
internal const String EXPECTEDRESULT_5 = "MYIGIDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMIIB6wYJKoZIhvcvAQEIMIIB3KCCAdgwggHU"
+ "MIIB0DCBuQIBATANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sx" + "DjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MSIwIAYDVQQDDBlpVGV4dFRlc3RSc2FDZXJ0"
@@ -324,59 +324,59 @@ internal class CMSTestHelper {
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
- internal const String CMS_CONTAINER_WITH_OCSP_AND_CRL = "MIIXHAYJKoZIhvcNAQcCoIIXDTCCFwkCAQExDzANBglghkgBZQMEAgMFA"
- + "DALBgkqhkiG9w0BBwGgggvqMIID6jCCAtKgAwIBAgIEWOeR1jANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJCWTEOMAwG" +
- "A1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4" + "dFRlc3RSb290MCAXDTE3MDQwNzEzMjAwMVoYDzIxMTcwNDA3MTMyMDAxWjBUMQswCQYDVQQGEwJC"
- + "WTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQD" + "DA1pVGV4dFRlc3RSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/fz7iq1wzhM"
- + "MYcGfmMmteCY/ZtdE26PB1OTTBuDSN86sVNmur5FV/mLPU9ZK2ofrs+wMrqn0agmFlRl4dThf5u5" + "WSEQ/ARwXzYOn2uEkwR/0dwwZUL3VWhrPSD5SxX5MzFo8UXTNlXW2bClLC0FQU2qLjIwwRFwwWDS"
- + "QPR8r/Mv181RljVpEjPk6DfkDtHWWA4daGlQU0nXbuZszplviPafXmyKn+2w4G9Jw/8pHIK2VhWY" + "stLI+bUZk662ZVldNvnpMyHn12FfB0Nbf/Z6V2WTGviEr8EEE2cA7I+H7ZGUDzug7umNCCJn3ilC"
- + "6vAt9i9OLaZRDh6jPMOjMUizTwIDAQABo4HBMIG+MA8GA1UdEwEB/wQFMAMBAf8wfwYDVR0jBHgw" + "doAUXSpxda7d2L5ZuiCxZpHJdjZTXO6hWKRWMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5z"
- + "azEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0VGVzdFJvb3SC" + "BFjnkdYwHQYDVR0OBBYEFF0qcXWu3di+WbogsWaRyXY2U1zuMAsGA1UdDwQEAwIB9jANBgkqhkiG"
- + "9w0BAQsFAAOCAQEAdhby6EaopoUF8j7oR44Mhe/N3y9hzGb/zLmmgTavPd2plv6NlAPt9W+8rezK" + "O6jQCsBRFw8JY+Lx6j3W0K6rWigBpPGU/B/0bXLlOIv2a4uW8nBmq6jxAe5Xbtwm8HcKOOLMzxPI"
- + "ChHJIJy5NWw9ArD4Ul+FEt/VuEW1NfPZm1U5ixMOrBfn0C8pxIX4+VSHN9I8WoFjSfYX4Y3ldRLT" + "eqxQrhZQlbhGNymp3Kcvtuq5At6vopskyB8Q1b7L4e+hRWK2prz/7p4Bdhu2TmkEfWZcYKpgrkVF"
- + "qa/Z1uZ0q4KVBOP3cyaQmqRXTV37SfpNyHAJdol5ueF68VVVNZFRXzCCA/cwggLfoAMCAQICBFxs" + "KrcwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQK"
- + "DAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdDAgFw0xOTAyMTkx" + "NjE2NDdaGA8yMTE5MDIxOTE2MTY0N1owYTELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4w"
- + "DAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEjMCEGA1UEAwwaaVRleHRUZXN0SW50ZXJtZWRp" + "YXRlUnNhMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1ZSP/QPAJgCYLo40PZzLP"
- + "UiTPvdV4YM9ZyQbpPuAaM9/+dD98m/DHhNRquKEeEyBOtqhQRaEq6dXezcY/omjpnVB1d8qymAKF" + "HjDCwmay2g1V7xCq+NguScY6FfSS0qf4BR9l7RM5RFJRGBqqLSX0KpSuzrnwH4W1+uvbzXasrIRa"
- + "8VnhrrT3d5NdrrJfR8u54j0iCvaytDvL0itefp3hMmayGmcTqNFR82raZoTnN7sJXVcIaSJBfgyh" + "e3W0Lspcap3s9Kjtq6LN3UB6Tu8HpGjJa9AMflTAIGWKyovHYgycTOlRxCictiEfTDzd653667J/"
- + "4PIANUWQkrqXcEV/AgMBAAGjgcEwgb4wDwYDVR0TAQH/BAUwAwEB/zB/BgNVHSMEeDB2gBRdKnF1" + "rt3Yvlm6ILFmkcl2NlNc7qFYpFYwVDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYD"
- + "VQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdIIEWOeR1jAd" + "BgNVHQ4EFgQU+fZz3YlV41AjV8fQsSoS9TYj5HEwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUA"
- + "A4IBAQCFLmV4qA6fnMfqyY92jpnbbuhwNQBq06tRdTsT6jLmzUSSh+dUYpSaA6Q4lbr8l9EJnIci" + "01L0Sqddt5ujasib+fVdp8M2dBgR6jEt0k5cHemhx6wpgHfqBCI0CGq4tG6wc30CF9rhV4HvouH0"
- + "DZnccjW+ku/Os3Wg8LW+0TXBsCfLCW+S4OfEC/PMhB7aVXoV9SlCGrFnfU/Ae4q2RhZypSj95XEX" + "ZJyGSC8cJzOtKy9tRSKflcoUO+6tnl488E0ZYyPWSkeK50ZIlmaf7qcc/oJU0yH9ukYJ32beta3U"
- + "7fyG+/cvYnRYv6hG0TCelU//3mJ3jKeCS5QHtbeiIUNlMIID/TCCAuWgAwIBAgIEXGwsIjANBgkq" + "hkiG9w0BAQsFADBhMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0"
- + "MQ0wCwYDVQQLDAR0ZXN0MSMwIQYDVQQDDBppVGV4dFRlc3RJbnRlcm1lZGlhdGVSc2EwMTAgFw0x" + "OTAyMTkxNjIwMTVaGA8yMTE5MDIxOTE2MjAxNVowYDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1p"
- + "bnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEiMCAGA1UEAwwZaVRleHRUZXN0UnNh" + "Q2VydFdpdGhDaGFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMNBVdCUyzCDrYJU"
- + "zgkZj4O8yQlnNfBTcbjr4wBB9Fgin88wRh1Q28/6MYyZvBDZ/O8irgcXtxYPPZ5sEfvYETZRX/4N" + "cfaX50Yjs7cBttY2ycRUEeSqyOfpV+llNoaMPh4n3DLmGEgAiqOf7sS4II3sSCMfkmTAPLxsXMxz"
- + "jFoZBIBd43p6QrgXnxLnnQiRTRyfx2O+yPlb6oQZMc1Li5uENrPMmYyPVSt+Kx9qa47Ieh9NQxWM" + "i41ad7gVWwLSyB8zydYtpZYh4/6/KtVRecV1aNh7Wzr9idprmP1SPijsiiSj/gIuZGHnRkkayJfg"
- + "Y9x8bLuCcKQr+3JN0b3NxjUCAwEAAaOBuzCBuDAJBgNVHRMEAjAAMH8GA1UdIwR4MHaAFPn2c92J" + "VeNQI1fH0LEqEvU2I+RxoVikVjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV"
- + "BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290ggRcbCq3MB0G" + "A1UdDgQWBBT9n6P7M0+sxcQZaLmT3nHvwMtcDjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQAD"
- + "ggEBAKw+KJXyMz3jXoeNpRVpUp2vVt/qxdHkXMmHB8Govrri6+ys6GX1qNi6ORkr6mxS58/h+V5X" + "a0vnZv+Vgs/278MSfWXA5LZT+JduDp8gNN7GLQ2wu6WEDEAcG2RfjPJuuToml4iHk+2z3feUQLbd"
- + "D89R4bM6W0FwZhz149Secf6gm/M2RmeftODgU9Sej59ByLRGxqhrfBlNCbu08SrEY4HxaRawWX2S" + "v1tkTsqkyXT5C59s7Q2jzRSFvuF59LsDU36JEUB0cMth3z7ebmmB9oVXaauCwWp3XwEQtCGg1Rcf"
- + "Ll7BdsrObHVF87AW3j55qCKuyO9C8BvYLCv9GdF9LbahggdPMIIB0DCBuQIBATANBgkqhkiG9w0B" + "AQsFADBgMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYD"
- + "VQQLDAR0ZXN0MSIwIAYDVQQDDBlpVGV4dFRlc3RSc2FDZXJ0V2l0aENoYWluFw0wMDAyMTMxNDE0" + "MDJaFw0wMDAzMTUxNDE0MDJaMCUwIwIEXGwsIhcNMDAwMzE1MTQxNDAyWjAMMAoGA1UdFQQDCgEB"
- + "MA0GCSqGSIb3DQEBCwUAA4IBAQCHiG6rCn46IpDvtHX2SRM/azq+rhrvZZ5axvoBIkeRo1efAwbn" + "8f+0V2wRxBvGFWsEwguTlzXS3bT9cDfvR1HKDsjUfvcSEc4tEzzvXrZonV1Q3Z3TEe4SBjJdlYvC"
- + "oNOYXRlly48qi6IuL3Mh40EOz0AEhR8ShhEY43FbRN3DllSzHZOp//s/JeXXwTaw7CEv0molbl3g" + "m6X3glWH0o9iAj37MIPdNpAx1sjQq3aCbjMExLM7B6XIL4g6kRVSFaYupVUiUTyQJaQgaFm2qhQn"
- + "B1FWeLREbzHCZEyiff6OBYTVq+paYvScEOgSUDkNSH3qYVhuBC0ZZMdMhn7sl2WdMIIFdwYIKwYB" + "BQUHEAIwggVpCgEAMIIFYgYJKwYBBQUHMAEBBIIFUzCCBU8wgduhOjA4MQswCQYDVQQGEwJCWTEO"
- + "MAwGA1UECgwFaVRleHQxGTAXBgNVBAMMEGlUZXh0VGVzdFJvb3RSc2EYDzIwMjExMjE2MDAxMDM3" + "WjBnMGUwPTAJBgUrDgMCGgUABBS3N/pakPMumDlViKRP2+K6XJgJDAQUXSpxda7d2L5ZuiCxZpHJ"
- + "djZTXO4CBFjnsOyAABgPMjAyMTEyMTUwMDEwMzdaoBEYDzIwMjIwMTE1MDAxMDM3WqEjMCEwHwYJ" + "KwYBBQUHMAECBBIEELP0PeKhpRxyfh6liMz0JGEwDQYJKoZIhvcNAQELBQADggEBAIMlJDB0yNel"
- + "AddKAVDQ/4oKN0OSFvvmf/WcMtlyMvo1iGnfPj5kVOBGwu9QnPP59K/l42eK7MS5PdwQKpy0F9Rs" + "a8a2JKIwjEFZSvrlkBshRCWEH2nVD1Bv+FBoDpP+87UR2DFazK06lCeN3wjEfXXf/Kqxa+Eum8ks"
- + "ejG5nv5DzKz7QAiywrIes3TEBKAUuGLIYl9g044+Tcc5cy0YtLpwDTGPY1GjnKvJ6rBaARmuF6Va" + "4kzN5TinGFdolMjLRhPSEz/yu3js1yRa1io/OpnfuS+3+YKBth/4Ha4S/RExUhrGzRvuCJKaQN1Z"
- + "Au086IJYnl7DZB+JEKu0zgqQTwGgggNZMIIDVTCCA1EwggI5oAMCAQICAhAAMA0GCSqGSIb3DQEB" + "CwUAMDgxCzAJBgNVBAYTAkJZMQ4wDAYDVQQKDAVpVGV4dDEZMBcGA1UEAwwQaVRleHRUZXN0Um9v"
- + "dFJzYTAgFw0wMDAxMDEwMDAwMDBaGA8yNTAwMDEwMTAwMDAwMFowODELMAkGA1UEBhMCQlkxDjAM" + "BgNVBAoMBWlUZXh0MRkwFwYDVQQDDBBpVGV4dFRlc3RSb290UnNhMIIBIjANBgkqhkiG9w0BAQEF"
- + "AAOCAQ8AMIIBCgKCAQEA1+fAOZj02WNCkGhss/rm+ExC/9hkCk3GH+t433G+iTrmSjZhDms+MXd3" + "1UlWIRTY0BVIlV6siuW6N24qMJ0NvWAD2PbHSQ4fcRS1faaLNN23nKOBkOZBwzF9gapHUU0E+RXp"
- + "qcgTvGcL/t7n5a/DxpjdnVvdWqbLHtnfmoMHfwAwF9b31jxA9ZMwD159RTk6qL27Cu7CaH4vDKbN" + "7N+0NLfAFLJXWLnHxMtYLngjmUS09ScUJqMQ6aVDvySR8HqLWp/gF+VCbLmGAJFn/cCk3YIhhIgU"
- + "YVVweTUjWnhi4mSRERgF2hGOpRwO2ho7/L55qNGH1j2VR+qD9JEd0qnDRQIDAQABo2MwYTAdBgNV" + "HQ4EFgQUg+HjrU9dZYHU6XgWmWAXDsl8Q4YwHwYDVR0jBBgwFoAUg+HjrU9dZYHU6XgWmWAXDsl8"
- + "Q4YwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBABE5" + "k6eKVF/hG4M1e1i/hYjVnSW12gbzR000MeiUUZ86lfuhOtHAn11CudBTNpKLMMz/NIXxcGf/Th/T"
- + "LNdoC09MPgD6G095+Yydx9ip1B9xW5IeSZChsLJNq+DO6tO9NYUe1NlXwd5/bUxJYBIurkSIQvfN" + "GtYDWapQtK1mtVzrqsq+aeR+X5E4YHWzhCgvOZ0mbdVNP6tBaAGLWreSGkk18DYYCSwpxbeC3g5C"
- + "Gz5LuN+a7IrbfnTK9V/2Fytu3wpE0F5pgp+tmKaUUlL8EHb1IyVnI/UT8KhIkW0moJi74i7EzLW3" + "t/hxIvWAYdt4kC4M+PZxJnuy8UB0pe3Xi2YxggOjMIIDnwIBATBpMGExCzAJBgNVBAYTAkJZMQ4w"
- + "DAYDVQQHDAVNaW5zazEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxIzAhBgNVBAMMGmlU" + "ZXh0VGVzdEludGVybWVkaWF0ZVJzYTAxAgRcbCwiMA0GCWCGSAFlAwQCAwUAoIICCzAYBgkqhkiG"
- + "9w0BCQMxCwYJKoZIhvcNAQcBMIHXBgsqhkiG9w0BCRACLzGBxzCBxDCBwTCBvjALBglghkgBZQME" + "AgMEQAJAICi7FPbZ7MwuzR4m/aK+S1eD6bzTwuOyR7FTgIO8qLDmq9xnUmiZk1Qx7DIAZJkHriWU"
- + "tM6HRka/few5zPQwbTBlpGMwYTELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQK" + "DAVpVGV4dDENMAsGA1UECwwEdGVzdDEjMCEGA1UEAwwaaVRleHRUZXN0SW50ZXJtZWRpYXRlUnNh"
- + "MDECBFxsLCIwggETBgkqhkiG9w0BCQQxggEEBIIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAwDQYJKoZIhvcNAQENBQAEggEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==";
+ internal const String CMS_CONTAINER_WITH_OCSP_AND_CRL = "MIIXFgYJKoZIhvcNAQcCoIIXBzCCFwMCAQExDTALBglghkgBZQMEAgMwCwYJKoZIhvcNAQcBoIIL\n"
+ + "6jCCA+owggLSoAMCAQICBFjnkdYwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQlkxDjAMBgNV\n" + "BAcMBU1pbnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRU\n"
+ + "ZXN0Um9vdDAgFw0xNzA0MDcxMzIwMDFaGA8yMTE3MDQwNzEzMjAwMVowVDELMAkGA1UEBhMCQlkx\n" + "DjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwN\n"
+ + "aVRleHRUZXN0Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM/38+4qtcM4TDGH\n" + "Bn5jJrXgmP2bXRNujwdTk0wbg0jfOrFTZrq+RVf5iz1PWStqH67PsDK6p9GoJhZUZeHU4X+buVkh\n"
+ + "EPwEcF82Dp9rhJMEf9HcMGVC91Voaz0g+UsV+TMxaPFF0zZV1tmwpSwtBUFNqi4yMMERcMFg0kD0\n" + "fK/zL9fNUZY1aRIz5Og35A7R1lgOHWhpUFNJ127mbM6Zb4j2n15sip/tsOBvScP/KRyCtlYVmLLS\n"
+ + "yPm1GZOutmVZXTb56TMh59dhXwdDW3/2eldlkxr4hK/BBBNnAOyPh+2RlA87oO7pjQgiZ94pQurw\n" + "LfYvTi2mUQ4eozzDozFIs08CAwEAAaOBwTCBvjAPBgNVHRMBAf8EBTADAQH/MH8GA1UdIwR4MHaA\n"
+ + "FF0qcXWu3di+WbogsWaRyXY2U1zuoVikVjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sx\n" + "DjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290ggRY\n"
+ + "55HWMB0GA1UdDgQWBBRdKnF1rt3Yvlm6ILFmkcl2NlNc7jALBgNVHQ8EBAMCAfYwDQYJKoZIhvcN\n" + "AQELBQADggEBAHYW8uhGqKaFBfI+6EeODIXvzd8vYcxm/8y5poE2rz3dqZb+jZQD7fVvvK3syjuo\n"
+ + "0ArAURcPCWPi8eo91tCuq1ooAaTxlPwf9G1y5TiL9muLlvJwZquo8QHuV27cJvB3CjjizM8TyAoR\n" + "ySCcuTVsPQKw+FJfhRLf1bhFtTXz2ZtVOYsTDqwX59AvKcSF+PlUhzfSPFqBY0n2F+GN5XUS03qs\n"
+ + "UK4WUJW4RjcpqdynL7bquQLer6KbJMgfENW+y+HvoUVitqa8/+6eAXYbtk5pBH1mXGCqYK5FRamv\n" + "2dbmdKuClQTj93MmkJqkV01d+0n6TchwCXaJebnhevFVVTWRUV8wggP3MIIC36ADAgECAgRcbCq3\n"
+ + "MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwGA1UECgwF\n" + "aVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0VGVzdFJvb3QwIBcNMTkwMjE5MTYx\n"
+ + "NjQ3WhgPMjExOTAyMTkxNjE2NDdaMGExCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwG\n" + "A1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxIzAhBgNVBAMMGmlUZXh0VGVzdEludGVybWVkaWF0\n"
+ + "ZVJzYTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWUj/0DwCYAmC6OND2cyz1Ik\n" + "z73VeGDPWckG6T7gGjPf/nQ/fJvwx4TUarihHhMgTraoUEWhKunV3s3GP6Jo6Z1QdXfKspgChR4w\n"
+ + "wsJmstoNVe8QqvjYLknGOhX0ktKn+AUfZe0TOURSURgaqi0l9CqUrs658B+Ftfrr2812rKyEWvFZ\n" + "4a6093eTXa6yX0fLueI9Igr2srQ7y9IrXn6d4TJmshpnE6jRUfNq2maE5ze7CV1XCGkiQX4MoXt1\n"
+ + "tC7KXGqd7PSo7auizd1Aek7vB6RoyWvQDH5UwCBlisqLx2IMnEzpUcQonLYhH0w83eud+uuyf+Dy\n" + "ADVFkJK6l3BFfwIDAQABo4HBMIG+MA8GA1UdEwEB/wQFMAMBAf8wfwYDVR0jBHgwdoAUXSpxda7d\n"
+ + "2L5ZuiCxZpHJdjZTXO6hWKRWMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwGA1UE\n" + "CgwFaVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0VGVzdFJvb3SCBFjnkdYwHQYD\n"
+ + "VR0OBBYEFPn2c92JVeNQI1fH0LEqEvU2I+RxMAsGA1UdDwQEAwIBhjANBgkqhkiG9w0BAQsFAAOC\n" + "AQEAhS5leKgOn5zH6smPdo6Z227ocDUAatOrUXU7E+oy5s1EkofnVGKUmgOkOJW6/JfRCZyHItNS\n"
+ + "9EqnXbebo2rIm/n1XafDNnQYEeoxLdJOXB3pocesKYB36gQiNAhquLRusHN9Ahfa4VeB76Lh9A2Z\n" + "3HI1vpLvzrN1oPC1vtE1wbAnywlvkuDnxAvzzIQe2lV6FfUpQhqxZ31PwHuKtkYWcqUo/eVxF2Sc\n"
+ + "hkgvHCczrSsvbUUin5XKFDvurZ5ePPBNGWMj1kpHiudGSJZmn+6nHP6CVNMh/bpGCd9m3rWt1O38\n" + "hvv3L2J0WL+oRtEwnpVP/95id4yngkuUB7W3oiFDZTCCA/0wggLloAMCAQICBFxsLCIwDQYJKoZI\n"
+ + "hvcNAQELBQAwYTELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQKDAVpVGV4dDEN\n" + "MAsGA1UECwwEdGVzdDEjMCEGA1UEAwwaaVRleHRUZXN0SW50ZXJtZWRpYXRlUnNhMDEwIBcNMTkw\n"
+ + "MjE5MTYyMDE1WhgPMjExOTAyMTkxNjIwMTVaMGAxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5z\n" + "azEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxIjAgBgNVBAMMGWlUZXh0VGVzdFJzYUNl\n"
+ + "cnRXaXRoQ2hhaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDQVXQlMswg62CVM4J\n" + "GY+DvMkJZzXwU3G46+MAQfRYIp/PMEYdUNvP+jGMmbwQ2fzvIq4HF7cWDz2ebBH72BE2UV/+DXH2\n"
+ + "l+dGI7O3AbbWNsnEVBHkqsjn6VfpZTaGjD4eJ9wy5hhIAIqjn+7EuCCN7EgjH5JkwDy8bFzMc4xa\n" + "GQSAXeN6ekK4F58S550IkU0cn8djvsj5W+qEGTHNS4ubhDazzJmMj1UrfisfamuOyHofTUMVjIuN\n"
+ + "Wne4FVsC0sgfM8nWLaWWIeP+vyrVUXnFdWjYe1s6/Ynaa5j9Uj4o7Ioko/4CLmRh50ZJGsiX4GPc\n" + "fGy7gnCkK/tyTdG9zcY1AgMBAAGjgbswgbgwCQYDVR0TBAIwADB/BgNVHSMEeDB2gBT59nPdiVXj\n"
+ + "UCNXx9CxKhL1NiPkcaFYpFYwVDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQK\n" + "DAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdIIEXGwqtzAdBgNV\n"
+ + "HQ4EFgQU/Z+j+zNPrMXEGWi5k95x78DLXA4wCwYDVR0PBAQDAgbAMA0GCSqGSIb3DQEBCwUAA4IB\n" + "AQCsPiiV8jM9416HjaUVaVKdr1bf6sXR5FzJhwfBqL664uvsrOhl9ajYujkZK+psUufP4fleV2tL\n"
+ + "52b/lYLP9u/DEn1lwOS2U/iXbg6fIDTexi0NsLulhAxAHBtkX4zybrk6JpeIh5Pts933lEC23Q/P\n" + "UeGzOltBcGYc9ePUnnH+oJvzNkZnn7Tg4FPUno+fQci0Rsaoa3wZTQm7tPEqxGOB8WkWsFl9kr9b\n"
+ + "ZE7KpMl0+QufbO0No80Uhb7hefS7A1N+iRFAdHDLYd8+3m5pgfaFV2mrgsFqd18BELQhoNUXHy5e\n" + "wXbKzmx1RfOwFt4+eagirsjvQvAb2Cwr/RnRfS22oYIHTzCCAdAwgbkCAQEwDQYJKoZIhvcNAQEL\n"
+ + "BQAwYDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UE\n" + "CwwEdGVzdDEiMCAGA1UEAwwZaVRleHRUZXN0UnNhQ2VydFdpdGhDaGFpbhcNMDAwMjEzMTQxNDAy\n"
+ + "WhcNMDAwMzE1MTQxNDAyWjAlMCMCBFxsLCIXDTAwMDMxNTE0MTQwMlowDDAKBgNVHRUEAwoBATAN\n" + "BgkqhkiG9w0BAQsFAAOCAQEAh4huqwp+OiKQ77R19kkTP2s6vq4a72WeWsb6ASJHkaNXnwMG5/H/\n"
+ + "tFdsEcQbxhVrBMILk5c10t20/XA370dRyg7I1H73EhHOLRM87162aJ1dUN2d0xHuEgYyXZWLwqDT\n" + "mF0ZZcuPKouiLi9zIeNBDs9ABIUfEoYRGONxW0Tdw5ZUsx2Tqf/7PyXl18E2sOwhL9JqJW5d4Jul\n"
+ + "94JVh9KPYgI9+zCD3TaQMdbI0Kt2gm4zBMSzOwelyC+IOpEVUhWmLqVVIlE8kCWkIGhZtqoUJwdR\n" + "Vni0RG8xwmRMon3+jgWE1avqWmL0nBDoElA5DUh96mFYbgQtGWTHTIZ+7JdlnTCCBXcGCCsGAQUF\n"
+ + "BxACMIIFaQoBADCCBWIGCSsGAQUFBzABAQSCBVMwggVPMIHboTowODELMAkGA1UEBhMCQlkxDjAM\n" + "BgNVBAoMBWlUZXh0MRkwFwYDVQQDDBBpVGV4dFRlc3RSb290UnNhGA8yMDIxMTIxNjAwMTAzN1ow\n"
+ + "ZzBlMD0wCQYFKw4DAhoFAAQUtzf6WpDzLpg5VYikT9viulyYCQwEFF0qcXWu3di+WbogsWaRyXY2\n" + "U1zuAgRY57DsgAAYDzIwMjExMjE1MDAxMDM3WqARGA8yMDIyMDExNTAwMTAzN1qhIzAhMB8GCSsG\n"
+ + "AQUFBzABAgQSBBCz9D3ioaUccn4epYjM9CRhMA0GCSqGSIb3DQEBCwUAA4IBAQCDJSQwdMjXpQHX\n" + "SgFQ0P+KCjdDkhb75n/1nDLZcjL6NYhp3z4+ZFTgRsLvUJzz+fSv5eNniuzEuT3cECqctBfUbGvG\n"
+ + "tiSiMIxBWUr65ZAbIUQlhB9p1Q9Qb/hQaA6T/vO1EdgxWsytOpQnjd8IxH113/yqsWvhLpvJLHox\n" + "uZ7+Q8ys+0AIssKyHrN0xASgFLhiyGJfYNOOPk3HOXMtGLS6cA0xj2NRo5yryeqwWgEZrhelWuJM\n"
+ + "zeU4pxhXaJTIy0YT0hM/8rt47NckWtYqPzqZ37kvt/mCgbYf+B2uEv0RMVIaxs0b7giSmkDdWQLt\n" + "POiCWJ5ew2QfiRCrtM4KkE8BoIIDWTCCA1UwggNRMIICOaADAgECAgIQADANBgkqhkiG9w0BAQsF\n"
+ + "ADA4MQswCQYDVQQGEwJCWTEOMAwGA1UECgwFaVRleHQxGTAXBgNVBAMMEGlUZXh0VGVzdFJvb3RS\n" + "c2EwIBcNMDAwMTAxMDAwMDAwWhgPMjUwMDAxMDEwMDAwMDBaMDgxCzAJBgNVBAYTAkJZMQ4wDAYD\n"
+ + "VQQKDAVpVGV4dDEZMBcGA1UEAwwQaVRleHRUZXN0Um9vdFJzYTCCASIwDQYJKoZIhvcNAQEBBQAD\n" + "ggEPADCCAQoCggEBANfnwDmY9NljQpBobLP65vhMQv/YZApNxh/reN9xvok65ko2YQ5rPjF3d9VJ\n"
+ + "ViEU2NAVSJVerIrlujduKjCdDb1gA9j2x0kOH3EUtX2mizTdt5yjgZDmQcMxfYGqR1FNBPkV6anI\n" + "E7xnC/7e5+Wvw8aY3Z1b3Vqmyx7Z35qDB38AMBfW99Y8QPWTMA9efUU5Oqi9uwruwmh+Lwymzezf\n"
+ + "tDS3wBSyV1i5x8TLWC54I5lEtPUnFCajEOmlQ78kkfB6i1qf4BflQmy5hgCRZ/3ApN2CIYSIFGFV\n" + "cHk1I1p4YuJkkREYBdoRjqUcDtoaO/y+eajRh9Y9lUfqg/SRHdKpw0UCAwEAAaNjMGEwHQYDVR0O\n"
+ + "BBYEFIPh461PXWWB1Ol4FplgFw7JfEOGMB8GA1UdIwQYMBaAFIPh461PXWWB1Ol4FplgFw7JfEOG\n" + "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAROZOn\n"
+ + "ilRf4RuDNXtYv4WI1Z0ltdoG80dNNDHolFGfOpX7oTrRwJ9dQrnQUzaSizDM/zSF8XBn/04f0yzX\n" + "aAtPTD4A+htPefmMncfYqdQfcVuSHkmQobCyTavgzurTvTWFHtTZV8Hef21MSWASLq5EiEL3zRrW\n"
+ + "A1mqULStZrVc66rKvmnkfl+ROGB1s4QoLzmdJm3VTT+rQWgBi1q3khpJNfA2GAksKcW3gt4OQhs+\n" + "S7jfmuyK2350yvVf9hcrbt8KRNBeaYKfrZimlFJS/BB29SMlZyP1E/CoSJFtJqCYu+IuxMy1t7f4\n"
+ + "cSL1gGHbeJAuDPj2cSZ7svFAdKXt14tmMYIDnzCCA5sCAQEwaTBhMQswCQYDVQQGEwJCWTEOMAwG\n" + "A1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MSMwIQYDVQQDDBppVGV4\n"
+ + "dFRlc3RJbnRlcm1lZGlhdGVSc2EwMQIEXGwsIjALBglghkgBZQMEAgOgggILMBgGCSqGSIb3DQEJ\n" + "AzELBgkqhkiG9w0BBwEwgdcGCyqGSIb3DQEJEAIvMYHHMIHEMIHBMIG+MAsGCWCGSAFlAwQCAwRA\n"
+ + "AkAgKLsU9tnszC7NHib9or5LV4PpvNPC47JHsVOAg7yosOar3GdSaJmTVDHsMgBkmQeuJZS0zodG\n" + "Rr997DnM9DBtMGWkYzBhMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlU\n"
+ + "ZXh0MQ0wCwYDVQQLDAR0ZXN0MSMwIQYDVQQDDBppVGV4dFRlc3RJbnRlcm1lZGlhdGVSc2EwMQIE\n" + "XGwsIjCCARMGCSqGSIb3DQEJBDGCAQQEggEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAL\n"
+ + "BgkqhkiG9w0BAQ0EggEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==";
internal const String CMS_CONTAINER_WITH_INCORRECT_REV_INFO = "MIIXKQYJKoZIhvcNAQcCoIIXGjCCFxYCAQExDzANBglghkgBZQMEAgMFADALBgkqhkiG9w0BBwGg"
+ "ggvqMIID6jCCAtKgAwIBAgIEWOeR1jANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJCWTEOMAwG" + "A1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4"
diff --git a/itext.tests/itext.sign.tests/itext/signatures/cms/SignerInfoTest.cs b/itext.tests/itext.sign.tests/itext/signatures/cms/SignerInfoTest.cs
index 26f3295631..3500896cc0 100644
--- a/itext.tests/itext.sign.tests/itext/signatures/cms/SignerInfoTest.cs
+++ b/itext.tests/itext.sign.tests/itext/signatures/cms/SignerInfoTest.cs
@@ -204,8 +204,8 @@ public virtual void TestGetAsDerSequence() {
SignerInfo si = new SignerInfo();
si.AddUnSignedAttribute(new CmsAttribute(SecurityIDs.ID_SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer
(123456))));
- si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS));
si.SetSigningCertificateAndAddToSignedAttributes(signCert, "2.16.840.1.101.3.4.2.3");
+ si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS));
si.SetMessageDigest(new byte[1024]);
si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512));
si.SetSignature(new byte[512]);
@@ -217,7 +217,6 @@ public virtual void TestGetAsDerSequence() {
[NUnit.Framework.Test]
public virtual void TestEstimatedSizeWithSignature() {
SignerInfo si = new SignerInfo();
- si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSA_WITH_SHA256));
si.AddUnSignedAttribute(new CmsAttribute(SecurityIDs.ID_SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer
(123456))));
si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS));
@@ -226,7 +225,7 @@ public virtual void TestEstimatedSizeWithSignature() {
si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512));
si.SetSignature(new byte[512]);
long res = si.GetEstimatedSize();
- NUnit.Framework.Assert.AreEqual(1977, res);
+ NUnit.Framework.Assert.AreEqual(1973, res);
}
[NUnit.Framework.Test]
@@ -251,7 +250,6 @@ public virtual void TestSignedAttributesSerializationRoundTrip() {
[NUnit.Framework.Test]
public virtual void TestEstimatedSizeEstimatedSignature() {
SignerInfo si = new SignerInfo();
- si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSA_WITH_SHA256));
si.AddUnSignedAttribute(new CmsAttribute(SecurityIDs.ID_SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer
(123456))));
si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS));
@@ -259,13 +257,12 @@ public virtual void TestEstimatedSizeEstimatedSignature() {
si.SetMessageDigest(new byte[1024]);
si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512));
long res = si.GetEstimatedSize();
- NUnit.Framework.Assert.AreEqual(2489, res);
+ NUnit.Framework.Assert.AreEqual(2485, res);
}
[NUnit.Framework.Test]
public virtual void TestSerializeAndDeserializeSignerInfo() {
SignerInfo si = new SignerInfo();
- si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSA_WITH_SHA256));
si.AddUnSignedAttribute(new CmsAttribute(SecurityIDs.ID_SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer
(123456))));
si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS));
diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs
index 4ea80b629e..4fe52119fb 100644
--- a/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs
+++ b/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs
@@ -82,15 +82,17 @@ public virtual void Init() {
}
[NUnit.Framework.Test]
- public virtual void TestPreparationWithClosedPdfSigner() {
+ public virtual void TestPreparationWithClosedPdfTwoPhaseSigner() {
// prepare the file
using (PdfReader reader = new PdfReader(FileUtil.GetInputStreamForFile(SIMPLE_DOC_PATH))) {
using (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
- PdfSigner signer = new PdfSigner(reader, outputStream, new StampingProperties());
- signer.PrepareDocumentForSignature(DigestAlgorithms.SHA384, PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached
+ PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream);
+ signer.PrepareDocumentForSignature(new SignerProperties(), DigestAlgorithms.SHA384, PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached
, 5000, false);
- Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => {
- byte[] digest = signer.PrepareDocumentForSignature(DigestAlgorithms.SHA384, PdfName.Adobe_PPKLite, PdfName
+ Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () =>
+ {
+ SignerProperties signerProperties = new SignerProperties();
+ byte[] digest = signer.PrepareDocumentForSignature(signerProperties, DigestAlgorithms.SHA384, PdfName.Adobe_PPKLite, PdfName
.Adbe_pkcs7_detached, 5000, false);
}
);
@@ -109,7 +111,7 @@ public virtual void TestCompletionWithWrongFieldName() {
using (Stream signedDoc = new ByteArrayOutputStream()) {
// add signature
Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => {
- PdfSigner.AddSignatureToPreparedDocument(preparedDoc, "wrong" + FIELD_NAME, signedDoc, signData);
+ PdfTwoPhaseSigner.AddSignatureToPreparedDocument(preparedDoc, "wrong" + FIELD_NAME, signedDoc, signData);
}
);
NUnit.Framework.Assert.AreEqual(MessageFormatUtil.Format(SignExceptionMessageConstant.THERE_IS_NO_FIELD_IN_THE_DOCUMENT_WITH_SUCH_NAME
@@ -127,7 +129,7 @@ public virtual void TestCompletionWithNotEnoughSpace() {
using (Stream signedDoc = new ByteArrayOutputStream()) {
// add signature
Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => {
- PdfSigner.AddSignatureToPreparedDocument(preparedDoc, FIELD_NAME, signedDoc, signData);
+ PdfTwoPhaseSigner.AddSignatureToPreparedDocument(preparedDoc, FIELD_NAME, signedDoc, signData);
}
);
NUnit.Framework.Assert.AreEqual(SignExceptionMessageConstant.AVAILABLE_SPACE_IS_NOT_ENOUGH_FOR_SIGNATURE,
@@ -141,16 +143,17 @@ public virtual void TestCompletionWithSignatureFieldNotLastOne() {
using (PdfReader reader = new PdfReader(FileUtil.GetInputStreamForFile(SOURCE_FOLDER + "2PhasePreparedSignature.pdf"
))) {
using (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
- PdfSigner signer = new PdfSigner(reader, outputStream, new StampingProperties());
+ PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream);
// Add second signature field
- byte[] digest = signer.PrepareDocumentForSignature(DIGEST_ALGORITHM, PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached
+ SignerProperties signerProperties = new SignerProperties();
+ byte[] digest = signer.PrepareDocumentForSignature(signerProperties,DIGEST_ALGORITHM, PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached
, 5000, false);
byte[] signData = new byte[1024];
using (Stream outputStreamPhase2 = FileUtil.GetFileOutputStream(DESTINATION_FOLDER + "2PhaseCompleteCycle.pdf"
)) {
using (PdfDocument doc = new PdfDocument(new PdfReader(new MemoryStream(outputStream.ToArray())))) {
Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => {
- PdfSigner.AddSignatureToPreparedDocument(doc, FIELD_NAME, outputStreamPhase2, signData);
+ PdfTwoPhaseSigner.AddSignatureToPreparedDocument(doc, FIELD_NAME, outputStreamPhase2, signData);
}
);
NUnit.Framework.Assert.AreEqual(MessageFormatUtil.Format(SignExceptionMessageConstant.SIGNATURE_WITH_THIS_NAME_IS_NOT_THE_LAST_IT_DOES_NOT_COVER_WHOLE_DOCUMENT
@@ -166,10 +169,11 @@ public virtual void TestPreparation() {
// prepare the file
using (PdfReader reader = new PdfReader(FileUtil.GetInputStreamForFile(SIMPLE_DOC_PATH))) {
using (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
- PdfSigner signer = new PdfSigner(reader, outputStream, new StampingProperties());
- String fieldName = signer.GetFieldName();
- byte[] digest = signer.PrepareDocumentForSignature(DigestAlgorithms.SHA384, PdfName.Adobe_PPKLite, PdfName
+ PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream);
+ SignerProperties signerProperties = new SignerProperties();
+ byte[] digest = signer.PrepareDocumentForSignature(signerProperties,DigestAlgorithms.SHA384, PdfName.Adobe_PPKLite, PdfName
.Adbe_pkcs7_detached, 5000, false);
+ String fieldName = signerProperties.GetFieldName();
using (PdfDocument cmp_document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "cmp_prepared.pdf"))) {
using (PdfDocument outDocument = new PdfDocument(new PdfReader(new MemoryStream(outputStream.ToArray())))) {
SignatureUtil signatureUtil = new SignatureUtil(cmp_document);
@@ -197,16 +201,17 @@ public virtual void TestCompleteCycle() {
// Phase 1 prepare the document and get the documents digest and the fieldname of the created signature
using (PdfReader reader = new PdfReader(FileUtil.GetInputStreamForFile(SIMPLE_DOC_PATH))) {
using (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
- PdfSigner signer = new PdfSigner(reader, outputStream, new StampingProperties());
- byte[] digest = signer.PrepareDocumentForSignature(DIGEST_ALGORITHM, PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached
+ PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream);
+ SignerProperties signerProperties = new SignerProperties();
+ byte[] digest = signer.PrepareDocumentForSignature(signerProperties,DIGEST_ALGORITHM, PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached
, 5000, false);
- String fieldName = signer.GetFieldName();
+ String fieldName = signerProperties.GetFieldName();
// Phase 2 sign the document digest
byte[] signData = SignDigest(digest, DIGEST_ALGORITHM);
using (Stream outputStreamPhase2 = FileUtil.GetFileOutputStream(DESTINATION_FOLDER + "2PhaseCompleteCycle.pdf"
)) {
using (PdfDocument doc = new PdfDocument(new PdfReader(new MemoryStream(outputStream.ToArray())))) {
- PdfSigner.AddSignatureToPreparedDocument(doc, fieldName, outputStreamPhase2, signData);
+ PdfTwoPhaseSigner.AddSignatureToPreparedDocument(doc, fieldName, outputStreamPhase2, signData);
}
}
NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(DESTINATION_FOLDER + "2PhaseCompleteCycle.pdf"
@@ -227,7 +232,7 @@ public virtual void TestCompletion() {
)))) {
using (Stream signedDoc = FileUtil.GetFileOutputStream(DESTINATION_FOLDER + "2PhaseCompletion.pdf")) {
// add signature
- PdfSigner.AddSignatureToPreparedDocument(preparedDoc, FIELD_NAME, signedDoc, signData);
+ PdfTwoPhaseSigner.AddSignatureToPreparedDocument(preparedDoc, FIELD_NAME, signedDoc, signData);
}
}
NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(DESTINATION_FOLDER + "2PhaseCompletion.pdf"
@@ -257,7 +262,7 @@ public virtual void TestWithCMS() {
cmsToUpdate.GetSignerInfo().SetSignature(signaturedata);
//if needed a time stamp could be added here
//Phase 2.3 add the updated CMS to the document
- PdfSigner.AddSignatureToPreparedDocument(doc, signatureName, outputStreamPhase2, cmsToUpdate);
+ PdfTwoPhaseSigner.AddSignatureToPreparedDocument(doc, signatureName, outputStreamPhase2, cmsToUpdate);
}
}
// validate signature
@@ -288,13 +293,13 @@ private byte[] PrepareDocumentAndCMS(FileInfo document, ByteArrayOutputStream pr
) {
using (PdfReader reader = new PdfReader(FileUtil.GetInputStreamForFile(document))) {
using (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
- PdfSigner signer = new PdfSigner(reader, outputStream, new StampingProperties());
- signer.SetFieldName(signatureName);
- byte[] digest = signer.PrepareDocumentForSignature(DIGEST_ALGORITHM, PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached
+ PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream);
+ SignerProperties signerProperties = new SignerProperties().SetFieldName(signatureName);
+ byte[] digest = signer.PrepareDocumentForSignature(signerProperties,DIGEST_ALGORITHM, PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached
, 5000, false);
System.Console.Out.WriteLine("Document digest from prepare call: " + digest.Length + "bytes");
System.Console.Out.WriteLine(Convert.ToBase64String(digest));
- String fieldName = signer.GetFieldName();
+ String fieldName = signerProperties.GetFieldName();
// Phase 1.1 prepare the CMS
CMSContainer cms = new CMSContainer();
SignerInfo signerInfo = new SignerInfo();
@@ -316,7 +321,7 @@ private byte[] PrepareDocumentAndCMS(FileInfo document, ByteArrayOutputStream pr
// now we store signedAttributesToSign together with the prepared document and send
// dataToSign to the signing instance
using (PdfDocument doc = new PdfDocument(new PdfReader(new MemoryStream(outputStream.ToArray())))) {
- PdfSigner.AddSignatureToPreparedDocument(doc, fieldName, preparedOS, cms);
+ PdfTwoPhaseSigner.AddSignatureToPreparedDocument(doc, fieldName, preparedOS, cms);
}
return dataToSign;
}
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest1.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest1.pdf
index 3f193c8802..d83cd82e29 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest1.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest1.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest2.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest2.pdf
index 28b91ce134..852cc77f4f 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest2.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest2.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest3.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest3.pdf
index 5ac6d70e2b..6ee47a1512 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest3.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest3.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest4.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest4.pdf
index 585cfc1599..31702bee02 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest4.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineBTest4.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest1.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest1.pdf
index fcfaa5459a..29ad2c6c86 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest1.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest1.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest1_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest1_FIPS.pdf
index 42df9c4005..2d863591b6 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest1_FIPS.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest1_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest2.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest2.pdf
index 4edda106b3..2209b43918 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest2.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest2.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest3.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest3.pdf
index 5a699cfb65..0ae6f10f9d 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest3.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest3.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest4.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest4.pdf
index 1c5cae83f1..af616ece42 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest4.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest4.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest4_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest4_FIPS.pdf
index 281fe00ae2..726db904f2 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest4_FIPS.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest4_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest1.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest1.pdf
index e08b400930..c818f5b0c4 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest1.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest1.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest1_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest1_FIPS.pdf
index 982660475d..a9d2c5900d 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest1_FIPS.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest1_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest2.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest2.pdf
index 2d01b78c96..601da3cd62 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest2.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest2.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest3.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest3.pdf
index 1bebbeb97b..a76a4f2218 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest3.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest3.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest4.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest4.pdf
index c749c40d12..053f8cc08b 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest4.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest4.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest4_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest4_FIPS.pdf
index 74ff1eb8d0..97a5123dd1 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest4_FIPS.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest4_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest1.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest1.pdf
index 10d7512dae..fa1237c62d 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest1.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest1.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest1_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest1_FIPS.pdf
index 7bc6468c1e..0fc55dd84e 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest1_FIPS.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest1_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest2.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest2.pdf
index 5f280313fa..ebff5e665c 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest2.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest2.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest3.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest3.pdf
index 38431e866f..d3a36ccf58 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest3.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest3.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest4.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest4.pdf
index 8fc4861c39..e2798b8a79 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest4.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest4.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest4_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest4_FIPS.pdf
index 80d0fedb0f..9a353f45c5 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest4_FIPS.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest4_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/TwoPhaseSigningTest/cmp_2PhaseCompleteCycleCMS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/TwoPhaseSigningTest/cmp_2PhaseCompleteCycleCMS.pdf
index c1c6b792ef..e460f871b5 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/TwoPhaseSigningTest/cmp_2PhaseCompleteCycleCMS.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/TwoPhaseSigningTest/cmp_2PhaseCompleteCycleCMS.pdf differ
diff --git a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/BouncyCastleFactory.cs b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/BouncyCastleFactory.cs
index 77a7f76f75..2155a77548 100644
--- a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/BouncyCastleFactory.cs
+++ b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/BouncyCastleFactory.cs
@@ -708,6 +708,11 @@ public virtual ITbsCertificateStructure CreateTBSCertificate(IAsn1Encodable enco
return new TbsCertificateStructureBC(TbsCertificateStructure.GetInstance(((Asn1EncodableBC)encodable).GetEncodable(
)));
}
+
+ public virtual ITbsCertificateStructure CreateTBSCertificate(byte[] bytes) {
+ return new TbsCertificateStructureBC(TbsCertificateStructure.GetInstance(bytes));
+ }
+
///
public virtual IIssuerAndSerialNumber CreateIssuerAndSerialNumber(IX500Name issuer, IBigInteger value) {
diff --git a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/Asn1EncodableVectorBC.cs b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/Asn1EncodableVectorBC.cs
index dc43021b3e..44507dbe6f 100644
--- a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/Asn1EncodableVectorBC.cs
+++ b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/Asn1EncodableVectorBC.cs
@@ -86,6 +86,27 @@ public virtual void Add(IAlgorithmIdentifier element) {
encodableVector.Add(elementBc.GetAlgorithmIdentifier());
}
+ ///
+ public virtual void AddOptional(IAsn1Object primitive) {
+ if (primitive != null) {
+ Add(primitive);
+ }
+ }
+
+ ///
+ public virtual void AddOptional(IAttribute attribute) {
+ if (attribute != null) {
+ Add(attribute);
+ }
+ }
+
+ ///
+ public virtual void AddOptional(IAlgorithmIdentifier element) {
+ if (element != null) {
+ Add(element);
+ }
+ }
+
/// Indicates whether some other object is "equal to" this one.
/// Indicates whether some other object is "equal to" this one. Compares wrapped objects.
public override bool Equals(Object o) {
diff --git a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/x509/AlgorithmIdentifierBC.cs b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/x509/AlgorithmIdentifierBC.cs
index e6f68824b0..299386ae26 100644
--- a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/x509/AlgorithmIdentifierBC.cs
+++ b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/x509/AlgorithmIdentifierBC.cs
@@ -60,6 +60,9 @@ public virtual IDerObjectIdentifier GetAlgorithm() {
///
public virtual IAsn1Encodable GetParameters() {
+ if (GetAlgorithmIdentifier().Parameters == null) {
+ return null;
+ }
return new Asn1EncodableBC(GetAlgorithmIdentifier().Parameters);
}
}
diff --git a/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleDefaultFactory.cs b/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleDefaultFactory.cs
index 6652bf215b..9d0db9df9b 100644
--- a/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleDefaultFactory.cs
+++ b/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleDefaultFactory.cs
@@ -419,6 +419,10 @@ public IEncryptedContentInfo CreateEncryptedContentInfo(IDerObjectIdentifier dat
public ITbsCertificateStructure CreateTBSCertificate(IAsn1Encodable encodable) {
throw new NotSupportedException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
}
+
+ public virtual ITbsCertificateStructure CreateTBSCertificate(byte[] bytes) {
+ throw new NotSupportedException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
+ }
public IIssuerAndSerialNumber CreateIssuerAndSerialNumber(IX500Name issuer, IBigInteger value) {
throw new NotSupportedException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
diff --git a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs
index f70c1f1aaf..cbab7eee33 100644
--- a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs
+++ b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs
@@ -722,6 +722,10 @@ public virtual ITbsCertificateStructure CreateTBSCertificate(IAsn1Encodable enco
return new TbsCertificateStructureBCFips(TbsCertificateStructure.GetInstance(((Asn1EncodableBCFips)encodable).GetEncodable
()));
}
+
+ public virtual ITbsCertificateStructure CreateTBSCertificate(byte[] bytes) {
+ return new TbsCertificateStructureBCFips(TbsCertificateStructure.GetInstance(bytes));
+ }
///
public virtual IIssuerAndSerialNumber CreateIssuerAndSerialNumber(IX500Name issuer, IBigInteger value) {
diff --git a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/asn1/Asn1EncodableVectorBCFips.cs b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/asn1/Asn1EncodableVectorBCFips.cs
index 69a6d3bf76..16eda0990d 100644
--- a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/asn1/Asn1EncodableVectorBCFips.cs
+++ b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/asn1/Asn1EncodableVectorBCFips.cs
@@ -86,6 +86,27 @@ public virtual void Add(IAlgorithmIdentifier element) {
encodableVector.Add(elementBCFips.GetAlgorithmIdentifier());
}
+ ///
+ public virtual void AddOptional(IAsn1Object primitive) {
+ if (primitive != null) {
+ Add(primitive);
+ }
+ }
+
+ ///
+ public virtual void AddOptional(IAttribute attribute) {
+ if (attribute != null) {
+ Add(attribute);
+ }
+ }
+
+ ///
+ public virtual void AddOptional(IAlgorithmIdentifier element) {
+ if (element != null) {
+ Add(element);
+ }
+ }
+
/// Indicates whether some other object is "equal to" this one.
/// Indicates whether some other object is "equal to" this one. Compares wrapped objects.
public override bool Equals(Object o) {
diff --git a/itext/itext.commons/itext/commons/bouncycastle/IBouncyCastleFactory.cs b/itext/itext.commons/itext/commons/bouncycastle/IBouncyCastleFactory.cs
index 073a1d7ce3..6d5384261d 100644
--- a/itext/itext.commons/itext/commons/bouncycastle/IBouncyCastleFactory.cs
+++ b/itext/itext.commons/itext/commons/bouncycastle/IBouncyCastleFactory.cs
@@ -809,6 +809,12 @@ IEncryptedContentInfo CreateEncryptedContentInfo(IDerObjectIdentifier data, IAlg
/// created TBS Certificate wrapper
ITbsCertificateStructure CreateTBSCertificate(IAsn1Encodable encodable);
+
+ /// Create TBS Certificate wrapper from ASN1 Encoded data.
+ /// encoded TBS Certificate
+ /// created TBS Certificate wrapper
+ ITbsCertificateStructure CreateTBSCertificate(byte[] bytes);
+
///
/// Create issuer and serial number wrapper from X500 Name wrapper and
/// .
diff --git a/itext/itext.commons/itext/commons/bouncycastle/asn1/IAsn1EncodableVector.cs b/itext/itext.commons/itext/commons/bouncycastle/asn1/IAsn1EncodableVector.cs
index ff747071fb..4e262a4fc5 100644
--- a/itext/itext.commons/itext/commons/bouncycastle/asn1/IAsn1EncodableVector.cs
+++ b/itext/itext.commons/itext/commons/bouncycastle/asn1/IAsn1EncodableVector.cs
@@ -52,5 +52,29 @@ public interface IAsn1EncodableVector {
///
/// AlgorithmIdentifier wrapper.
void Add(IAlgorithmIdentifier element);
+
+ ///
+ /// Calls actual
+ /// add
+ /// method for the wrapped ASN1EncodableVector object if the primitive is not null.
+ ///
+ /// ASN1Primitive wrapper.
+ void AddOptional(IAsn1Object primitive);
+
+ ///
+ /// Calls actual
+ /// add
+ /// method for the wrapped ASN1EncodableVector object if the attribute is not null.
+ ///
+ /// Attribute wrapper.
+ void AddOptional(IAttribute attribute);
+
+ ///
+ /// Calls actual
+ /// add
+ /// method for the wrapped ASN1EncodableVector object if the element is not null.
+ ///
+ /// AlgorithmIdentifier wrapper.
+ void AddOptional(IAlgorithmIdentifier element);
}
}
diff --git a/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs b/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs
index 7709440d04..77cee2c0ba 100644
--- a/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs
+++ b/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs
@@ -307,9 +307,7 @@ public virtual CMSContainer CreateCMSContainerWithoutSignature(IX509Certificate[
IX509Certificate[] fullChain = issuingCertificateRetriever.RetrieveMissingCertificates(certificates);
IX509Certificate[] x509FullChain = JavaUtil.ArraysAsList(fullChain).ToArray(new IX509Certificate[0]);
PdfPadesSigner padesSigner = CreatePadesSigner(inputDocument, outputStream);
- PdfSigner pdfSigner = padesSigner.CreatePdfSigner(signerProperties, true);
- PdfDocument document = pdfSigner.GetDocument();
- SetPadesExtensions(document, x509FullChain[0], digestAlgorithm);
+ PdfTwoPhaseSigner pdfTwoPhaseSigner = new PdfTwoPhaseSigner(inputDocument, outputStream);
CMSContainer cms = new CMSContainer();
SignerInfo signerInfo = new SignerInfo();
String digestAlgorithmOid = DigestAlgorithms.GetAllowedDigest(digestAlgorithm);
@@ -317,7 +315,6 @@ public virtual CMSContainer CreateCMSContainerWithoutSignature(IX509Certificate[
signerInfo.SetDigestAlgorithm(new AlgorithmIdentifier(digestAlgorithmOid));
cms.AddCertificates(x509FullChain);
cms.SetSignerInfo(signerInfo);
- pdfSigner.SetFieldName(signerProperties.GetFieldName());
IDigest messageDigest = iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest(
DigestAlgorithms.GetDigest(digestAlgorithmOid));
int realSignatureSize = messageDigest.GetDigestLength() + (int)cms.GetSizeEstimation();
@@ -325,8 +322,8 @@ public virtual CMSContainer CreateCMSContainerWithoutSignature(IX509Certificate[
realSignatureSize += tsaClient.GetTokenSizeEstimate();
}
int expectedSignatureSize = estimatedSize < 0 ? realSignatureSize : estimatedSize;
- byte[] digestedDocumentBytes = pdfSigner.PrepareDocumentForSignature(digestAlgorithm, PdfName.Adobe_PPKLite
- , PdfName.ETSI_CAdES_DETACHED, expectedSignatureSize, true);
+ byte[] digestedDocumentBytes = pdfTwoPhaseSigner.PrepareDocumentForSignature(signerProperties, digestAlgorithm
+ , PdfName.Adobe_PPKLite, PdfName.ETSI_CAdES_DETACHED, expectedSignatureSize, true);
signerInfo.SetMessageDigest(digestedDocumentBytes);
return cms;
}
@@ -336,7 +333,7 @@ public virtual void SignCMSContainerWithBaselineBProfile(IExternalSignature exte
SetSignatureAlgorithmAndSignature(externalSignature, cmsContainer);
try {
using (PdfDocument document = new PdfDocument(inputDocument)) {
- PdfSigner.AddSignatureToPreparedDocument(document, signatureFieldName, outputStream, cmsContainer);
+ PdfTwoPhaseSigner.AddSignatureToPreparedDocument(document, signatureFieldName, outputStream, cmsContainer);
}
}
finally {
@@ -360,7 +357,7 @@ public virtual void SignCMSContainerWithBaselineTProfile(IExternalSignature exte
}
try {
using (PdfDocument document = new PdfDocument(inputDocument)) {
- PdfSigner.AddSignatureToPreparedDocument(document, signatureFieldName, outputStream, cmsContainer);
+ PdfTwoPhaseSigner.AddSignatureToPreparedDocument(document, signatureFieldName, outputStream, cmsContainer);
}
}
finally {
@@ -449,19 +446,5 @@ private PdfPadesSigner CreatePadesSigner(PdfReader inputDocument, Stream outputS
padesSigner.SetEstimatedSize(estimatedSize);
return padesSigner;
}
-
- private static void SetPadesExtensions(PdfDocument document, IX509Certificate signingCert, String digestAlgorithm
- ) {
- if (document.GetPdfVersion().CompareTo(PdfVersion.PDF_2_0) < 0) {
- document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2);
- }
- String algorithmOid = signingCert.GetSigAlgOID();
- if (SignatureMechanisms.GetAlgorithm(algorithmOid).StartsWith("Ed")) {
- document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ISO_32002);
- }
- if (digestAlgorithm.StartsWith("SHA3-") || digestAlgorithm.Equals(DigestAlgorithms.SHAKE256)) {
- document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ISO_32001);
- }
- }
}
}
diff --git a/itext/itext.sign/itext/signatures/PdfPadesSigner.cs b/itext/itext.sign/itext/signatures/PdfPadesSigner.cs
index c123d731c2..e7f482c301 100644
--- a/itext/itext.sign/itext/signatures/PdfPadesSigner.cs
+++ b/itext/itext.sign/itext/signatures/PdfPadesSigner.cs
@@ -549,22 +549,8 @@ internal virtual PdfSigner CreatePdfSigner(SignerProperties signerProperties, bo
if (temporaryDirectoryPath != null) {
tempFilePath = GetNextTempFile().FullName;
}
- PdfSigner signer = new PdfSigner(reader, isFinal ? outputStream : CreateOutputStream(), tempFilePath, stampingProperties
- );
- signer.SetFieldLockDict(signerProperties.GetFieldLockDict());
- signer.SetFieldName(signerProperties.GetFieldName());
- // We need to update field name because signer could change it
- signerProperties.SetFieldName(signer.GetFieldName());
- signer.SetCertificationLevel(signerProperties.GetCertificationLevel());
- signer.SetPageRect(signerProperties.GetPageRect());
- signer.SetPageNumber(signerProperties.GetPageNumber());
- signer.SetSignDate(signerProperties.GetSignDate());
- signer.SetSignatureCreator(signerProperties.GetSignatureCreator());
- signer.SetContact(signerProperties.GetContact());
- signer.SetReason(signerProperties.GetReason());
- signer.SetLocation(signerProperties.GetLocation());
- signer.SetSignatureAppearance(signerProperties.GetSignatureAppearance());
- return signer;
+ return new PdfSigner(reader, isFinal ? outputStream : CreateOutputStream(), tempFilePath, stampingProperties
+ , signerProperties);
}
internal virtual void PerformLtvVerification(PdfDocument pdfDocument, IList signatureNames, LtvVerification.RevocationDataNecessity
diff --git a/itext/itext.sign/itext/signatures/PdfSigner.cs b/itext/itext.sign/itext/signatures/PdfSigner.cs
index 7026046a1f..702ee1f4eb 100644
--- a/itext/itext.sign/itext/signatures/PdfSigner.cs
+++ b/itext/itext.sign/itext/signatures/PdfSigner.cs
@@ -40,7 +40,6 @@ You should have received a copy of the GNU Affero General Public License
using iText.Kernel.Pdf.Annot;
using iText.Layout.Properties;
using iText.Pdfa;
-using iText.Signatures.Cms;
using iText.Signatures.Exceptions;
namespace iText.Signatures {
@@ -139,6 +138,44 @@ public PdfSigner(PdfReader reader, Stream outputStream, StampingProperties prope
: this(reader, outputStream, null, properties) {
}
+ /// Creates a PdfSigner instance.
+ ///
+ /// Creates a PdfSigner instance. Uses a
+ ///
+ /// instead of a temporary file.
+ ///
+ /// PdfReader that reads the PDF file
+ /// OutputStream to write the signed PDF file
+ /// File to which the output is temporarily written
+ ///
+ ///
+ ///
+ /// for the signing document. Note that encryption will be
+ /// preserved regardless of what is set in properties.
+ ///
+ ///
+ ///
+ ///
+ /// bundled properties to be used in signing operations.
+ ///
+ public PdfSigner(PdfReader reader, Stream outputStream, String path, StampingProperties stampingProperties
+ , SignerProperties signerProperties)
+ : this(reader, outputStream, path, stampingProperties) {
+ this.fieldLock = signerProperties.GetFieldLockDict();
+ UpdateFieldName(signerProperties.GetFieldName());
+ // We need to update field name because the setter could change it and the user can rely on this field
+ signerProperties.SetFieldName(fieldName);
+ certificationLevel = signerProperties.GetCertificationLevel();
+ appearance.SetPageRect(signerProperties.GetPageRect());
+ appearance.SetPageNumber(signerProperties.GetPageNumber());
+ appearance.SetSignDate(signerProperties.GetSignDate());
+ appearance.SetSignatureCreator(signerProperties.GetSignatureCreator());
+ appearance.SetContact(signerProperties.GetContact());
+ appearance.SetReason(signerProperties.GetReason());
+ appearance.SetLocation(signerProperties.GetLocation());
+ this.appearance.SetSignatureAppearance(signerProperties.GetSignatureAppearance());
+ }
+
/// Creates a PdfSigner instance.
///
/// Creates a PdfSigner instance. Uses a
@@ -330,32 +367,7 @@ public virtual String GetNewSigFieldName() {
///
/// The name indicating the field to be signed.
public virtual void SetFieldName(String fieldName) {
- if (fieldName != null) {
- PdfFormField field = acroForm.GetField(fieldName);
- if (field != null) {
- if (!PdfName.Sig.Equals(field.GetFormType())) {
- throw new ArgumentException(SignExceptionMessageConstant.FIELD_TYPE_IS_NOT_A_SIGNATURE_FIELD_TYPE);
- }
- if (field.GetValue() != null) {
- throw new ArgumentException(SignExceptionMessageConstant.FIELD_ALREADY_SIGNED);
- }
- IList widgets = field.GetWidgets();
- if (widgets.Count > 0) {
- PdfWidgetAnnotation widget = widgets[0];
- SetPageRect(GetWidgetRectangle(widget));
- SetPageNumber(GetWidgetPageNumber(widget));
- }
- }
- else {
- // Do not allow dots for new fields
- // For existing fields dots are allowed because there it might be fully qualified name
- if (fieldName.IndexOf('.') >= 0) {
- throw new ArgumentException(SignExceptionMessageConstant.FIELD_NAMES_CANNOT_CONTAIN_A_DOT);
- }
- }
- this.appearance.SetFieldName(fieldName);
- this.fieldName = fieldName;
- }
+ UpdateFieldName(fieldName);
}
/// Gets the PdfDocument associated with this instance.
@@ -783,44 +795,6 @@ public virtual void Timestamp(ITSAClient tsa, String signatureName) {
closed = true;
}
- /// Prepares document for signing, calculates the document digest to sign and closes the document.
- /// the algorithm to generate the digest with
- /// PdfName of the signature handler to use when validating this signature
- /// PdfName that describes the encoding of the signature
- ///
- /// the estimated size of the signature, this is the size of the space reserved for
- /// the Cryptographic Message Container
- ///
- /// specifies if the signing date should be set to the signature dictionary
- /// the message digest of the prepared document.
- public virtual byte[] PrepareDocumentForSignature(String digestAlgorithm, PdfName filter, PdfName subFilter
- , int estimatedSize, bool includeDate) {
- return PrepareDocumentForSignature(SignUtils.GetMessageDigest(digestAlgorithm), filter, subFilter, estimatedSize
- , includeDate);
- }
-
- /// Adds an existing signature to a PDF where space was already reserved.
- /// the original PDF
- /// the field to sign. It must be the last field
- /// the output PDF
- /// the bytes for the signed data
- public static void AddSignatureToPreparedDocument(PdfDocument document, String fieldName, Stream outs, byte
- [] signedContent) {
- PdfSigner.SignatureApplier applier = new PdfSigner.SignatureApplier(document, fieldName, outs);
- applier.Apply((a) => signedContent);
- }
-
- /// Adds an existing signature to a PDF where space was already reserved.
- /// the original PDF
- /// the field to sign. It must be the last field
- /// the output PDF
- /// the finalized CMS container
- public static void AddSignatureToPreparedDocument(PdfDocument document, String fieldName, Stream outs, CMSContainer
- cmsContainer) {
- PdfSigner.SignatureApplier applier = new PdfSigner.SignatureApplier(document, fieldName, outs);
- applier.Apply((a) => cmsContainer.Serialize());
- }
-
/// Signs a PDF where space was already reserved.
/// the original PDF
/// the field to sign. It must be the last field
@@ -1294,32 +1268,40 @@ protected internal virtual int GetWidgetPageNumber(PdfWidgetAnnotation widget) {
return pageNumber;
}
- private byte[] PrepareDocumentForSignature(IDigest messageDigest, PdfName filter, PdfName subFilter, int estimatedSize
- , bool includeDate) {
- if (closed) {
- throw new PdfException(SignExceptionMessageConstant.THIS_INSTANCE_OF_PDF_SIGNER_ALREADY_CLOSED);
+ private void UpdateFieldName(String fieldName) {
+ if (fieldName != null) {
+ PdfFormField field = acroForm.GetField(fieldName);
+ if (field != null) {
+ if (!PdfName.Sig.Equals(field.GetFormType())) {
+ throw new ArgumentException(SignExceptionMessageConstant.FIELD_TYPE_IS_NOT_A_SIGNATURE_FIELD_TYPE);
+ }
+ if (field.GetValue() != null) {
+ throw new ArgumentException(SignExceptionMessageConstant.FIELD_ALREADY_SIGNED);
+ }
+ IList widgets = field.GetWidgets();
+ if (widgets.Count > 0) {
+ PdfWidgetAnnotation widget = widgets[0];
+ SetPageRect(GetWidgetRectangle(widget));
+ SetPageNumber(GetWidgetPageNumber(widget));
+ }
+ }
+ else {
+ // Do not allow dots for new fields
+ // For existing fields dots are allowed because there it might be fully qualified name
+ if (fieldName.IndexOf('.') >= 0) {
+ throw new ArgumentException(SignExceptionMessageConstant.FIELD_NAMES_CANNOT_CONTAIN_A_DOT);
+ }
+ }
+ this.appearance.SetFieldName(fieldName);
+ this.fieldName = fieldName;
}
- cryptoDictionary = CreateSignatureDictionary(includeDate);
- cryptoDictionary.Put(PdfName.Filter, filter);
- cryptoDictionary.Put(PdfName.SubFilter, subFilter);
- IDictionary exc = new Dictionary();
- exc.Put(PdfName.Contents, estimatedSize * 2 + 2);
- PreClose(exc);
- Stream data = GetRangeStream();
- byte[] digest = DigestAlgorithms.Digest(data, messageDigest);
- byte[] paddedSig = new byte[estimatedSize];
- PdfDictionary dic2 = new PdfDictionary();
- dic2.Put(PdfName.Contents, new PdfString(paddedSig).SetHexWriting(true));
- Close(dic2);
- closed = true;
- return digest;
}
private bool IsDocumentPdf2() {
return document.GetPdfVersion().CompareTo(PdfVersion.PDF_2_0) >= 0;
}
- private PdfSignature CreateSignatureDictionary(bool includeDate) {
+ internal virtual PdfSignature CreateSignatureDictionary(bool includeDate) {
PdfSignature dic = new PdfSignature();
dic.SetReason(GetReason());
dic.SetLocation(GetLocation());
@@ -1365,7 +1347,7 @@ public interface ISignatureEvent {
void GetSignatureDictionary(PdfSignature sig);
}
- private class SignatureApplier {
+ internal class SignatureApplier {
private readonly PdfDocument document;
private readonly String fieldName;
@@ -1425,6 +1407,6 @@ public virtual Stream GetDataToSign() {
}
}
- private delegate byte[] ISignatureDataProvider(PdfSigner.SignatureApplier applier);
+ internal delegate byte[] ISignatureDataProvider(PdfSigner.SignatureApplier applier);
}
}
diff --git a/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs b/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs
new file mode 100644
index 0000000000..0ed0fee311
--- /dev/null
+++ b/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs
@@ -0,0 +1,164 @@
+/*
+ This file is part of the iText (R) project.
+ Copyright (c) 1998-2024 Apryse Group NV
+ Authors: Apryse Software.
+
+ This program is offered under a commercial and under the AGPL license.
+ For commercial licensing, contact us at https://itextpdf.com/sales. For AGPL licensing, see below.
+
+ AGPL licensing:
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see .
+ */
+using System;
+using System.Collections.Generic;
+using System.IO;
+using iText.Commons.Bouncycastle.Cert;
+using iText.Commons.Bouncycastle.Crypto;
+using iText.Kernel.Exceptions;
+using iText.Kernel.Pdf;
+using iText.Signatures.Cms;
+using iText.Signatures.Exceptions;
+
+namespace iText.Signatures {
+ public class PdfTwoPhaseSigner {
+ private readonly PdfReader reader;
+
+ private readonly Stream outputStream;
+
+ private StampingProperties stampingProperties = new StampingProperties().UseAppendMode();
+
+ private bool closed;
+
+ public PdfTwoPhaseSigner(PdfReader reader, Stream outputStream) {
+ this.reader = reader;
+ this.outputStream = outputStream;
+ }
+
+ /// Prepares document for signing, calculates the document digest to sign and closes the document.
+ ///
+ ///
+ ///
+ /// properties to be used for main signing operation
+ ///
+ /// the algorithm to generate the digest with
+ /// PdfName of the signature handler to use when validating this signature
+ /// PdfName that describes the encoding of the signature
+ ///
+ /// the estimated size of the signature, this is the size of the space reserved for
+ /// the Cryptographic Message Container
+ ///
+ /// specifies if the signing date should be set to the signature dictionary
+ /// the message digest of the prepared document.
+ public virtual byte[] PrepareDocumentForSignature(SignerProperties signerProperties, String digestAlgorithm
+ , PdfName filter, PdfName subFilter, int estimatedSize, bool includeDate) {
+ IDigest digest;
+ digest = SignUtils.GetMessageDigest(digestAlgorithm);
+ return PrepareDocumentForSignature(signerProperties, digest, filter, subFilter, estimatedSize, includeDate
+ );
+ }
+
+ /// Adds an existing signature to a PDF where space was already reserved.
+ /// the original PDF
+ /// the field to sign. It must be the last field
+ /// the output PDF
+ /// the finalized CMS container
+ public static void AddSignatureToPreparedDocument(PdfDocument document, String fieldName, Stream outs, CMSContainer
+ cmsContainer) {
+ PdfSigner.SignatureApplier applier = new PdfSigner.SignatureApplier(document, fieldName, outs);
+ applier.Apply((a) => cmsContainer.Serialize());
+ }
+
+ /// Adds an existing signature to a PDF where space was already reserved.
+ /// the original PDF
+ /// the field to sign. It must be the last field
+ /// the output PDF
+ /// the bytes for the signed data
+ public static void AddSignatureToPreparedDocument(PdfDocument document, String fieldName, Stream outs, byte
+ [] signedContent) {
+ PdfSigner.SignatureApplier applier = new PdfSigner.SignatureApplier(document, fieldName, outs);
+ applier.Apply((a) => signedContent);
+ }
+
+ /// Set stamping properties to be used during main signing operation.
+ ///
+ /// Set stamping properties to be used during main signing operation.
+ ///
+ /// If none is set, stamping properties with append mode enabled will be used
+ ///
+ ///
+ ///
+ ///
+ /// instance to be used during main signing operation
+ ///
+ ///
+ /// same instance of
+ ///
+ ///
+ public virtual iText.Signatures.PdfTwoPhaseSigner SetStampingProperties(StampingProperties stampingProperties
+ ) {
+ this.stampingProperties = stampingProperties;
+ return this;
+ }
+
+ internal virtual PdfSigner CreatePdfSigner(SignerProperties signerProperties) {
+ PdfSigner signer = new PdfSigner(reader, outputStream, null, stampingProperties);
+ signer.SetFieldLockDict(signerProperties.GetFieldLockDict());
+ signer.SetFieldName(signerProperties.GetFieldName());
+ // We need to update field name because signer could change it
+ signerProperties.SetFieldName(signer.GetFieldName());
+ signer.SetCertificationLevel(signerProperties.GetCertificationLevel());
+ signer.SetPageRect(signerProperties.GetPageRect());
+ signer.SetPageNumber(signerProperties.GetPageNumber());
+ signer.SetSignDate(signerProperties.GetSignDate());
+ signer.SetSignatureCreator(signerProperties.GetSignatureCreator());
+ signer.SetContact(signerProperties.GetContact());
+ signer.SetReason(signerProperties.GetReason());
+ signer.SetLocation(signerProperties.GetLocation());
+ signer.SetSignatureAppearance(signerProperties.GetSignatureAppearance());
+ return signer;
+ }
+
+ private byte[] PrepareDocumentForSignature(SignerProperties signerProperties, IDigest messageDigest, PdfName
+ filter, PdfName subFilter, int estimatedSize, bool includeDate) {
+ if (closed) {
+ throw new PdfException(SignExceptionMessageConstant.THIS_INSTANCE_OF_PDF_SIGNER_ALREADY_CLOSED);
+ }
+ PdfSigner pdfSigner = CreatePdfSigner(signerProperties);
+
+ PdfDocument document = pdfSigner.GetDocument();
+ if (document.GetPdfVersion().CompareTo(PdfVersion.PDF_2_0) < 0) {
+ document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2);
+ }
+ document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ISO_32002);
+ document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ISO_32001);
+
+ PdfSignature cryptoDictionary = pdfSigner.CreateSignatureDictionary(includeDate);
+ cryptoDictionary.Put(PdfName.Filter, filter);
+ cryptoDictionary.Put(PdfName.SubFilter, subFilter);
+ pdfSigner.cryptoDictionary = cryptoDictionary;
+ IDictionary exc = new Dictionary();
+ exc.Put(PdfName.Contents, estimatedSize * 2 + 2);
+ pdfSigner.PreClose(exc);
+ Stream data = pdfSigner.GetRangeStream();
+ byte[] digest = DigestAlgorithms.Digest(data, messageDigest);
+ byte[] paddedSig = new byte[estimatedSize];
+ PdfDictionary dic2 = new PdfDictionary();
+ dic2.Put(PdfName.Contents, new PdfString(paddedSig).SetHexWriting(true));
+ pdfSigner.Close(dic2);
+ pdfSigner.closed = true;
+ closed = true;
+ return digest;
+ }
+ }
+}
\ No newline at end of file
diff --git a/itext/itext.sign/itext/signatures/cms/AlgorithmIdentifier.cs b/itext/itext.sign/itext/signatures/cms/AlgorithmIdentifier.cs
index 6492c41b05..f680c38a8b 100644
--- a/itext/itext.sign/itext/signatures/cms/AlgorithmIdentifier.cs
+++ b/itext/itext.sign/itext/signatures/cms/AlgorithmIdentifier.cs
@@ -38,7 +38,7 @@ public class AlgorithmIdentifier {
/// the Object id of the algorithm
public AlgorithmIdentifier(String algorithmId) {
this.algorithm = algorithmId;
- parameters = BouncyCastleFactoryCreator.GetFactory().CreateDERNull();
+ parameters = null;
}
/// Creates an Algorithm identifier structure with parameters.
diff --git a/itext/itext.sign/itext/signatures/cms/SignerInfo.cs b/itext/itext.sign/itext/signatures/cms/SignerInfo.cs
index 8a5de3d1b3..7271bdbb95 100644
--- a/itext/itext.sign/itext/signatures/cms/SignerInfo.cs
+++ b/itext/itext.sign/itext/signatures/cms/SignerInfo.cs
@@ -141,6 +141,22 @@ public virtual void SetMessageDigest(byte[] digest) {
/// the certificate that is used to sign
public virtual void SetSigningCertificate(IX509Certificate certificate) {
this.signerCertificate = certificate;
+ ITbsCertificateStructure tbsCert = BC_FACTORY.CreateTBSCertificate(certificate.GetTbsCertificate());
+ if (signingAlgorithm != null) {
+ return;
+ }
+ if (tbsCert.GetSubjectPublicKeyInfo().GetAlgorithm().GetParameters() != null) {
+ if (tbsCert.GetSubjectPublicKeyInfo().GetAlgorithm().GetParameters().IsNull()) {
+ this.signingAlgorithm = new AlgorithmIdentifier(tbsCert.GetSubjectPublicKeyInfo().GetAlgorithm().GetAlgorithm
+ ().GetId(), BC_FACTORY.CreateDERNull());
+ return;
+ }
+ this.signingAlgorithm = new AlgorithmIdentifier(tbsCert.GetSubjectPublicKeyInfo().GetAlgorithm().GetAlgorithm
+ ().GetId(), tbsCert.GetSubjectPublicKeyInfo().GetAlgorithm().GetParameters().ToASN1Primitive());
+ return;
+ }
+ this.signingAlgorithm = new AlgorithmIdentifier(tbsCert.GetSubjectPublicKeyInfo().GetAlgorithm().GetAlgorithm
+ ().GetId());
}
/// Gets the certificate that is used to sign.
@@ -375,7 +391,7 @@ internal virtual IDerSequence GetAsDerSequence(bool estimationRun) {
// digest algorithm
IAsn1EncodableVector digestalgorithmV = BC_FACTORY.CreateASN1EncodableVector();
digestalgorithmV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(this.digestAlgorithm.GetAlgorithmOid()));
- digestalgorithmV.Add(digestAlgorithm.GetParameters());
+ digestalgorithmV.AddOptional(digestAlgorithm.GetParameters());
signerInfoV.Add(BC_FACTORY.CreateDERSequence(digestalgorithmV));
// signed attributes
if (!signedAttributes.IsEmpty() || signedAttributesReadOnly) {
@@ -397,7 +413,7 @@ internal virtual IDerSequence GetAsDerSequence(bool estimationRun) {
if (signingAlgorithm != null) {
IAsn1EncodableVector signatureAlgorithmV = BC_FACTORY.CreateASN1EncodableVector();
signatureAlgorithmV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(signingAlgorithm.GetAlgorithmOid()));
- signatureAlgorithmV.Add(signingAlgorithm.GetParameters());
+ signatureAlgorithmV.AddOptional(signingAlgorithm.GetParameters());
signerInfoV.Add(BC_FACTORY.CreateDERSequence(signatureAlgorithmV));
}
// signatureValue
diff --git a/port-hash b/port-hash
index bba923b90b..9d39277a6f 100644
--- a/port-hash
+++ b/port-hash
@@ -1 +1 @@
-c9bfbdceba6d12aee8bbaac9cbaeb7d757827348
+244cfd2ca06225d2c71eca0466283f88c78e3ae0