Class CmsAttribute
- Namespace
- SimpleSign.Core.Crypto
- Assembly
- SimpleSign.Core.dll
Represents a pre-encoded CMS signed attribute (OID + DER value). Used to inject custom CAdES attributes into the CMS SignedData.
public sealed class CmsAttribute
- Inheritance
-
CmsAttribute
- Inherited Members
Properties
DerValue
The DER-encoded value (the content of SET OF { value }).
public byte[] DerValue { get; }
Property Value
- byte[]
Oid
The OID of the attribute.
public string Oid { get; }
Property Value
Methods
CertValues(params byte[][])
Creates a cert-values attribute (CAdES-XL, RFC 5126 §5.5.1). Embeds the full DER-encoded signer and CA certificates.
public static CmsAttribute CertValues(params byte[][] certDerBytes)
Parameters
certDerBytesbyte[][]DER-encoded certificates. Must contain at least one certificate.
Returns
CertificateRefs(params (byte[] Hash, string HashOid, byte[]? IssuerSerial)[])
Creates a certificate-refs attribute (CAdES-X/L, RFC 5126 §5.4.2).
CompleteCertificateRefs ::= SEQUENCE OF OtherCertID
OtherCertID ::= OtherHash { issuerSerial OPTIONAL }
public static CmsAttribute CertificateRefs(params (byte[] Hash, string HashOid, byte[]? IssuerSerial)[] certHashes)
Parameters
certHashes(byte[] Hash, string HashOid, byte[] IssuerSerial)[]Array of (certHash, hashAlgorithmOid, issuerSerialBytes) tuples. The
issuerSerialmust be DER-encodedIssuerSerialbytes when provided.
Returns
CommitmentTypeIndication(CommitmentType)
Creates a commitment-type-indication attribute (RFC 5126 §5.11.1).
CommitmentTypeIndication ::= SEQUENCE {
commitmentTypeId CommitmentTypeIdentifier }
CommitmentTypeIdentifier ::= OID
public static CmsAttribute CommitmentTypeIndication(CommitmentType type)
Parameters
typeCommitmentType
Returns
Create(string, byte[])
Creates a custom attribute from an OID and a DER-encoded attribute value.
The derValue will be wrapped in SET OF by the CMS rendering code.
public static CmsAttribute Create(string oid, byte[] derValue)
Parameters
Returns
Raw(string, byte[])
Creates a CmsAttribute from raw OID and DER-encoded value.
public static CmsAttribute Raw(string oid, byte[] derValue)
Parameters
Returns
RevocationRefs(params byte[][])
Creates a revocation-refs attribute (CAdES-X/L, RFC 5126 §5.4.3).
Each CRL is SHA-256 hashed and wrapped in a CrlValidatedID inside a
single CRLListID.
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
CrlOcspRef ::= CHOICE { crl [0] CRLListID }
CRLListID ::= SEQUENCE OF CrlValidatedID
CrlValidatedID ::= SEQUENCE { crlHash OtherHash }
OtherHash ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier,
hashValue OCTET STRING }
public static CmsAttribute RevocationRefs(params byte[][] crlDerBytes)
Parameters
crlDerBytesbyte[][]Array of DER-encoded CRL bytes.
Returns
RevocationValues(byte[][]?, byte[][]?)
Creates a revocation-values attribute (CAdES-XL, RFC 5126 §5.5.2). Embeds CRLs and/or OCSP responses.
public static CmsAttribute RevocationValues(byte[][]? ocspDerResponses = null, byte[][]? crlDerBytes = null)
Parameters
Returns
Exceptions
- ArgumentException
Both parameters are null or empty — at least one revocation source is required.
SignatureManifestAttr(byte[])
Creates a signature manifest attribute containing JSON-encoded evidence. The data is embedded as an OCTET STRING (UTF-8 JSON) under OID 2.16.76.1.12.1.1.
public static CmsAttribute SignatureManifestAttr(byte[] manifestJsonUtf8)
Parameters
manifestJsonUtf8byte[]UTF-8 encoded JSON bytes of the manifest.
Returns
SignaturePolicyIdentifier(string, string?)
Creates a signature-policy-identifier attribute (RFC 5126 §5.8.1).
SignaturePolicyIdentifier ::= SEQUENCE {
signaturePolicyId SignaturePolicyId,
sigPolicyHash SigPolicyHash OPTIONAL }
SignaturePolicyId ::= OID
SigPolicyHash ::= OtherHashAlgAndValue (SEQUENCE { algorithm, hash })
public static CmsAttribute SignaturePolicyIdentifier(string policyOid, string? policyUri = null)
Parameters
policyOidstringOID of the signature policy.
policyUristringOptional URI of the policy document (encoded as SigPolicyQualifier).