Table of Contents

Namespace SimpleSign.Core.Crypto

Classes

CmsAttribute

Represents a pre-encoded CMS signed attribute (OID + DER value). Used to inject custom CAdES attributes into the CMS SignedData.

CmsParser

Parses CMS/PKCS#7 SignedData structures from raw DER bytes. Extracts signer info, certificates, signed attributes, and timestamp tokens.

CmsParserService

Default implementation of ICmsParser.

CmsSignatureBuilder

Builds a CMS/PKCS#7 SignedData compatible with PAdES (adbe.pkcs7.detached). Uses exclusively System.Security.Cryptography from .NET — zero external dependencies.

CmsSignedData

Parsed CMS/PKCS#7 SignedData structure used for signature validation. Contains the signer certificate, signed attributes, message digest, and optional timestamp token.

CompositeCertificateStore

Composite certificate store that searches multiple stores in order.

FileCertificateStore

Certificate store backed by PKCS#12 (.pfx/.p12) files in a directory.

HashAlgorithmHelper

Helper methods for HashAlgorithmName parsing and validation.

InMemoryCertificateCache

In-memory certificate cache with configurable TTL (time-to-live). Thread-safe for concurrent reads and writes.

SystemCertificateStore

Certificate store backed by the operating system's certificate store (Windows Certificate Store, macOS Keychain, Linux NSS).

TimestampClient

RFC 3161 client for timestamp authority (TSA). Async-first, compatible with ITI-BR TSA and other PAdES providers.

TimestampClientFactory

Default factory for creating TimestampClient instances.

TsaEndpointStatus

Health status of a TSA endpoint.

TsaPool

A pool of TSA (Time Stamp Authority) servers with automatic failover. When the primary TSA fails, subsequent requests are routed to the next healthy server. Uses circuit breaker logic: after FailureThreshold consecutive failures, a TSA is marked unhealthy for RecoveryInterval before being retried.

Interfaces

ICertificateCache

Interface for caching intermediate certificates to avoid repeated AIA downloads.

ICertificateStore

Abstraction for loading certificates from various stores (file system, OS store, HSM).

ICmsParser

Parses CMS/PKCS#7 SignedData structures from raw DER bytes.

ITimestampClient

RFC 3161 client for timestamp authority (TSA).

ITimestampClientFactory

Factory for creating ITimestampClient instances bound to a specific TSA URL.