Namespace SimpleSign.Core.Crypto
Classes
- CmsAttribute
Represents a pre-encoded CMS signed attribute (OID + DER value). Used to inject custom CAdES attributes into the CMS SignedData.
- CmsSignatureBuilder
Builds a CMS/PKCS#7 SignedData compatible with PAdES (adbe.pkcs7.detached). Uses exclusively System.Security.Cryptography from .NET — zero external dependencies.
- CmsSignedData
Parsed CMS/PKCS#7 SignedData structure used for signature validation. Contains the signer certificate, signed attributes, message digest, and optional timestamp token.
- CompositeCertificateStore
Composite certificate store that searches multiple stores in order.
- FileCertificateStore
Certificate store backed by PKCS#12 (.pfx/.p12) files in a directory.
- InMemoryCertificateCache
In-memory certificate cache with configurable TTL (time-to-live). Thread-safe for concurrent reads and writes.
- SystemCertificateStore
Certificate store backed by the operating system's certificate store (Windows Certificate Store, macOS Keychain, Linux NSS).
- TimestampClient
RFC 3161 client for timestamp authority (TSA). Async-first, compatible with ITI-BR TSA and other PAdES providers.
- TsaEndpointStatus
Health status of a TSA endpoint.
- TsaPool
A pool of TSA (Time Stamp Authority) servers with automatic failover. When the primary TSA fails, subsequent requests are routed to the next healthy server. Uses circuit breaker logic: after FailureThreshold consecutive failures, a TSA is marked unhealthy for RecoveryInterval before being retried.
Interfaces
- ICertificateCache
Interface for caching intermediate certificates to avoid repeated AIA downloads.
- ICertificateStore
Abstraction for loading certificates from various stores (file system, OS store, HSM).