Table of Contents

Class XadesSignerBuilder

Namespace
SimpleSign.XAdES
Assembly
SimpleSign.XAdES.dll

Immutable fluent builder for XAdES signatures (ETSI EN 319 132).

[RequiresUnreferencedCode("XAdES uses System.Security.Cryptography.Xml which is not AOT-compatible.")]
[RequiresDynamicCode("XAdES uses System.Security.Cryptography.Xml which is not AOT-compatible.")]
public sealed class XadesSignerBuilder
Inheritance
XadesSignerBuilder
Inherited Members

Methods

SignAsync(CancellationToken)

Signs the XML document and returns the signed bytes.

public Task<byte[]> SignAsync(CancellationToken cancellationToken = default)

Parameters

cancellationToken CancellationToken

Returns

Task<byte[]>

SignWithDetailsAsync(CancellationToken)

Signs the XML document and returns a detailed result with level flags and warnings.

public Task<XadesSigningResult> SignWithDetailsAsync(CancellationToken cancellationToken = default)

Parameters

cancellationToken CancellationToken

Returns

Task<XadesSigningResult>

WithCertificate(X509Certificate2)

Sets the signing certificate (must have a private key for local signing).

public XadesSignerBuilder WithCertificate(X509Certificate2 certificate)

Parameters

certificate X509Certificate2

Returns

XadesSignerBuilder

WithCertificate(X509Certificate2, IReadOnlyList<X509Certificate2>)

Sets the signing certificate and extra intermediate CA certificates.

public XadesSignerBuilder WithCertificate(X509Certificate2 certificate, IReadOnlyList<X509Certificate2> extraCertificates)

Parameters

certificate X509Certificate2
extraCertificates IReadOnlyList<X509Certificate2>

Returns

XadesSignerBuilder

WithCommitmentType(CommitmentType)

Sets the commitment type indication (e.g. ProofOfOrigin, ProofOfApproval).

public XadesSignerBuilder WithCommitmentType(CommitmentType commitmentType)

Parameters

commitmentType CommitmentType

Returns

XadesSignerBuilder

WithDataObjectFormat(DataObjectFormat)

Set the data object format (MIME type + object reference URI).

public XadesSignerBuilder WithDataObjectFormat(DataObjectFormat format)

Parameters

format DataObjectFormat

Returns

XadesSignerBuilder

WithExternalSigner(X509Certificate2, Func<byte[], Task<byte[]>>)

Configures external signing with auto-detected signature algorithm OID. The delegate receives the raw data to sign and returns the signature bytes.

public XadesSignerBuilder WithExternalSigner(X509Certificate2 certificate, Func<byte[], Task<byte[]>> externalSigner)

Parameters

certificate X509Certificate2
externalSigner Func<byte[], Task<byte[]>>

Returns

XadesSignerBuilder

WithExternalSigner(X509Certificate2, Func<byte[], Task<byte[]>>, string)

Configures external signing. The delegate receives the raw data to sign and returns the signature bytes. Requires explicit signatureAlgorithmOid.

public XadesSignerBuilder WithExternalSigner(X509Certificate2 certificate, Func<byte[], Task<byte[]>> externalSigner, string signatureAlgorithmOid)

Parameters

certificate X509Certificate2
externalSigner Func<byte[], Task<byte[]>>
signatureAlgorithmOid string

Returns

XadesSignerBuilder

WithForm(XadesForm)

Sets the XAdES signature packaging form (only Enveloped is supported).

public XadesSignerBuilder WithForm(XadesForm form)

Parameters

form XadesForm

Returns

XadesSignerBuilder

WithHashAlgorithm(HashAlgorithmName)

Sets the hash algorithm (default: SHA-256).

public XadesSignerBuilder WithHashAlgorithm(HashAlgorithmName algorithm)

Parameters

algorithm HashAlgorithmName

Returns

XadesSignerBuilder

WithHttpClient(HttpClient)

Sets the HttpClient used for TSA and revocation requests.

public XadesSignerBuilder WithHttpClient(HttpClient httpClient)

Parameters

httpClient HttpClient

Returns

XadesSignerBuilder

WithLevel(XadesLevel)

Sets the XAdES conformance level (Basic, Timestamped, LongTerm, Archive).

public XadesSignerBuilder WithLevel(XadesLevel level)

Parameters

level XadesLevel

Returns

XadesSignerBuilder

WithLogger(ILogger)

Sets a logger for diagnostic output.

public XadesSignerBuilder WithLogger(ILogger logger)

Parameters

logger ILogger

Returns

XadesSignerBuilder

WithRevocationHttpClient(HttpClient)

Sets a separate HttpClient for OCSP/CRL revocation fetching.

public XadesSignerBuilder WithRevocationHttpClient(HttpClient httpClient)

Parameters

httpClient HttpClient

Returns

XadesSignerBuilder

WithSignatureAlgorithm(string)

Sets an explicit signature algorithm OID (e.g. RSA PKCS#1, RSA-PSS, ECDSA).

public XadesSignerBuilder WithSignatureAlgorithm(string signatureAlgorithmOid)

Parameters

signatureAlgorithmOid string

Returns

XadesSignerBuilder

WithSignaturePolicy(string, string?)

Sets the signature policy OID and optional policy document URI.

public XadesSignerBuilder WithSignaturePolicy(string oid, string? uri = null)

Parameters

oid string
uri string

Returns

XadesSignerBuilder

WithSignerRole(string)

Set a single claimed signer role.

public XadesSignerBuilder WithSignerRole(string role)

Parameters

role string

Returns

XadesSignerBuilder

WithSignerRoles(IReadOnlyList<string>)

Set claimed signer role(s) (e.g., "Manager", "Approver").

public XadesSignerBuilder WithSignerRoles(IReadOnlyList<string> roles)

Parameters

roles IReadOnlyList<string>

Returns

XadesSignerBuilder

WithSigningTime(DateTimeOffset)

Sets the explicit signing time (default: UTC now).

public XadesSignerBuilder WithSigningTime(DateTimeOffset signingTime)

Parameters

signingTime DateTimeOffset

Returns

XadesSignerBuilder

WithTimestamp(string)

Configures a TSA URL and auto-escalates the level to Timestamped.

public XadesSignerBuilder WithTimestamp(string tsaUrl)

Parameters

tsaUrl string

Returns

XadesSignerBuilder

WithTimestamp(string, HttpClient)

Configures a TSA URL with a custom HttpClient and auto-escalates level.

public XadesSignerBuilder WithTimestamp(string tsaUrl, HttpClient httpClient)

Parameters

tsaUrl string
httpClient HttpClient

Returns

XadesSignerBuilder