Closed vazmuten closed 5 months ago
Do I understand it correctly that the only motivation for this is change is to "carry" an instance of Pkcs11RsaProvider
class in the instance of X509Certificate2
class?
Exactly because X509Certificate2 class is mostly used for signing. After this change we managed to sign using FirmaXadesNet (with a minor fix) which is the only option we found that produces valid XADES-XL signatures. We also use other code that requires X509Certificate2 objects in order later to do the signature. If you wish rewrite it in a better/proper way but this update made things work for us.
After this change we managed to sign using FirmaXadesNet (with a minor fix)
Is it possible to see that minor fix somewhere?
Sure! Just did also a pull request to FirmaXadesNet project: https://github.com/ctt-gob-es/FirmaXadesNet45/pull/15
Just added a try/catch to cover the case when certificate.PrivateKey is not of RSACryptoServiceProvider type. After this we successfully signed the XML.
I understand that this code helped you to resolve your problem. However I cannot merge it because it is just faking windows integration. It returns the name of non-existing CSP. Any app that will try to communicate with such CSP will fail. You've already seen that with FirmaXadesNet
and that's the reason why you had to modify its code. Better way to modify FirmaXadesNet
code would be to pass AsymmetricAlgorithm
along with X509Certificate2
. Take a look at CmsSigner Constructors
for a real-world example from .NET team. Sample usage then can be seen in our BasicSignedCmsTest
.
Updated
Pkcs11RsaProvider
to supportICspAsymmetricAlgorithm
in order to be possible the Private key to be imported intoX509Certificate2
object. Useful whenX509Certificate2
is passed into a code and somewhere later the signing is done.Added properties:
Updated methods:
Added methods:
Possible usage: