ExternalSignerBase
Base helper implementation for building external (client supplied) digital signatures.
Definition
Namespace:Telerik.Documents.Fixed.Model.DigitalSignatures
Assembly:Telerik.Windows.Documents.Fixed.dll
Syntax:
public abstract class ExternalSignerBase : IExternalSigner
Inheritance: objectExternalSignerBase
Implements:
Constructors
Initializes a new instance of the ExternalSignerBase class.
protected ExternalSignerBase()
Methods
Returns the X.509 certificate chain associated with the signer.
protected abstract X509Certificate2[] GetCertificateChain()
An array of X.509 certificates forming the signing certificate chain. Must not be null or empty. The first element must be the signing (leaf) certificate.
This should return an ordered array of certificates starting with the end-entity (leaf) certificate whose corresponding private key (or signing capability) is used in SignData(byte[], SignatureSettings), followed by any intermediate CA certificates needed to establish a trust chain. The root certificate is typically excluded. Implementors may cache the certificates or retrieve them dynamically from a device/service. The library validates that the returned array is not null or empty.
Performs the raw cryptographic signing operation over the DER-encoded signed attributes.
protected abstract byte[] SignData(byte[] dataToSign, SignatureSettings settings)
The DER-encoded signed attributes (CMS SignedAttributes) that must be signed. This includes the message digest, content type, signing time, and signing certificate reference.
settingsSignatureSettingsSignature generation settings (e.g. digest algorithm, timestamp server).
Returns:byte[]
Binary signature value for the provided signed attributes.
The method should return the raw signature bytes appropriate for the public key type (e.g. RSA signature (PKCS#1 v1.5) or ECDSA signature). For ECDSA, the signature can be either raw format (r||s concatenated) or DER-encoded (SEQUENCE { r, s }); the infrastructure will handle the conversion if needed. The surrounding infrastructure will insert this value into the CMS (PKCS#7) SignerInfo structure.