From 3a2325aef89f63666dc880eb010495ac460c59fc Mon Sep 17 00:00:00 2001
From: "HOME-LAPTOP\\kshkulev" <kshkulev@gmail.com>
Date: Sun, 28 Sep 2025 16:43:36 +0900
Subject: [PATCH] Pass PIN

---
 .../Api/Request/GostSigningMessageInspector.cs    | 11 ++++++++---
 Hcs.Broker/Client.cs                              | 15 +++++++++++++--
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/Hcs.Broker/Api/Request/GostSigningMessageInspector.cs b/Hcs.Broker/Api/Request/GostSigningMessageInspector.cs
index 3bf8446..c4a9e91 100644
--- a/Hcs.Broker/Api/Request/GostSigningMessageInspector.cs
+++ b/Hcs.Broker/Api/Request/GostSigningMessageInspector.cs
@@ -2,6 +2,7 @@
 using CryptoPro.Security.Cryptography.X509Certificates;
 using CryptoPro.Security.Cryptography.Xml;
 using Hcs.Broker.Internal;
+using System.Security;
 using System.Security.Cryptography;
 using System.ServiceModel;
 using System.ServiceModel.Channels;
@@ -40,11 +41,15 @@ namespace Hcs.Broker.Api.Request
                     var xmlDocument = new XmlDocument();
                     xmlDocument.LoadXml(messageBody);
 
+                    var provider = client.Certificate.PrivateKey as Gost3410_2012_256CryptoServiceProvider;
+                    provider.SetContainerPassword(client.CertificatePin);
+
                     var signedXml = SignXmlFileXades(
                         xmlDocument,
                         client.Certificate,
-                        client.Certificate.PrivateKey as Gost3410_2012_256CryptoServiceProvider,
-                        CpSignedXml.XmlDsigGost3411_2012_256Url);
+                        provider,
+                        CpSignedXml.XmlDsigGost3411_2012_256Url,
+                        false);
 
                     stopwatch.Stop();
 
@@ -107,7 +112,7 @@ namespace Hcs.Broker.Api.Request
             CpX509Certificate certificate,
             AsymmetricAlgorithm key,
             string digestMethod,
-            bool useDsPrefix = false)
+            bool useDsPrefix)
         {
             var keyInfo = new CpKeyInfo();
             keyInfo.AddClause(new CpKeyInfoX509Data(certificate));
diff --git a/Hcs.Broker/Client.cs b/Hcs.Broker/Client.cs
index 7af34f1..12478b5 100644
--- a/Hcs.Broker/Client.cs
+++ b/Hcs.Broker/Client.cs
@@ -3,6 +3,7 @@ using Hcs.Broker.Api;
 using Hcs.Broker.Internal;
 using Hcs.Broker.Logger;
 using Hcs.Broker.MessageCapturer;
+using System.Security;
 using System.Security.Cryptography.X509Certificates;
 
 namespace Hcs.Broker
@@ -65,15 +66,25 @@ namespace Hcs.Broker
         /// <summary>
         /// Сертификат клиента для применения при формировании запросов
         /// </summary>
-        internal CpX509Certificate2 Certificate { get; set; }
+        internal CpX509Certificate2 Certificate { get; private set; }
 
-        public void SetSigningCertificate(string serialNumber)
+        internal SecureString CertificatePin { get; private set; }
+
+        public void SetSigningCertificate(string serialNumber, string? pin = null)
         {
             using var store = new CpX509Store(StoreName.My, StoreLocation.CurrentUser);
             store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
 
             var cert = store.Certificates.Find(X509FindType.FindBySerialNumber, serialNumber, false)[0];
             Certificate = cert ?? throw new ArgumentNullException("Certificate not found");
+
+            pin ??= Constants.DEFAULT_CERTIFICATE_PIN;
+
+            CertificatePin = new SecureString();
+            foreach (var character in pin)
+            {
+                CertificatePin.AppendChar(character);
+            }
         }
 
         internal string ComposeEndpointUri(string endpointName)