Pass PIN

Hcs.Broker/Api/Request/GostSigningMessageInspector.cs

@@ -2,6 +2,7 @@
 using CryptoPro.Security.Cryptography.X509Certificates;
 using CryptoPro.Security.Cryptography.Xml;
 using Hcs.Broker.Internal;
+using System.Security;
 using System.Security.Cryptography;
 using System.ServiceModel;
 using System.ServiceModel.Channels;
@@ -40,11 +41,15 @@ namespace Hcs.Broker.Api.Request
                     var xmlDocument = new XmlDocument();
                     xmlDocument.LoadXml(messageBody);
 
+                    var provider = client.Certificate.PrivateKey as Gost3410_2012_256CryptoServiceProvider;
+                    provider.SetContainerPassword(client.CertificatePin);
+
                     var signedXml = SignXmlFileXades(
                         xmlDocument,
                         client.Certificate,
-                        client.Certificate.PrivateKey as Gost3410_2012_256CryptoServiceProvider,
+                        provider,
-                        CpSignedXml.XmlDsigGost3411_2012_256Url);
+                        CpSignedXml.XmlDsigGost3411_2012_256Url,
+                        false);
 
                     stopwatch.Stop();
 
@@ -107,7 +112,7 @@ namespace Hcs.Broker.Api.Request
             CpX509Certificate certificate,
             AsymmetricAlgorithm key,
             string digestMethod,
-            bool useDsPrefix = false)
+            bool useDsPrefix)
         {
             var keyInfo = new CpKeyInfo();
             keyInfo.AddClause(new CpKeyInfoX509Data(certificate));

Hcs.Broker/Client.cs

@@ -3,6 +3,7 @@ using Hcs.Broker.Api;
 using Hcs.Broker.Internal;
 using Hcs.Broker.Logger;
 using Hcs.Broker.MessageCapturer;
+using System.Security;
 using System.Security.Cryptography.X509Certificates;
 
 namespace Hcs.Broker
@@ -65,15 +66,25 @@ namespace Hcs.Broker
         /// <summary>
         /// Сертификат клиента для применения при формировании запросов
         /// </summary>
-        internal CpX509Certificate2 Certificate { get; set; }
+        internal CpX509Certificate2 Certificate { get; private set; }
 
-        public void SetSigningCertificate(string serialNumber)
+        internal SecureString CertificatePin { get; private set; }
+
+        public void SetSigningCertificate(string serialNumber, string? pin = null)
         {
             using var store = new CpX509Store(StoreName.My, StoreLocation.CurrentUser);
             store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
 
             var cert = store.Certificates.Find(X509FindType.FindBySerialNumber, serialNumber, false)[0];
             Certificate = cert ?? throw new ArgumentNullException("Certificate not found");
+
+            pin ??= Constants.DEFAULT_CERTIFICATE_PIN;
+
+            CertificatePin = new SecureString();
+            foreach (var character in pin)
+            {
+                CertificatePin.AppendChar(character);
+            }
         }
 
         internal string ComposeEndpointUri(string endpointName)