Pass PIN

2025-09-28 16:43:36 +09:00
parent 584e43bfa9
commit 3a2325aef8
2 changed files with 21 additions and 5 deletions
--- a/Hcs.Broker/Api/Request/GostSigningMessageInspector.cs
+++ b/Hcs.Broker/Api/Request/GostSigningMessageInspector.cs
@ -2,6 +2,7 @@
 using CryptoPro.Security.Cryptography.X509Certificates;
 using CryptoPro.Security.Cryptography.Xml;
 using Hcs.Broker.Internal;
+using System.Security;
 using System.Security.Cryptography;
 using System.ServiceModel;
 using System.ServiceModel.Channels;
@ -40,11 +41,15 @@ namespace Hcs.Broker.Api.Request
                    var xmlDocument = new XmlDocument();
                    xmlDocument.LoadXml(messageBody);

+                    var provider = client.Certificate.PrivateKey as Gost3410_2012_256CryptoServiceProvider;
+                    provider.SetContainerPassword(client.CertificatePin);
+
                    var signedXml = SignXmlFileXades(
                        xmlDocument,
                        client.Certificate,
-                        client.Certificate.PrivateKey as Gost3410_2012_256CryptoServiceProvider,
-                        CpSignedXml.XmlDsigGost3411_2012_256Url);
+                        provider,
+                        CpSignedXml.XmlDsigGost3411_2012_256Url,
+                        false);

                    stopwatch.Stop();

@ -107,7 +112,7 @@ namespace Hcs.Broker.Api.Request
            CpX509Certificate certificate,
            AsymmetricAlgorithm key,
            string digestMethod,
-            bool useDsPrefix = false)
+            bool useDsPrefix)
        {
            var keyInfo = new CpKeyInfo();
            keyInfo.AddClause(new CpKeyInfoX509Data(certificate));
--- a/Hcs.Broker/Client.cs
+++ b/Hcs.Broker/Client.cs
@ -3,6 +3,7 @@ using Hcs.Broker.Api;
 using Hcs.Broker.Internal;
 using Hcs.Broker.Logger;
 using Hcs.Broker.MessageCapturer;
+using System.Security;
 using System.Security.Cryptography.X509Certificates;

 namespace Hcs.Broker
@ -65,15 +66,25 @@ namespace Hcs.Broker
        /// <summary>
        /// Сертификат клиента для применения при формировании запросов
        /// </summary>
-        internal CpX509Certificate2 Certificate { get; set; }
+        internal CpX509Certificate2 Certificate { get; private set; }

-        public void SetSigningCertificate(string serialNumber)
+        internal SecureString CertificatePin { get; private set; }
+
+        public void SetSigningCertificate(string serialNumber, string? pin = null)
        {
            using var store = new CpX509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

            var cert = store.Certificates.Find(X509FindType.FindBySerialNumber, serialNumber, false)[0];
            Certificate = cert ?? throw new ArgumentNullException("Certificate not found");
+
+            pin ??= Constants.DEFAULT_CERTIFICATE_PIN;
+
+            CertificatePin = new SecureString();
+            foreach (var character in pin)
+            {
+                CertificatePin.AppendChar(character);
+            }
        }

        internal string ComposeEndpointUri(string endpointName)