CertChain Event
Shows the certificate chain for the certificate (see the ShowCertificateChain method).
Syntax
public void fireCertChain(CertmgrCertChainEvent event); public class CertmgrCertChainEvent { public byte [] certEncoded; public String certSubject; public String certIssuer; public String certSerialNumber; public int trustStatus; public int trustInfo; }
Remarks
This event is fired for every certificate in the certificate chain of the certificate assigned to the bean.
The TrustStatus parameter contains information about the trust status of the entire certificate chain. A value of 0 signifies that the security subsystem has verified the certificate. Other values are combinations of one or more of the following flags:
0x00000001 | This certificate or one of the certificates in the certificate chain is not time valid. |
0x00000002 | Certificates in the chain are not properly time nested. |
0x00000004 | Trust for this certificate or one of the certificates in the certificate chain has been revoked. |
0x00000008 | The certificate or one of the certificates in the certificate chain does not have a valid signature. |
0x00000010 | The certificate or certificate chain is not valid for its proposed usage. |
0x00000020 | The certificate or certificate chain is based on an untrusted root. |
0x00000040 | The revocation status of the certificate or one of the certificates in the certificate chain is unknown. |
0x00000080 | One of the certificates in the chain was issued by a certification authority that the original certificate had certified. |
0x00010000 | The certificate chain is not complete. |
0x00020000 | A CTL used to create this chain was not time valid. |
0x00040000 | A CTL used to create this chain did not have a valid signature. |
0x00080000 | A CTL used to create this chain is not valid for this usage. |
The TrustInfo parameter contains additional information about the status of the entire certificate chain. It is a combination of one or more of the following flags:
0x00000001 | An exact match issuer certificate has been found for this certificate. |
0x00000002 | A key match issuer certificate has been found for this certificate. |
0x00000004 | A name match issuer certificate has been found for this certificate. |
0x00000008 | This certificate is self-signed. |
0x00010000 | The certificate chain created is a complex chain. |
The CertSubject and CertIssuer parameters contain the distinguished names of the certificate owner and issuer respectively.