SecureBlackbox 2020 C++ Edition

Questions / Feedback?

PDFVerifier Class

Properties   Methods   Events   Configuration Settings   Errors  

The PDFVerifier class verifies signatures over PDF documents.

Syntax

PDFVerifier

Remarks

Use PDFVerifier to validate electronic signatures over PDF documents. Generic and PAdES signatures are supported.

PDFVerifier validates each signature from two perspectives: the integrity and validity of the signature itself (i.e. its correspondence to the document data it covers), and the validity and trustworthiness of the signing certificate chain. These two signature aspects are generally independent of each other: the signature may be valid but the chain may not be trusted, or, the other way round, the chain may be trusted, but the integrity of the signature may be violated. Under normal circumstances both the signature and the chain must be valid for the signature to be considered good.

To initiate the validation, assign the path to the signed PDF file to the InputFile property (alternatively, you can provide it in a memory buffer via InputBytes property), and call Verify method. For every signature located in the document, PDFVerifier will fire the SignatureFound event. This event lets you specify whether you want PDFVerifier to validate the signature, the chain, or both.

Note: it does not mean that any of the two is optional. This API lets you be flexible in how you validate documents in your code in accordance with the specifics of your application and its usage scenarios. For example, if your trust environment relies on certificate pinning, validating the chain by PDFVerifier internally may cause unnecessary burden on the system, in which case it may be reasonable to disable it in the event handler.

Once SignatureFound returns, PDFVerifier proceeds to the signature validation routine in accordance with the provided settings. Upon completion of the validation, SignatureValidated event is fired, and the validation results are separately provided via SignatureValidationResult and ChainValidationResult properties. Other information about the signature can be accessed via the Signature property.

PDF format uses incremental updates to introduce changes to the document. This implies that a signature may cover not the whole document but, rather, a certain revision of it. Strictly speaking, every signature in a PDF document apart from, perhaps, the last one covers just some part of the document. In most cases that part matches the revision of the document that existed before all the subsequent signatures had been added.

Because of this specifics of PDF format it is crucially important to understand what part of the document is covered by a specific signature. Use the to establish the scope of a signature. The revision of the document covered by that specific signature ranges from byte 0 to CoverageEndsAt. Alternatively, you can use the GetSignedVersion method to extract the signed revision to a file.

Useful settings and properties

The following properties of PDFVerifier may be handy when working with this component:

  • OfflineMode lets you validate the document without contacting online revocation sources. Paired with switched off system trust settings, it can be used to establish the long-term validity of the document and the completeness of validation material included in it.
  • RevocationCheck lets you adjust the revocation checking preferences.
  • ValidatedSigningTime returns the signing time as recorded in the embedded signature timestamp. This is in contrast to ClaimedSigningTime, which returns the signing time as specified by the signer.
  • ValidationLog is a great way to find out the details of chain validation failures. This property returns a comprehensive validation log that reports all the issues encountered during the validation.
  • If the document is encrypted (in addition to being signed), DecryptionInfoNeeded event will fire, asking you for the decryption certificate or password.

By default, PDFVerifier uses the system trust settings to establish certificate chain validity. You can configure it to use your own, custom validation environment by providing the necessary trust elements via KnownCertificates, TrustedCertificates, KnownCRLs, and other similar properties.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

AllSignaturesValidThe cumulative validity of all signatures.
BlockedCertCountThe number of records in the BlockedCert arrays.
BlockedCertBytesReturns raw certificate data in DER format.
BlockedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
CertCountThe number of records in the Cert arrays.
CertBytesReturns raw certificate data in DER format.
CertCAIndicates whether the certificate has a CA capability (a setting in BasicConstraints extension).
CertCAKeyIDA unique identifier (fingerprint) of the CA certificate's private key.
CertCRLDistributionPointsLocations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
CertCurveSpecifies the elliptic curve of the EC public key.
CertFingerprintContains the fingerprint (a hash imprint) of this certificate.
CertFriendlyNameContains an associated alias (friendly name) of the certificate.
CertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
CertHashAlgorithmSpecifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
CertIssuerThe common name of the certificate issuer (CA), typically a company name.
CertIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
CertKeyAlgorithmSpecifies the public key algorithm of this certificate.
CertKeyBitsReturns the length of the public key.
CertKeyFingerprintReturns a fingerprint of the public key contained in the certificate.
CertKeyUsageIndicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
CertKeyValidReturns True if the certificate's key is cryptographically valid, and False otherwise.
CertOCSPLocationsLocations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
CertPolicyIDsContains identifiers (OIDs) of the applicable certificate policies.
CertPublicKeyBytesContains the certificate's public key in DER format.
CertSelfSignedIndicates whether the certificate is self-signed (root) or signed by an external CA.
CertSerialNumberReturns the certificate's serial number.
CertSigAlgorithmIndicates the algorithm that was used by the CA to sign this certificate.
CertSubjectThe common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
CertSubjectKeyIDContains a unique identifier (fingerprint) of the certificate's private key.
CertSubjectRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
CertValidFromThe time point at which the certificate becomes valid, in UTC.
CertValidToThe time point at which the certificate expires, in UTC.
ChainValidationDetailsThe details of a certificate chain validation outcome.
ChainValidationResultThe general outcome of a certificate chain validation routine. Use ChainValidationDetails to get information about the reasons that contributed to the validation result.
ClaimedSigningTimeReturns a signature's claimed signing time.
CRLCountThe number of records in the CRL arrays.
CRLBytesReturns raw CRL data in DER format.
CRLHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
CRLIssuerThe common name of the CRL issuer (CA), typically a company name.
CRLIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the CRL issuer.
CRLLocationThe URL that the CRL was downloaded from.
CRLNextUpdateThe planned time and date of the next version of this CRL to be published.
CRLThisUpdateThe date and time at which this version of the CRL was published.
DecryptionCertificateBytesReturns raw certificate data in DER format.
DecryptionCertificateHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
DecryptionCertCountThe number of records in the DecryptionCert arrays.
DecryptionCertBytesReturns raw certificate data in DER format.
DecryptionCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
EncryptedIndicates if the PDF document is encrypted.
EncryptionAlgorithmThe symmetric algorithm used to encrypt the document.
EncryptionTypeThe document encryption type.
IgnoreChainValidationErrorsMakes the class tolerant to chain validation errors.
InputBytesUse this property to pass the input to class in the byte array form.
InputFileA path to the signed PDF file.
KnownCertCountThe number of records in the KnownCert arrays.
KnownCertBytesReturns raw certificate data in DER format.
KnownCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
KnownCRLCountThe number of records in the KnownCRL arrays.
KnownCRLBytesReturns raw CRL data in DER format.
KnownCRLHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
KnownOCSPCountThe number of records in the KnownOCSP arrays.
KnownOCSPBytesBuffer containing raw OCSP response data.
KnownOCSPHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
MetadataEncryptedIndicates if the document metadata is encrypted.
OCSPCountThe number of records in the OCSP arrays.
OCSPBytesBuffer containing raw OCSP response data.
OCSPHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
OCSPIssuerIndicates the issuer of this response (a CA or its authorized representative).
OCSPIssuerRDNIndicates the RDN of the issuer of this response (a CA or its authorized representative).
OCSPLocationLocation of the OCSP responder.
OCSPProducedAtSpecifies the time when the response was produced, in UTC.
OfflineModeSwitches the class to the offline mode.
PasswordThe decryption password.
PermsAnnotationsIndicates whether the viewer may add annotations to the document.
PermsAssembleIndicates if the viewer may assemble a new document on the basis of the encrypted one.
PermsExtractIndicates if the user may extract (copy) pictures and text from the encrypted document.
PermsExtractAccIndicates if the user may extract pictures/text from the document for accessibility purposes.
PermsFillInFormsIndicates if the user may fill in forms in the document.
PermsHighQualityPrintIndicates if the document may be printed in high quality.
PermsLowQualityPrintIndicates if the document may be printed in low quality.
PermsModifyIndicates if the document may be modified.
ProfileSpecifies a pre-defined profile to apply when creating the signature.
ProxyAddressThe IP address of the proxy server.
ProxyAuthenticationThe authentication type used by the proxy server.
ProxyPasswordThe password to authenticate to the proxy server.
ProxyPortThe port on the proxy server to connect to.
ProxyProxyTypeThe type of the proxy server.
ProxyRequestHeadersContains HTTP request headers for WebTunnel and HTTP proxy.
ProxyResponseBodyContains the HTTP or HTTPS (WebTunnel) proxy response body.
ProxyResponseHeadersContains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.
ProxyUseIPv6Specifies whether IPv6 should be used when connecting through the proxy.
ProxyUseProxyEnables or disables proxy-driven connection.
ProxyUsernameSpecifies the username credential for proxy authentication.
QualifiedIndicates a qualified electronic signature.
RevocationCheckSpecifies the kind(s) of revocation check to perform.
SigAllowedChangesThe changes to the document are allowed by the signature.
SigAuthorNameA human-readable signer name.
SigCertificationSpecifies whether this is a Certification (MDP) signature.
SigChainValidationDetailsThe details of a certificate chain validation outcome.
SigChainValidationResultThe outcome of a certificate chain validation routine.
SigClaimedSigningTimeReturns or sets signature's creation time.
SigContactInfoContains signer's contact information.
SigCoverageEndsAtIndicates the offset in the PDF file where signature coverage ends.
SigCustomDataA uninterpreted custom data to save with the signature.
SigEmptyFieldIndicates whether or not the signature created/read is an empty property (a signature placeholder).
SigFilterNameThe signature filter name.
SigFullSignatureNameSpecifies the full name of the signature property.
SigHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
SigHashAlgorithmSpecifies the hash algorithm to be used for signing.
SigHeightSpecifies the height of the signature widget.
SigInvisibleControls whether the signature widget is visible on the page.
SigLevelSpecifies the signature kind and level.
SigLocationSpecifies the host name or the physical location of the signing entity.
SigOffsetXSpecifies the signature widget offset from the left-hand page border when AutoPos is False.
SigOffsetYSpecifies the signature widget offset from the bottom page border when AutoPos is False.
SigPageThe index of the page on which to place the signature.
SigPolicyHashAlgorithmThe algorithm that was used to calculate the signature policy hash.
SigPrintWhether the signature shall appear in printed documents.
SigQualifiedIndicates a qualified electronic signature.
SigReadOnlyControls the ReadOnly flag of the widget.
SigReasonSpecifies the reason for signing.
SigSignatureNameSpecifies the unique signature identifier to use.
SigSignatureValidationResultThe outcome of the cryptographic signature validation.
SigSignerInfoProvides custom signer information to put on the signature widget.
SigSubjectRDNContains the RDN of the owner of the signing certificate.
SigTimestampedIndicates if the signature is timestamped.
SigValidatedSigningTimeContains the certified signing time.
SigValidationLogContains the signing certificate's chain validation log.
SigWidthSpecifies the width of the signature widget.
SignatureCountThe number of records in the Signature arrays.
SignatureChainValidationDetailsThe details of a certificate chain validation outcome.
SignatureChainValidationResultThe outcome of a certificate chain validation routine.
SignatureClaimedSigningTimeReturns or sets signature's creation time.
SignatureHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
SignatureLevelSpecifies the signature kind and level.
SignatureSignatureValidationResultThe outcome of the cryptographic signature validation.
SignatureSubjectRDNContains the RDN of the owner of the signing certificate.
SignatureTimestampedIndicates if the signature is timestamped.
SignatureValidatedSigningTimeContains the certified signing time.
SignatureValidationLogContains the signing certificate's chain validation log.
SignatureValidationResultThe signature validation result.
SigningCertBytesReturns raw certificate data in DER format.
SigningCertCAIndicates whether the certificate has a CA capability (a setting in BasicConstraints extension).
SigningCertCAKeyIDA unique identifier (fingerprint) of the CA certificate's private key.
SigningCertCRLDistributionPointsLocations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
SigningCertCurveSpecifies the elliptic curve of the EC public key.
SigningCertFingerprintContains the fingerprint (a hash imprint) of this certificate.
SigningCertFriendlyNameContains an associated alias (friendly name) of the certificate.
SigningCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
SigningCertHashAlgorithmSpecifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
SigningCertIssuerThe common name of the certificate issuer (CA), typically a company name.
SigningCertIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
SigningCertKeyAlgorithmSpecifies the public key algorithm of this certificate.
SigningCertKeyBitsReturns the length of the public key.
SigningCertKeyFingerprintReturns a fingerprint of the public key contained in the certificate.
SigningCertKeyUsageIndicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
SigningCertKeyValidReturns True if the certificate's key is cryptographically valid, and False otherwise.
SigningCertOCSPLocationsLocations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
SigningCertPolicyIDsContains identifiers (OIDs) of the applicable certificate policies.
SigningCertPublicKeyBytesContains the certificate's public key in DER format.
SigningCertSelfSignedIndicates whether the certificate is self-signed (root) or signed by an external CA.
SigningCertSerialNumberReturns the certificate's serial number.
SigningCertSigAlgorithmIndicates the algorithm that was used by the CA to sign this certificate.
SigningCertSubjectThe common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
SigningCertSubjectKeyIDContains a unique identifier (fingerprint) of the certificate's private key.
SigningCertSubjectRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
SigningCertValidFromThe time point at which the certificate becomes valid, in UTC.
SigningCertValidToThe time point at which the certificate expires, in UTC.
SocketDNSModeSelects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system.
SocketDNSPortSpecifies the port number to be used for sending queries to the DNS server.
SocketDNSQueryTimeoutThe timeout (in milliseconds) for each DNS query.
SocketDNSServersThe addresses of DNS servers to use for address resolution, separated by commas or semicolons.
SocketDNSTotalTimeoutThe timeout (in milliseconds) for the whole resolution process.
SocketIncomingSpeedLimitThe maximum number of bytes to read from the socket, per second.
SocketLocalAddressThe local network interface to bind the socket to.
SocketLocalPortThe local port number to bind the socket to.
SocketOutgoingSpeedLimitThe maximum number of bytes to write to the socket, per second.
SocketTimeoutThe maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
SocketUseIPv6Enables or disables IP protocol version 6.
TimestampAccuracyThis property indicates the accuracy of the included time mark, in microseconds.
TimestampBytesReturns raw timestamp data in DER format.
TimestampChainValidationDetailsThe details of a certificate chain validation outcome.
TimestampChainValidationResultThe outcome of a certificate chain validation routine.
TimestampHashAlgorithmReturns the timestamp's hash algorithm SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
TimestampSerialNumberReturns the timestamp's serial number.
TimestampTimeThe time point incorporated into the timestamp.
TimestampTimestampTypeReturns the timestamp type.
TimestampTSANameThis value uniquely identifies the Timestamp Authority (TSA).
TimestampValidationLogContains the TSA certificate chain validation log.
TimestampValidationResultContains timestamp validation outcome.
TimestampedIndicates whether or not the signature is timestamped.
TLSClientCertCountThe number of records in the TLSClientCert arrays.
TLSClientCertBytesReturns raw certificate data in DER format.
TLSClientCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
TLSServerCertCountThe number of records in the TLSServerCert arrays.
TLSServerCertBytesReturns raw certificate data in DER format.
TLSServerCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
TLSAutoValidateCertificatesSpecifies whether server-side TLS certificates should be validated automatically using internal validation rules.
TLSBaseConfigurationSelects the base configuration for the TLS settings.
TLSCiphersuitesA list of ciphersuites separated with commas or semicolons.
TLSECCurvesDefines the elliptic curves to enable.
TLSForceResumeIfDestinationChangesWhether to force TLS session resumption when the destination address changes.
TLSPreSharedIdentityDefines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
TLSPreSharedKeyContains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
TLSPreSharedKeyCiphersuiteDefines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
TLSRenegotiationAttackPreventionModeSelects renegotiation attack prevention mechanism.
TLSRevocationCheckSpecifies the kind(s) of revocation check to perform.
TLSSSLOptionsVarious SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.
TLSTLSModeSpecifies the TLS mode to use.
TLSUseExtendedMasterSecretEnables Extended Master Secret Extension, as defined in RFC 7627.
TLSUseSessionResumptionEnables or disables TLS session resumption capability.
TLSVersionsTh SSL/TLS versions to enable by default.
TrustedCertCountThe number of records in the TrustedCert arrays.
TrustedCertBytesReturns raw certificate data in DER format.
TrustedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
TSACertBytesReturns raw certificate data in DER format.
TSACertCAIndicates whether the certificate has a CA capability (a setting in BasicConstraints extension).
TSACertCAKeyIDA unique identifier (fingerprint) of the CA certificate's private key.
TSACertCRLDistributionPointsLocations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
TSACertCurveSpecifies the elliptic curve of the EC public key.
TSACertFingerprintContains the fingerprint (a hash imprint) of this certificate.
TSACertFriendlyNameContains an associated alias (friendly name) of the certificate.
TSACertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
TSACertHashAlgorithmSpecifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
TSACertIssuerThe common name of the certificate issuer (CA), typically a company name.
TSACertIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
TSACertKeyAlgorithmSpecifies the public key algorithm of this certificate.
TSACertKeyBitsReturns the length of the public key.
TSACertKeyFingerprintReturns a fingerprint of the public key contained in the certificate.
TSACertKeyUsageIndicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
TSACertKeyValidReturns True if the certificate's key is cryptographically valid, and False otherwise.
TSACertOCSPLocationsLocations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
TSACertPolicyIDsContains identifiers (OIDs) of the applicable certificate policies.
TSACertPublicKeyBytesContains the certificate's public key in DER format.
TSACertSelfSignedIndicates whether the certificate is self-signed (root) or signed by an external CA.
TSACertSerialNumberReturns the certificate's serial number.
TSACertSigAlgorithmIndicates the algorithm that was used by the CA to sign this certificate.
TSACertSubjectThe common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
TSACertSubjectKeyIDContains a unique identifier (fingerprint) of the certificate's private key.
TSACertSubjectRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
TSACertValidFromThe time point at which the certificate becomes valid, in UTC.
TSACertValidToThe time point at which the certificate expires, in UTC.
ValidatedSigningTimeContains the certified signing time.
ValidationLogContains the complete log of the certificate validation routine.
ValidationMomentThe time point at which signature validity is to be established.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

ConfigSets or retrieves a configuration setting.
GetSignedVersionReturns the part of the document that is covered by the signature.
VerifyVerifies a signed PDF document.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

ChainValidatedReports the completion of a certificate chain validation.
DecryptionInfoNeededRequests decryption information during decryption, signing, or validation.
ErrorInformation about errors during signing/validation.
NotificationThis event notifies the application about an underlying control flow event.
RecipientFoundProvides recipient certificate details to the application.
SignatureFoundSignifies the start of signature validation.
SignatureValidatedMarks the completion of the signature validation routine.
TimestampFoundSignifies the start of a timestamp validation routine.
TimestampValidatedReports the completion of the timestamp validation routine.
TLSCertValidateThis event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

CustomTSLsSpecifies the custom TSLs.
EmptySignatureFieldAddRevInfo[Index]Specifies if revocation checking should be performed.
EmptySignatureFieldAlternateName[Index]Contains an alternate field name.
EmptySignatureFieldCountThe number of empty signature form fields.
EmptySignatureFieldFlags[Index]The field flags of the signature form field.
EmptySignatureFieldHeight[Index]The Height of the empty signature form field.
EmptySignatureFieldInvisible[Index]The visibility status of the field.
EmptySignatureFieldLegalAttestations[Index]Specifies the legal attestations that are associated with the signature.
EmptySignatureFieldMappingName[Index]The mapping name to be used when exporting form field data from the document.
EmptySignatureFieldName[Index]Textual field name.
EmptySignatureFieldOffsetX[Index]The field's offset from the left page border.
EmptySignatureFieldOffsetY[Index]The field's offset from the bottom page border.
EmptySignatureFieldPage[Index]The index of the form field's page in the document.
EmptySignatureFieldRequiredAllowedChanges[Index]Specifies the changes allowed by the signature.
EmptySignatureFieldRequiredConstraints[Index]Specifies the required Seed Value Dictionary (SVD) constraints.
EmptySignatureFieldRequiredDigestAlgorithms[Index]Specifies the required digest algorithms.
EmptySignatureFieldRequiredFilter[Index]Specifies the required filter.
EmptySignatureFieldRequiredLockAction[Index]Indicates which set of fields shall be locked.
EmptySignatureFieldRequiredLockFields[Index]Indicates the fields that shall be locked on signing.
EmptySignatureFieldRequiredReasons[Index]Specifies the required reasons.
EmptySignatureFieldRequiredSubfilters[Index]Specifies the required subfilters.
EmptySignatureFieldTimestampRequired[Index]Specifies if the signature should be time-stamped.
EmptySignatureFieldTSPURL[Index]URL for a TSP server.
EmptySignatureFieldWidth[Index]The Width of the empty signature form field.
EncryptionHandlerNameSpecifies the custom security handler PDF-name.
ForceCompleteChainValidationWhether to check issuer (CA) certificates when the signing certificate is invalid.
ForceCompleteChainValidationForTrustedWhether to continue with the full validation up to the root CA certificate for mid-level trust anchors.
GracePeriodSpecifies a grace period to apply during revocation information checks.
HardenedKeyGenerationSpecifies if hardened Key generation should be used.
IgnoreOCSPNoCheckExtensionWhether OCSP NoCheck extension should be ignored.
IgnoreSystemTrustWhether trusted Windows Certificate Stores should be treated as trusted.
ImplicitlyTrustSelfSignedCertificatesWhether to trust self-signed certificates.
PageInfoCountThe number of pages.
PageInfoCropBoxEmpty[Index]Check if the page's crop box is empty or not.
PageInfoCropLLX[Index]Defines the X coordinate of the lower left corner of the crop box.
PageInfoCropLLY[Index]Defines the Y coordinate of the lower left corner of the crop box.
PageInfoCropURX[Index]Defines the X coordinate of the upper right corner of the crop box.
PageInfoCropURY[Index]Defines the Y coordinate of the upper right corner of the crop box.
PageInfoHeight[Index]The Height of the page.
PageInfoMediaLLX[Index]Defines the X coordinate of the lower left corner of the media box.
PageInfoMediaLLY[Index]Defines the Y coordinate of the lower left corner of the media box.
PageInfoMediaURX[Index]Defines the X coordinate of the upper right corner of the media box.
PageInfoMediaURY[Index]Defines the Y coordinate of the upper right corner of the media box.
PageInfoRotate[Index]The Rotate value of the page.
PageInfoUserUnit[Index]Defines the size of default user space units.
PageInfoWidth[Index]The Width of the page.
PromoteLongOCSPResponsesWhether long OCSP responses are requested.
PSSUsedWhether RSASSA-PSS mode was used.
QualifiedStatusIndicates a qualified electronic signature.
RC4KeyBitsSpecifies the number of key bits used for RC4 algorithm.
TolerateMinorChainIssuesWhether to tolerate minor chain issues.
TSLDistributionPointsContains XML content of distribution points of the TSL used.
TSLDistributionPoints[Idx]Contains distribution point of the specified index of the TSL used.
TSLHistoricalInformationPeriodContains historical information period of the TSL used.
TSLLegalNoticesContains XML content of legal notices of the TSL used.
TSLLegalNotices[lang]Contains legal notices for the specified language of the TSL used.
TSLListIssueDateTimeContains list issue date and time of the TSL used.
TSLNextUpdateContains next update date and time of the TSL used.
TSLPoliciesContains XML content of policies of the TSL used.
TSLPolicies[lang]Contains policies for the specified language of the TSL used.
TSLSchemeExtensionsContains XML content of scheme extensions of the TSL used.
TSLSchemeExtensions[Idx]Contains XML content of scheme extension of the specified index of the TSL used.
TSLSchemeInformationURIContains XML content of scheme information URI of the TSL used.
TSLSchemeInformationURI[lang]Contains scheme information URI for the specified language of the TSL used.
TSLSchemeNameContains XML content of scheme name of the TSL used.
TSLSchemeName[lang]Contains scheme name for the specified language of the TSL used.
TSLSchemeOperatorAddressContains XML content of scheme operator address of the TSL used.
TSLSchemeOperatorNameContains XML content of scheme operator name of the TSL used.
TSLSchemeOperatorName[lang]Contains scheme operator name for the specified language of the TSL used.
TSLSchemeTerritoryContains scheme territory of the TSL used.
TSLSchemeTypeCommunityRulesContains XML content of scheme type/community/rules of the TSL used.
TSLSchemeTypeCommunityRules[lang]Contains scheme type/community/rules for the specified language of the TSL used.
TSLSequenceNumberContains sequence number of the TSL used.
TSLsRetrieveLogContains the complete log of the TSLs retrieve.
TSLStatusDeterminationApproachContains status determination approach of the TSL used.
TSLsValidationLogContains the complete log of the TSLs validation.
TSLTSPAdditionalServiceInformationContains addtional service information of the TSP service used.
TSLTSPAddressContains XML content of the address of the TSP used.
TSLTSPHistoryInstanceIndicates that TSP service history instance used.
TSLTSPHistoryInstanceAdditionalServiceInformationContains addtional service information of the TSP service history instance used.
TSLTSPHistoryInstanceQualifiersContains list of qualifiers of the TSP service history instance used.
TSLTSPHistoryInstanceServiceInformationExtensionsContains XML content of information extensions of the TSP service history instance used.
TSLTSPHistoryInstanceServiceInformationExtensions[Idx]Contains XML content of information extension of the specified index of the TSP service history instance used.
TSLTSPHistoryInstanceServiceNameContains XML content of name of the TSP service history instance used.
TSLTSPHistoryInstanceServiceName[lang]Contains name for the specified language of the TSP service history instance used.
TSLTSPHistoryInstanceServiceStatusContains status of the TSP service history instance used.
TSLTSPHistoryInstanceServiceStatusStartingTimeContains status starting time of the TSP service history instance used.
TSLTSPHistoryInstanceServiceTypeIdentifierContains type identifier of the TSP service history instance used.
TSLTSPHistoryInstanceXMLContains XML content of the TSP service history instance used.
TSLTSPInformationExtensionsContains XML content of information extensions of the TSP used.
TSLTSPInformationExtensions[Idx]Contains XML content of information extension of the specified index of the TSP used.
TSLTSPInformationURIContains XML content of information URI of the TSP used.
TSLTSPInformationURI[lang]Contains information URI for the specified language of the TSP used.
TSLTSPNameContains XML content of name of the TSP used.
TSLTSPName[lang]Contains name for the specified language of the TSP used.
TSLTSPSchemeServiceDefinitionURIContains XML content of scheme service definition URI of the TSP service used.
TSLTSPSchemeServiceDefinitionURI[lang]Contains scheme service definition URI for the specified language of the TSP service used.
TSLTSPServiceDefinitionURIContains XML content of definition URI of the TSP service used.
TSLTSPServiceDefinitionURI[lang]Contains definition URI for the specified language of the TSP service used.
TSLTSPServiceInformationExtensionsContains XML content of information extensions of the TSP service used.
TSLTSPServiceInformationExtensions[Idx]Contains XML content of information extension of the specified index of the TSP service used.
TSLTSPServiceNameContains XML content of name of the TSP service used.
TSLTSPServiceName[lang]Contains name for the specified language of the TSP service used.
TSLTSPServiceQualifiersContains list of qualifiers of the TSP service used.
TSLTSPServiceStatusContains status of the TSP service used.
TSLTSPServiceStatusStartingTimeContains status starting time of the TSP service used.
TSLTSPServiceSupplyPointsContains XML content of the supply points of the TSP service used.
TSLTSPServiceTypeIdentifierContains type identifier of the TSP service used.
TSLTSPServiceXMLContains XML content of the TSP service used.
TSLTSPTradeNameContains XML content of trade name of the TSP used.
TSLTSPTradeName[lang]Contains trade name for the specified language of the TSP used.
TSLTSPXMLContains XML content of the TSP used.
TSLTypeContains TSL type of the TSL used.
TSLVersionIdentifierContains version identifier of the TSL used.
TSLXMLContains XML content of the TSL used.
UseDefaultTSLsEnables or disables the use of the default TSLs.
UseMicrosoftCTLEnables or disables automatic use of Microsoft online certificate trust list.
UseSystemCertificatesEnables or disables the use of the system certificates.
UseValidationCacheEnables or disable the use of the product-wide certificate chain validation cache.
CheckKeyIntegrityBeforeUseEnables or disable private key integrity check before use.
CookieCachingSpecifies whether a cookie cache should be used for HTTP(S) transports.
CookiesGets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only).
DefDeriveKeyIterationsSpecifies the default key derivation algorithm iteration count.
EnableClientSideSSLFFDHEEnables or disables finite field DHE key exchange support in TLS clients.
GlobalCookiesGets or sets global cookies for all the HTTP transports.
HttpUserAgentSpecifies the user agent name to be used by all HTTP clients.
LogDestinationSpecifies the debug log destination.
LogDetailsSpecifies the debug log details to dump.
LogFileSpecifies the debug log filename.
LogFiltersSpecifies the debug log filters.
LogFlushModeSpecifies the log flush mode.
LogLevelSpecifies the debug log level.
LogMaxEventCountSpecifies the maximum number of events to cache before further action is taken.
LogRotationModeSpecifies the log rotation mode.
MaxASN1BufferLengthSpecifies the maximal allowed length for ASN.1 primitive tag data.
MaxASN1TreeDepthSpecifies the maximal depth for processed ASN.1 trees.
OCSPHashAlgorithmSpecifies the hash algorithm to be used to identify certificates in OCSP requests.
UseOwnDNSResolverSpecifies whether the client classes should use own DNS resolver.
UseSharedSystemStoragesSpecifies whether the validation engine should use a global per-process copy of the system certificate stores.
UseSystemOAEPAndPSSEnforces or disables the use of system-driven RSA OAEP and PSS computations.
UseSystemRandomEnables or disables the use of the OS PRNG.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 C++ Edition - Version 20.0 [Build 8166]