|
ASiCSignature Type
Represents a signature in the ASiC container.
Remarks
This type contains information about a signature found in ASiC container.
It holds various information about the signature, including its coverage and validation results.
An ASiC-S container can include one CAdES, and/or one XAdES, and/or one Timestamp.
An ASiC-E container can include multiple CAdES signatures, XAdES signatures, and timestamp tokens.
Fields
| |
ChainValidationDetails Integer |
The details of a certificate chain validation outcome. They may often suggest what reasons that contributed to the overall validation result.
Returns a bit mask of the following options:
| | cvrBadData | 0x0001 | One or more certificates in the validation path are malformed
| cvrRevoked | 0x0002 | One or more certificates are revoked
| cvrNotYetValid | 0x0004 | One or more certificates are not yet valid
| cvrExpired | 0x0008 | One or more certificates are expired
| cvrInvalidSignature | 0x0010 | A certificate contains a non-valid digital signature
| cvrUnknownCA | 0x0020 | A CA certificate for one or more certificates has not been found (chain incomplete)
| cvrCAUnauthorized | 0x0040 | One of the CA certificates are not authorized to act as CA
| cvrCRLNotVerified | 0x0080 | One or more CRLs could not be verified
| cvrOCSPNotVerified | 0x0100 | One or more OCSP responses could not be verified
| cvrIdentityMismatch | 0x0200 | The identity protected by the certificate (a TLS endpoint or an e-mail addressee) does not match what is recorded in the certificate
| cvrNoKeyUsage | 0x0400 | A mandatory key usage is not enabled in one of the chain certificates
| cvrBlocked | 0x0800 | One or more certificates are blocked
| cvrFailure | 0x1000 | General validation failure
| cvrChainLoop | 0x2000 | Chain loop: one of the CA certificates recursively signs itself
| cvrWeakAlgorithm | 0x4000 | A weak algorithm is used in one of certificates or revocation elements
| cvrUserEnforced | 0x8000 | The chain was considered invalid following intervention from a user code
|
|
ChainValidationResult ChainValidities |
The outcome of a certificate chain validation routine.
Available options:
| | cvtValid | 0 | The chain is valid
| cvtValidButUntrusted | 1 | The chain is valid, but the root certificate is not trusted
| cvtInvalid | 2 | The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature)
| cvtCantBeEstablished | 3 | The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses)
|
Use the ValidationLog property to access the detailed validation log.
|
Contents Byte() |
Returns the binary representation of the ASiC signature.
|
FileName String |
The name of the ASiC signature file.
|
IssuerRDN String |
The Relative Distinguished Name of the signing certificate's issuer.
A collection of information, in the form of [OID, Value] pairs,
about the company that issued the signing certificate.
|
Qualified QualifiedStatuses |
Indicates a qualified electronic signature.
Use this property to check if an electronic signature is created using a qualified device for creating electronic signatures and that relies on a qualified electronic signature certificate.
Adjust UseDefaultTSLs property and/or CustomTSLs property before validating the signature/certificate to properly obtain TSP (Trust Service Provider) service status. Use Qualified* and TSL* config properties to obtain extended information.
The following qualified statuses are supported:
| | sqsUnknown | 0 | Qualified status unknown. Use config's QualifiedInfo setting to obtain service status URI.
| sqsNone | 1 | None
| sqsGranted | 2 | Granted
| sqsWithdrawn | 3 | Withdrawn
| sqsSetByNationalLaw | 4 | Set by national law
| sqsDeprecatedByNationalLaw | 5 | Deprecated by national law
| sqsRecognizedAtNationalLevel | 6 | Recognized at national level
| sqsDeprecatedAtNationalLevel | 7 | Deprecated at national level
| sqsUnderSupervision | 8 | Under supervision
| sqsSupervisionInCessation | 9 | Supervision in cessation
| sqsSupervisionCeased | 10 | Supervision ceased
| sqsSupervisionRevoked | 11 | Supervision revoked
| sqsAccredited | 12 | Accredited
| sqsAccreditationCeased | 13 | Accreditation ceased
| sqsAccreditationRevoked | 14 | Accreditation revoked
| sqsInAccordance | 15 | Deprecated. The subject service is in accordance with the scheme's specific status determination criteria (only for use in positive approval schemes).
| sqsExpired | 16 | Deprecated. The subject service is no longer overseen by the scheme, e.g. due to nonrenewal or withdrawal by the TSP, or cessation of the service or the scheme's operations.
| sqsSuspended | 17 | Deprecated. The subject service's status is temporarily uncertain whilst checks are made by the scheme operator (typically e.g. while a revocation request is being investigated or if action is required to resolve a deficiency in the service fulfilling the scheme's criteria.
| sqsRevoked | 18 | Deprecated. The subject service's approved status has been revoked because it is no longer in accordance with the scheme's specific status determination criteria (only for use in positive approval schemes).
| sqsNotInAccordance | 19 | Deprecated. The subject service is not in accordance with the scheme's specific status determination criteria (only for use in negative approval schemes).
|
|
SerialNumber Byte() |
The serial number of the timestamp.
|
SignatureType ASiCSignatureTypes |
The type of the ASiC signature: CAdES, XAdES, timestamp, or unknown.
| | castUnknown | 0 | castCAdES | 1 | castXAdES | 2 | castTimestamp | 3 |
|
SignatureValidationResult SignatureValidities |
The outcome of the cryptographic signature validation.
The following signature validity values are supported:
| | svtValid | 0 | The signature is valid
| svtUnknown | 1 | Signature validity is unknown
| svtCorrupted | 2 | The signature is corrupted
| svtSignerNotFound | 3 | Failed to acquire the signing certificate. The signature cannot be validated.
| svtFailure | 4 | General failure
|
|
SignedFiles String |
Contains a comma-separated list of files that are covered by the signature.
|
SubjectKeyID Byte() |
Contains the subject key identifier of the signing certificate.
Subject Key Identifier is a (non-critical) X.509 certificate extension
which allows the identification of certificates containing a particular public key.
In SecureBlackbox, the unique identifier is represented by a SHA-1 hash
of the bit string of the subject public key.
|
Time String |
Indicates the time embedded in the timestamp, in UTC.
|
ValidationLog String |
Contains the signing certificate's chain validation log.
This information may be very useful in investigating chain validation failures.
|
Constructors
Creates a new empty ASiC signature object.
|