ASiCSignature Type
Represents a signature in the ASiC container.
Remarks
This type contains information about a signature found in ASiC container.
It holds various information about the signature, including its coverage and validation results.
An ASiC-S container can include one CAdES, and/or one XAdES, and/or one Timestamp.
An ASiC-E container can include multiple CAdES signatures, XAdES signatures, and timestamp tokens.
Fields
| |
ChainValidationDetails
Integer |
The details of a certificate chain validation outcome. They may often suggest what reasons that contributed to the overall validation result.
Returns a bit mask of the following options:
| | | cvrBadData | 0x0001 | One or more certificates in the validation path are malformed
| | cvrRevoked | 0x0002 | One or more certificates are revoked
| | cvrNotYetValid | 0x0004 | One or more certificates are not yet valid
| | cvrExpired | 0x0008 | One or more certificates are expired
| | cvrInvalidSignature | 0x0010 | A certificate contains a non-valid digital signature
| | cvrUnknownCA | 0x0020 | A CA certificate for one or more certificates has not been found (chain incomplete)
| | cvrCAUnauthorized | 0x0040 | One of the CA certificates are not authorized to act as CA
| | cvrCRLNotVerified | 0x0080 | One or more CRLs could not be verified
| | cvrOCSPNotVerified | 0x0100 | One or more OCSP responses could not be verified
| | cvrIdentityMismatch | 0x0200 | The identity protected by the certificate (a TLS endpoint or an e-mail addressee) does not match what is recorded in the certificate
| | cvrNoKeyUsage | 0x0400 | A mandatory key usage is not enabled in one of the chain certificates
| | cvrBlocked | 0x0800 | One or more certificates are blocked
| | cvrFailure | 0x1000 | General validation failure
| | cvrChainLoop | 0x2000 | Chain loop: one of the CA certificates recursively signs itself
| | cvrWeakAlgorithm | 0x4000 | A weak algorithm is used in one of certificates or revocation elements
| | cvrUserEnforced | 0x8000 | The chain was considered invalid following intervention from a user code
|
|
ChainValidationResult
TsbxChainValidities |
The outcome of a certificate chain validation routine.
Available options:
| | | cvtValid | 0 | The chain is valid
| | cvtValidButUntrusted | 1 | The chain is valid, but the root certificate is not trusted
| | cvtInvalid | 2 | The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature)
| | cvtCantBeEstablished | 3 | The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses)
|
Use the ValidationLog property to access the detailed validation log.
|
Contents
TBytes |
Returns the binary representation of the ASiC signature.
|
FileName
String |
The name of the ASiC signature file.
|
Handle
Int64 |
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner,
without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
|
IssuerRDN
String |
The Relative Distinguished Name of the signing certificate's issuer.
A collection of information, in the form of [OID, Value] pairs,
about the company that issued the signing certificate.
|
Qualified
TsbxQualifiedStatuses |
Indicates a qualified electronic signature.
Use this property to check if an electronic signature is created using a qualified device for creating electronic signatures and that relies on a qualified electronic signature certificate.
Adjust UseDefaultTSLs property and/or CustomTSLs property before validating the signature/certificate to properly obtain TSP (Trust Service Provider) service status. Use Qualified* and TSL* config properties to obtain extended information.
The following qualified statuses are supported:
| | | sqsUnknown | 0 | Qualified status unknown. Use config's QualifiedInfo setting to obtain service status URI.
| | sqsNone | 1 | None
| | sqsGranted | 2 | Granted
| | sqsWithdrawn | 3 | Withdrawn
| | sqsSetByNationalLaw | 4 | Set by national law
| | sqsDeprecatedByNationalLaw | 5 | Deprecated by national law
| | sqsRecognizedAtNationalLevel | 6 | Recognized at national level
| | sqsDeprecatedAtNationalLevel | 7 | Deprecated at national level
| | sqsUnderSupervision | 8 | Under supervision
| | sqsSupervisionInCessation | 9 | Supervision in cessation
| | sqsSupervisionCeased | 10 | Supervision ceased
| | sqsSupervisionRevoked | 11 | Supervision revoked
| | sqsAccredited | 12 | Accredited
| | sqsAccreditationCeased | 13 | Accreditation ceased
| | sqsAccreditationRevoked | 14 | Accreditation revoked
| | sqsInAccordance | 15 | Deprecated. The subject service is in accordance with the scheme's specific status determination criteria (only for use in positive approval schemes).
| | sqsExpired | 16 | Deprecated. The subject service is no longer overseen by the scheme, e.g. due to nonrenewal or withdrawal by the TSP, or cessation of the service or the scheme's operations.
| | sqsSuspended | 17 | Deprecated. The subject service's status is temporarily uncertain whilst checks are made by the scheme operator (typically e.g. while a revocation request is being investigated or if action is required to resolve a deficiency in the service fulfilling the scheme's criteria.
| | sqsRevoked | 18 | Deprecated. The subject service's approved status has been revoked because it is no longer in accordance with the scheme's specific status determination criteria (only for use in positive approval schemes).
| | sqsNotInAccordance | 19 | Deprecated. The subject service is not in accordance with the scheme's specific status determination criteria (only for use in negative approval schemes).
|
|
SerialNumber
TBytes |
The serial number of the timestamp.
|
SignatureType
TsbxASiCSignatureTypes |
The type of the ASiC signature: CAdES, XAdES, timestamp, or unknown.
| | | castUnknown | 0 | | castCAdES | 1 | | castXAdES | 2 | | castTimestamp | 3 |
|
SignatureValidationResult
TsbxSignatureValidities |
The outcome of the cryptographic signature validation.
The following signature validity values are supported:
| | | svtValid | 0 | The signature is valid
| | svtUnknown | 1 | Signature validity is unknown
| | svtCorrupted | 2 | The signature is corrupted
| | svtSignerNotFound | 3 | Failed to acquire the signing certificate. The signature cannot be validated.
| | svtFailure | 4 | General failure
|
|
SignedFiles
String |
Contains a comma-separated list of files that are covered by the signature.
|
SubjectKeyID
TBytes |
Contains the subject key identifier of the signing certificate.
Subject Key Identifier is a (non-critical) X.509 certificate extension
which allows the identification of certificates containing a particular public key.
In SecureBlackbox, the unique identifier is represented by a SHA-1 hash
of the bit string of the subject public key.
|
Time
String |
Indicates the time embedded in the timestamp, in UTC.
|
ValidationLog
String |
Contains the signing certificate's chain validation log.
This information may be very useful in investigating chain validation failures.
|
Constructors
constructor Create();
Creates a new empty ASiC signature object.