| |
ChainValidationDetails
Integer |
The details of a certificate chain validation outcome. They may often suggest what reasons that contributed to the overall validation result.
Returns a bit mask of the following options:
| | | cvrBadData | 0x0001 | One or more certificates in the validation path are malformed
| | cvrRevoked | 0x0002 | One or more certificates are revoked
| | cvrNotYetValid | 0x0004 | One or more certificates are not yet valid
| | cvrExpired | 0x0008 | One or more certificates are expired
| | cvrInvalidSignature | 0x0010 | A certificate contains a non-valid digital signature
| | cvrUnknownCA | 0x0020 | A CA certificate for one or more certificates has not been found (chain incomplete)
| | cvrCAUnauthorized | 0x0040 | One of the CA certificates are not authorized to act as CA
| | cvrCRLNotVerified | 0x0080 | One or more CRLs could not be verified
| | cvrOCSPNotVerified | 0x0100 | One or more OCSP responses could not be verified
| | cvrIdentityMismatch | 0x0200 | The identity protected by the certificate (a TLS endpoint or an e-mail addressee) does not match what is recorded in the certificate
| | cvrNoKeyUsage | 0x0400 | A mandatory key usage is not enabled in one of the chain certificates
| | cvrBlocked | 0x0800 | One or more certificates are blocked
| | cvrFailure | 0x1000 | General validation failure
| | cvrChainLoop | 0x2000 | Chain loop: one of the CA certificates recursively signs itself
| | cvrWeakAlgorithm | 0x4000 | A weak algorithm is used in one of certificates or revocation elements
| | cvrUserEnforced | 0x8000 | The chain was considered invalid following intervention from a user code
|
|
ChainValidationResult
TsbxChainValidities |
The outcome of a certificate chain validation routine.
Available options:
| | | cvtValid | 0 | The chain is valid
| | cvtValidButUntrusted | 1 | The chain is valid, but the root certificate is not trusted
| | cvtInvalid | 2 | The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature)
| | cvtCantBeEstablished | 3 | The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses)
|
Use the ValidationLog property to access the detailed validation log.
|
CorePropertiesSigned
Boolean |
Returns True if this signature covers the core properties of the document.
|
DocumentSigned
Boolean |
Returns True if the signature covers the document itself.
|
ExpireTime
String |
Specifies the signature expiration time in UTC.
|
HashAlgorithm
String |
The hash algorithm used for signing.
| | | SB_HASH_ALGORITHM_MD5 | MD5 | | | SB_HASH_ALGORITHM_SHA1 | SHA1 | | | SB_HASH_ALGORITHM_SHA224 | SHA224 | | | SB_HASH_ALGORITHM_SHA256 | SHA256 | | | SB_HASH_ALGORITHM_SHA384 | SHA384 | | | SB_HASH_ALGORITHM_SHA512 | SHA512 | | | SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | | | SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | | | SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | | | SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | | | SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | | | SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
|
Qualified
TsbxQualifiedStatuses |
Indicates a qualified electronic signature.
Use this property to check if an electronic signature is created using a qualified device for creating electronic signatures and that relies on a qualified electronic signature certificate.
Adjust UseDefaultTSLs property and/or CustomTSLs property before validating the signature/certificate to properly obtain TSP (Trust Service Provider) service status. Use Qualified* and TSL* config properties to obtain extended information.
The following qualified statuses are supported:
| | | sqsUnknown | 0 | Qualified status unknown. Use config's QualifiedInfo setting to obtain service status URI.
| | sqsNone | 1 | None
| | sqsGranted | 2 | Granted
| | sqsWithdrawn | 3 | Withdrawn
| | sqsSetByNationalLaw | 4 | Set by national law
| | sqsDeprecatedByNationalLaw | 5 | Deprecated by national law
| | sqsRecognizedAtNationalLevel | 6 | Recognized at national level
| | sqsDeprecatedAtNationalLevel | 7 | Deprecated at national level
| | sqsUnderSupervision | 8 | Under supervision
| | sqsSupervisionInCessation | 9 | Supervision in cessation
| | sqsSupervisionCeased | 10 | Supervision ceased
| | sqsSupervisionRevoked | 11 | Supervision revoked
| | sqsAccredited | 12 | Accredited
| | sqsAccreditationCeased | 13 | Accreditation ceased
| | sqsAccreditationRevoked | 14 | Accreditation revoked
| | sqsInAccordance | 15 | Deprecated. The subject service is in accordance with the scheme's specific status determination criteria (only for use in positive approval schemes).
| | sqsExpired | 16 | Deprecated. The subject service is no longer overseen by the scheme, e.g. due to nonrenewal or withdrawal by the TSP, or cessation of the service or the scheme's operations.
| | sqsSuspended | 17 | Deprecated. The subject service's status is temporarily uncertain whilst checks are made by the scheme operator (typically e.g. while a revocation request is being investigated or if action is required to resolve a deficiency in the service fulfilling the scheme's criteria.
| | sqsRevoked | 18 | Deprecated. The subject service's approved status has been revoked because it is no longer in accordance with the scheme's specific status determination criteria (only for use in positive approval schemes).
| | sqsNotInAccordance | 19 | Deprecated. The subject service is not in accordance with the scheme's specific status determination criteria (only for use in negative approval schemes).
|
|
|
|
Contains the comments for the SignatureInfoText.
|
SignatureInfoIncluded
Boolean |
Specifies whether the signature info is included.
|
SignatureInfoText
String |
Contains the text of the signature info.
|
SignatureOriginSigned
Boolean |
Returns True if the signature origin is signed.
|
SignatureTime
String |
Specifies the certified signing time.
|
SignatureType
TsbxOfficeSignatureTypes |
Specifies the type of this signature.
| | | ostDefault | 0 | | | ostBinaryCryptoAPI | 1 | | | ostBinaryXML | 2 | | | ostOpenXML | 3 | | | ostOpenXPS | 4 | | | ostOpenDocument | 5 | |
|
SignatureValidationResult
TsbxSignatureValidities |
The outcome of the cryptographic signature validation.
The following signature validity values are supported:
| | | svtValid | 0 | The signature is valid
| | svtUnknown | 1 | Signature validity is unknown
| | svtCorrupted | 2 | The signature is corrupted
| | svtSignerNotFound | 3 | Failed to acquire the signing certificate. The signature cannot be validated.
| | svtFailure | 4 | General failure
|
|
SignTime
String |
Specifies the time when the signature was generated.
|
SubjectRDN
String |
Contains information about the person owning the signing certificate.
Only certificates with given subject information will be enumerated during the search operation.
Information is stored in the form of [Object Identifier, Value] pairs.
|
ValidationLog
String |
Contains the signature validation log.
This information is extremely useful if the signature validation fails.
|