CAdESVerifier Component

Properties   Methods   Events   Config Settings   Errors  

The CAdESVerifier component is used to validate CAdES signatures.

Syntax

TsbxCAdESVerifier

Remarks

CAdESVerifier validates electronic signatures that comply with the Electronic Signatures and Infrastructures (ESI) CMS Advanced Electronic Signatures (CAdES) specification.

Property List

---

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AllSignaturesValid Property (CAdESVerifier Component)

The cumulative validity of all signatures.

Syntax

property AllSignaturesValid: Boolean read get_AllSignaturesValid;

Default Value

false

Remarks

Use this property to check if all the signatures found in the message or document are valid.

This property is read-only and not available at design time.

BlockedCertificates Property (CAdESVerifier Component)

The certificates that must be rejected as trust anchors.

Syntax

property BlockedCertificates: TsbxCertificateList read get_BlockedCertificates write set_BlockedCertificates;

Remarks

Use this property to provide a list of compromised or blocked certificates. Any chain containing a blocked certificate will fail validation.

This property is not available at design time.

Please refer to the Certificate type for a complete list of fields.

Certificates Property (CAdESVerifier Component)

A collection of certificates included in the electronic signature.

Syntax

property Certificates: TsbxCertificateList read get_Certificates;

Remarks

Use this property to access all certificates included into the signature(s) by its creator.

This property is read-only and not available at design time.

Please refer to the Certificate type for a complete list of fields.

CRLs Property (CAdESVerifier Component)

A collection of certificate revocation lists embedded into the signature by the signer.

Syntax

property CRLs: TsbxCRLList read get_CRLs;

Remarks

Use this property to access the CRLs embedded into the signature by the signer.

This property is read-only and not available at design time.

Please refer to the CRL type for a complete list of fields.

DataBytes Property (CAdESVerifier Component)

Use this property to pass the signed data to component in the byte array form.

Syntax

property DataBytes: TBytes read get_DataBytes write set_DataBytes;

Remarks

Assign a byte array containing the original signed data to this property.

This property is not available at design time.

DataFile Property (CAdESVerifier Component)

A path to the file containing the originally signed data.

Syntax

property DataFile: String read get_DataFile write set_DataFile;

Default Value

''

Remarks

Use this property when working with detached signatures to provide the original signed input. Alternatively, use DataStream to provide in-memory data.

FIPSMode Property (CAdESVerifier Component)

Reserved.

Syntax

property FIPSMode: Boolean read get_FIPSMode write set_FIPSMode;

Default Value

false

Remarks

This property is reserved for future use.

IgnoreChainValidationErrors Property (CAdESVerifier Component)

Makes the component tolerant to chain validation errors.

Syntax

property IgnoreChainValidationErrors: Boolean read get_IgnoreChainValidationErrors write set_IgnoreChainValidationErrors;

Default Value

false

Remarks

If this property is set to True, any errors emerging during certificate chain validation will be ignored. This setting may be handy if the purpose of validation is the creation of an LTV signature, and the validation is performed in an environment that doesn't trust the signer's certificate chain.

InputBytes Property (CAdESVerifier Component)

Use this property to pass the input to component in the byte array form.

Syntax

property InputBytes: TBytes read get_InputBytes write set_InputBytes;

Remarks

Assign a byte array containing the data to be processed to this property.

This property is not available at design time.

InputFile Property (CAdESVerifier Component)

A path to the file containing the signature blob.

Syntax

property InputFile: String read get_InputFile write set_InputFile;

Default Value

''

Remarks

Use this property to provide a path to the file containing the CAdES signature blob. If verifying detached signatures, use DataStream or DataFile to also supply the original data that was signed.

InputIsHash Property (CAdESVerifier Component)

Specifies whether the input source contains the hash of the data or the actual data.

Syntax

property InputIsHash: Boolean read get_InputIsHash write set_InputIsHash;

Default Value

false

Remarks

Use this property to tell the component whether the input source contains the actual data or its hash.

This property is not available at design time.

KnownCertificates Property (CAdESVerifier Component)

Additional certificates for chain validation.

Syntax

property KnownCertificates: TsbxCertificateList read get_KnownCertificates write set_KnownCertificates;

Remarks

Use this property to supply a list of additional certificates that might be needed for chain validation. An example of a scenario where you might want to do that is when intermediary CA certificates are absent from the standard system locations (or when there are no standard system locations), and therefore should be supplied to the component manually.

The purpose of certificates to be added to this collection is roughly equivalent to that of Intermediate Certification Authorities system store in Windows.

Do not add trust anchors or root certificates to this collection: add them to TrustedCertificates instead.

This property is not available at design time.

Please refer to the Certificate type for a complete list of fields.

KnownCRLs Property (CAdESVerifier Component)

Additional CRLs for chain validation.

Syntax

property KnownCRLs: TsbxCRLList read get_KnownCRLs write set_KnownCRLs;

Remarks

Use this property to supply additional CRLs that might be needed for chain validation. This property may be helpful when a chain is validated in offline mode, and the associated CRLs are stored separately from the signed message or document.

This property is not available at design time.

Please refer to the CRL type for a complete list of fields.

KnownOCSPs Property (CAdESVerifier Component)

Additional OCSP responses for chain validation.

Syntax

property KnownOCSPs: TsbxOCSPResponseList read get_KnownOCSPs write set_KnownOCSPs;

Remarks

Use this property to supply additional OCSP responses that might be needed for chain validation. This property may be helpful when a chain is validated in offline mode, and the associated OCSP responses are stored separately from the signed message or document.

This property is not available at design time.

Please refer to the OCSPResponse type for a complete list of fields.

OCSPs Property (CAdESVerifier Component)

A collection of OCSP responses embedded into the signature.

Syntax

property OCSPs: TsbxOCSPResponseList read get_OCSPs;

Remarks

Use this property to access the OCSP responses embedded into the signature by its creator.

This property is read-only and not available at design time.

Please refer to the OCSPResponse type for a complete list of fields.

OfflineMode Property (CAdESVerifier Component)

Switches the component to the offline mode.

Syntax

property OfflineMode: Boolean read get_OfflineMode write set_OfflineMode;

Default Value

false

Remarks

When working in offline mode, the component restricts itself from using any online revocation information sources, such as CRL or OCSP responders.

Offline mode may be useful if there is a need to verify the completeness of validation information included within the signature or provided via KnownCertificates, KnownCRLs, and other related properties.

OutputBytes Property (CAdESVerifier Component)

Use this property to read the output the component object has produced.

Syntax

property OutputBytes: TBytes read get_OutputBytes;

Remarks

Read the contents of this property after the operation is completed to read the produced output. This property will only be set if OutputFile and OutputStream properties had not been assigned.

This property is read-only and not available at design time.

OutputFile Property (CAdESVerifier Component)

A path to the file to write the extracted data to.

Syntax

property OutputFile: String read get_OutputFile write set_OutputFile;

Default Value

''

Remarks

Use this property to provide a file name to save the data extracted from the enveloping signature.

Profile Property (CAdESVerifier Component)

Specifies a pre-defined profile to apply when creating the signature.

Syntax

property Profile: String read get_Profile write set_Profile;

Default Value

''

Remarks

Advanced signatures come in many variants, which are often defined by parties that needs to process them or by local standards. SecureBlackbox profiles are sets of pre-defined configurations which correspond to particular signature variants. By specifying a profile, you are pre-configuring the component to make it produce the signature that matches the configuration corresponding to that profile.

Proxy Property (CAdESVerifier Component)

The proxy server settings.

Syntax

property Proxy: TsbxProxySettings read get_Proxy;

Remarks

Use this property to tune up the proxy server settings.

This property is read-only.

Please refer to the ProxySettings type for a complete list of fields.

RevocationCheck Property (CAdESVerifier Component)

Specifies the kind(s) of revocation check to perform.

Syntax

property RevocationCheck: TsbxRevocationCheckKinds read get_RevocationCheck write set_RevocationCheck;

TsbxRevocationCheckKinds = (
  crcNone,
  crcAuto,
  crcAllCRL,
  crcAllOCSP,
  crcAllCRLAndOCSP,
  crcAnyCRL,
  crcAnyOCSP,
  crcAnyCRLOrOCSP,
  crcAnyOCSPOrCRL
);

Default Value

crcAuto

Remarks

Revocation checking is necessary to ensure the integrity of the chain and obtain up-to-date certificate validity and trustworthiness information.

Certificate Revocation Lists (CRL) and Online Certificate Status Protocol (OCSP) responses serve the same purpose of ensuring that the certificate had not been revoked by the Certificate Authority (CA) at the time of use. Depending on your circumstances and security policy requirements, you may want to use either one or both of the revocation information source types.

This setting controls the way the revocation checks are performed. Typically certificates come with two types of revocation information sources: CRL (certificate revocation lists) and OCSP responders. CRLs are static objects periodically published by the CA at some online location. OCSP responders are active online services maintained by the CA that can provide up-to-date information on certificate statuses in near real time.

There are some conceptual differences between the two. CRLs are normally larger in size. Their use involves some latency because there is normally some delay between the time when a certificate was revoked and the time the subsequent CRL mentioning that is published. The benefits of CRL is that the same object can provide statuses for all certificates issued by a particular CA, and that the whole technology is much simpler than OCSP (and thus is supported by more CAs).

This setting lets you adjust the validation course by including or excluding certain types of revocation sources from the validation process. The crcAnyOCSPOrCRL setting (give preference to faster OCSP route and only demand one source to succeed) is a good choice for most of typical validation environments. The 'crcAll*' modes are much stricter, and may be used in scenarios where bulletproof validity information is essential.

Signature Property (CAdESVerifier Component)

The signature that is currently being processed.

Syntax

property Signature: TsbxCAdESSignature read get_Signature;

Remarks

Use this property to access the fields of the signature that is currently being processed. This field also keeps information about the last processed signature after the completion of the Verify method.

This property is read-only and not available at design time.

Please refer to the CAdESSignature type for a complete list of fields.

SignedAttributes Property (CAdESVerifier Component)

Custom signature attributes that are covered by the electronic signature.

Syntax

property SignedAttributes: TsbxSignatureAttributeList read get_SignedAttributes;

Remarks

Signature attributes are used to store auxiliary information in the signature. Values included as signed attributes are covered by the signature.

This property is read-only and not available at design time.

Please refer to the SignatureAttribute type for a complete list of fields.

SigningCertificate Property (CAdESVerifier Component)

The certificate that was used to create the signature.

Syntax

property SigningCertificate: TsbxCertificate read get_SigningCertificate;

Remarks

Use this property to access the certificate that was used to create the signature. This property might not be available if the signer chose not to include the certificate into the signature.

This property is read-only and not available at design time.

Please refer to the Certificate type for a complete list of fields.

SocketSettings Property (CAdESVerifier Component)

Manages network connection settings.

Syntax

property SocketSettings: TsbxSocketSettings read get_SocketSettings;

Remarks

Use this property to tune up network connection parameters.

This property is read-only.

Please refer to the SocketSettings type for a complete list of fields.

Timestamp Property (CAdESVerifier Component)

Contains the timestamp which is being validated.

Syntax

property Timestamp: TsbxTimestampInfo read get_Timestamp;

Remarks

Use this property to access the timestamp which is currently being validated.

This property is read-only and not available at design time.

Please refer to the TimestampInfo type for a complete list of fields.

TLSClientChain Property (CAdESVerifier Component)

The TLS client certificate chain.

Syntax

property TLSClientChain: TsbxCertificateList read get_TLSClientChain write set_TLSClientChain;

Remarks

Assign a certificate chain to this property to enable TLS client authentication in the component. Note that the client's end-entity certificate should have a private key associated with it.

This property is not available at design time.

Please refer to the Certificate type for a complete list of fields.

TLSServerChain Property (CAdESVerifier Component)

The TLS server's certificate chain.

Syntax

property TLSServerChain: TsbxCertificateList read get_TLSServerChain;

Remarks

Use this property to access the certificate chain sent by the TLS server.

This property is read-only and not available at design time.

Please refer to the Certificate type for a complete list of fields.

TLSSettings Property (CAdESVerifier Component)

Manages TLS layer settings.

Syntax

property TLSSettings: TsbxTLSSettings read get_TLSSettings;

Remarks

Use this property to tune up the TLS layer parameters.

This property is read-only.

Please refer to the TLSSettings type for a complete list of fields.

TrustedCertificates Property (CAdESVerifier Component)

A list of trusted certificates for chain validation.

Syntax

property TrustedCertificates: TsbxCertificateList read get_TrustedCertificates write set_TrustedCertificates;

Remarks

Use this property to supply a list of trusted certificates that might be needed for chain validation. An example of a scenario where you might want to do that is when root CA certificates are absent from the standard system locations (or when there are no standard system locations), and therefore should be supplied to the component manually.

The purpose of this certificate collection is largely the same than that of Windows Trusted Root Certification Authorities system store.

Use this property with extreme care as it directly affects chain verifiability; a wrong certificate added to the trusted list may result in bad chains being accepted, and forfeited signatures being recognized as genuine. Only add certificates that originate from the parties that you know and trust.

This property is not available at design time.

Please refer to the Certificate type for a complete list of fields.

TSACertificate Property (CAdESVerifier Component)

The certificate of the Time Stamping Authority.

Syntax

property TSACertificate: TsbxCertificate read get_TSACertificate;

Remarks

Use this property to access the certificate of the TSA that produced the timestamp.

Note that in some instances the TSA certificate might be unavailable, even for timestamped documents and signatures.

This property is read-only and not available at design time.

Please refer to the Certificate type for a complete list of fields.

UnsignedAttributes Property (CAdESVerifier Component)

Custom unsigned attributes included in the electronic signature.

Syntax

property UnsignedAttributes: TsbxSignatureAttributeList read get_UnsignedAttributes;

Remarks

Signature attributes are used to store auxiliary information in the signature. Values included as unsigned attributes are not covered by the signature and can be changed or removed without affecting the signature.

This property is read-only and not available at design time.

Please refer to the SignatureAttribute type for a complete list of fields.

ValidationMoment Property (CAdESVerifier Component)

The time point at which signature validity is to be established.

Syntax

property ValidationMoment: String read get_ValidationMoment write set_ValidationMoment;

Default Value

''

Remarks

Use this property to specify the moment in time at which signature validity should be established. The time is in UTC. Leave the setting empty to stick to the default moment (either signature creation time, or current time).

The validity of the same signature may differ depending on the time point chosen due to temporal changes in chain validities, revocation statuses, and timestamp times.

Config Method (CAdESVerifier Component)

Sets or retrieves a configuration setting.

Syntax

function Config(ConfigurationString: String): String;

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

DoAction Method (CAdESVerifier Component)

Performs an additional action.

Syntax

function DoAction(ActionID: String; ActionParams: String): String;

Remarks

DoAction is a generic method available in every component. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insencitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

Verify Method (CAdESVerifier Component)

Verifies a digitally signed CAdES message.

Syntax

procedure Verify();

Remarks

CAdESVerifier supports two types of signatures: enveloping and detached. In the enveloping case, both the data and the signature travel in the same 'combined' message. The detached variant observes the signature and the data (in its original form) residing in different files.

Call this method to verify enveloping signatures provided via InputStream or InputFile property, and extract the embedded data to OutputFile or OutputStream. Use VerifyDetached to verify detached signatures.

VerifyDetached Method (CAdESVerifier Component)

Verifies a detached CAdES signature.

Syntax

procedure VerifyDetached();

Remarks

Use this method to verify detached signatures. Pass the signature via InputStream or InputFile property, and the data via DataStream or DataFile property.

Use Verify to verify enveloping (non-detached) signatures.

ChainElementDownload Event (CAdESVerifier Component)

Fires when there is a need to download a chain element from an online source.

Syntax

type TChainElementDownloadEvent = procedure (
  Sender: TObject;
  Kind: Integer;
  const CertRDN: String;
  const CACertRDN: String;
  const Location: String;
  var Action: Integer
) of Object;

property OnChainElementDownload: TChainElementDownloadEvent read FOnChainElementDownload write FOnChainElementDownload;

Remarks

Subscribe to this event to be notified about validation element retrievals. Use Action parameter to suppress the download if required.

ChainElementNeeded Event (CAdESVerifier Component)

Fires when an element required to validate the chain was not located.

Syntax

type TChainElementNeededEvent = procedure (
  Sender: TObject;
  Kind: Integer;
  const CertRDN: String;
  const CACertRDN: String
) of Object;

property OnChainElementNeeded: TChainElementNeededEvent read FOnChainElementNeeded write FOnChainElementNeeded;

Remarks

Subscribe to this event to be notified about missing validation elements. Use the KnownCRLs, KnownCertificates, and KnownOCSPs properties in the event handler to provide the missing piece.

ChainValidated Event (CAdESVerifier Component)

Reports the completion of a certificate chain validation.

Syntax

type TChainValidatedEvent = procedure (
  Sender: TObject;
  const SubjectRDN: String;
  ValidationResult: Integer;
  ValidationDetails: Integer
) of Object;

property OnChainValidated: TChainValidatedEvent read FOnChainValidated write FOnChainValidated;

Remarks

This event is fired when a certificate chain validation routine completes. SubjectRDN identifies the owner of the validated certificate.

ValidationResult set to 0 (zero) indicates successful chain validation.

Any other value reports a failure, and ValidationDetails provides more details on its reasons.

ChainValidationProgress Event (CAdESVerifier Component)

This event is fired multiple times during chain validation to report various stages of the validation procedure.

Syntax

type TChainValidationProgressEvent = procedure (
  Sender: TObject;
  const EventKind: String;
  const CertRDN: String;
  const CACertRDN: String;
  var Action: Integer
) of Object;

property OnChainValidationProgress: TChainValidationProgressEvent read FOnChainValidationProgress write FOnChainValidationProgress;

Remarks

Subscribe to this event to be notified about chain validation progress. Use Action parameter to alter the validation flow.

The EventKind parameter reports the nature of the event being reported. The CertRDN and CACertRDN report the distinguished names of the certificates that are relevant for the event invocation (one or both can be empty, depending on EventKind. Use Action parameter to adjust the validation flow.

Error Event (CAdESVerifier Component)

Information about errors during CAdES verification.

Syntax

type TErrorEvent = procedure (
  Sender: TObject;
  ErrorCode: Integer;
  const Description: String
) of Object;

property OnError: TErrorEvent read FOnError write FOnError;

Remarks

The event is fired in case of exceptional conditions during message processing.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Messages section.

Notification Event (CAdESVerifier Component)

This event notifies the application about an underlying control flow event.

Syntax

type TNotificationEvent = procedure (
  Sender: TObject;
  const EventID: String;
  const EventParam: String
) of Object;

property OnNotification: TNotificationEvent read FOnNotification write FOnNotification;

Remarks

The component fires this event to let the application know about some event, occurrence, or milestone in the component. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the component, the exact action it is performing, or the document being processed, one or both may be omitted.

SignatureFound Event (CAdESVerifier Component)

Signifies the start of individual signature validation.

Syntax

type TSignatureFoundEvent = procedure (
  Sender: TObject;
  Scope: Integer;
  const IssuerRDN: String;
  SerialNumber: TBytes;
  SubjectKeyID: TBytes;
  CertFound: Boolean;
  Last: Boolean;
  var ValidateSignature: Boolean;
  var ValidateChain: Boolean
) of Object;

property OnSignatureFound: TSignatureFoundEvent read FOnSignatureFound write FOnSignatureFound;

Remarks

This event tells the application that signature validation is about to start, and provides the details about the signature, via its Scope parameter, and the signer's certificate via IssuerRDN, SerialNumber, and SubjectKeyID parameters. It fires for every signature located in the verified document or message, including sub-signatures made over timestamps and countersignatures.

The CertFound is set to True if the component has found the needed certificate in one of the known locations, and to False otherwise, in which case you must provide it manually via KnownCertificates property.

Signature validation consists of two independent stages: cryptographic signature validation and chain validation. Separate validation results are reported for each, with SignatureValidationResult and ChainValidationResult properties respectively.

Use the ValidateSignature and ValidateChain parameters to tell the verifier which stages to include in the validation.

SignatureProcessed Event (CAdESVerifier Component)

Reports the completion of signature processing.

Syntax

type TSignatureProcessedEvent = procedure (
  Sender: TObject;
  ValidationResult: Integer;
  ChainValidationResult: Integer;
  ChainValidationDetails: Integer;
  Last: Boolean;
  var Proceed: Boolean
) of Object;

property OnSignatureProcessed: TSignatureProcessedEvent read FOnSignatureProcessed write FOnSignatureProcessed;

Remarks

This event reports the completion of signature processing. By the time it fires, any embedded timestamps and countersignatures have been processed.

The ValidationResult, ChainValidationResult, and ChainValidationDetails summarize the validation outcomes. The Last parameter tells if the signature is the last one on this level.

SignatureValidated Event (CAdESVerifier Component)

Marks the completion of the signature validation routine.

Syntax

type TSignatureValidatedEvent = procedure (
  Sender: TObject;
  ValidationResult: Integer;
  var Proceed: Boolean
) of Object;

property OnSignatureValidated: TSignatureValidatedEvent read FOnSignatureValidated write FOnSignatureValidated;

Remarks

This event is fired upon the completion of the cryptographic signature validation routine, and reports the respective result. It fires before the component proceeds to detailed signature inspection, which involves timestamp and countersignature processing.

ValidationResult is set to 0 if the validation has been successful, or to a non-zero value in case of a validation failure.

TimestampFound Event (CAdESVerifier Component)

Signifies the start of timestamp validation routine.

Syntax

type TTimestampFoundEvent = procedure (
  Sender: TObject;
  TimestampType: Integer;
  const Time: String;
  const IssuerRDN: String;
  SerialNumber: TBytes;
  SubjectKeyID: TBytes;
  CertFound: Boolean;
  Last: Boolean;
  var ValidateTimestamp: Boolean;
  var ValidateChain: Boolean
) of Object;

property OnTimestampFound: TTimestampFoundEvent read FOnTimestampFound write FOnTimestampFound;

Remarks

This event fires for every timestamp identified during signature processing, and reports the details about the signer's certificate via its IssuerRDN, SerialNumber, and SubjectKeyID parameters.

The CertFound is set to True if the component has found the needed certificate in one of the known locations, and to False otherwise, in which case you must provide it manually via KnownCertificates property.

Just like with signature validation, timestamp validation consists of two independent stages: cryptographic signature validation and chain validation. Separate validation results are reported for each, with SignatureValidationResult and ChainValidationResult properties respectively.

Use the ValidateSignature and ValidateChain parameters to tell the verifier which stages to include in the validation.

TimestampProcessed Event (CAdESVerifier Component)

Reports the completion of the timestamp validation routine.

Syntax

type TTimestampProcessedEvent = procedure (
  Sender: TObject;
  ValidationResult: Integer;
  ChainValidationResult: Integer;
  ChainValidationDetails: Integer;
  Last: Boolean;
  var Proceed: Boolean
) of Object;

property OnTimestampProcessed: TTimestampProcessedEvent read FOnTimestampProcessed write FOnTimestampProcessed;

Remarks

This event is fired upon the completion of the timestamp validation routine, and reports the respective validation result.

ValidationResult, ChainValidationResult, and ChainValidationDetails report the validity of the timestamp and the associated chain.

TimestampValidated Event (CAdESVerifier Component)

Marks the completion of the signature validation routine.

Syntax

type TTimestampValidatedEvent = procedure (
  Sender: TObject;
  ValidationResult: Integer;
  var Proceed: Boolean
) of Object;

property OnTimestampValidated: TTimestampValidatedEvent read FOnTimestampValidated write FOnTimestampValidated;

Remarks

This event is fired upon the completion of the cryptographic signature validation routine, and reports the respective result. It fires before the component proceeds to detailed signature inspection, which involves timestamp and countersignature processing.

ValidationResult is set to 0 if the validation has been successful, or to a non-zero value in case of a validation failure.

TLSCertNeeded Event (CAdESVerifier Component)

Fires when a remote TLS party requests a client certificate.

Syntax

type TTLSCertNeededEvent = procedure (
  Sender: TObject;
  const Host: String;
  const CANames: String
) of Object;

property OnTLSCertNeeded: TTLSCertNeededEvent read FOnTLSCertNeeded write FOnTLSCertNeeded;

Remarks

This event fires to notify the implementation that a remote TLS server has requested a client certificate. The Host parameter identifies the host that makes a request, and the CANames (optional, according to the TLS spec) advises on the accepted issuing CAs.

Use the TLSClientChain property in response to this event to provide the requested certificate. Please make sure the client certificate includes the associated private key. Note that you may set the certificates before the connection without waiting for this event to fire.

This event is preceded by the TLSHandshake event for the given host and, if the certificate was accepted, succeeded by the TLSEstablished event.

TLSCertValidate Event (CAdESVerifier Component)

This event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance.

Syntax

type TTLSCertValidateEvent = procedure (
  Sender: TObject;
  const ServerHost: String;
  const ServerIP: String;
  var Accept: Boolean
) of Object;

property OnTLSCertValidate: TTLSCertValidateEvent read FOnTLSCertValidate write FOnTLSCertValidate;

Remarks

This event is fired during a TLS handshake. Use TLSServerChain property to access the certificate chain. In general case, components may contact a number of TLS endpoints during their work, depending on their configuration.

Accept is assigned in accordance with the outcome of the internal validation check performed by the component, and can be adjusted if needed.

TLSEstablished Event (CAdESVerifier Component)

Fires when a TLS handshake with Host successfully completes.

Syntax

type TTLSEstablishedEvent = procedure (
  Sender: TObject;
  const Host: String;
  const Version: String;
  const Ciphersuite: String;
  ConnectionId: TBytes;
  var Abort: Boolean
) of Object;

property OnTLSEstablished: TTLSEstablishedEvent read FOnTLSEstablished write FOnTLSEstablished;

Remarks

The component uses this event to notify the application about successful completion of a TLS handshake.

The Version, Ciphersuite, and ConnectionId parameters indicate security parameters of the new connection. Use the Abort parameter if you need to terminate the connection at this stage.

TLSHandshake Event (CAdESVerifier Component)

Fires when a new TLS handshake is initiated, before the handshake commences.

Syntax

type TTLSHandshakeEvent = procedure (
  Sender: TObject;
  const Host: String;
  var Abort: Boolean
) of Object;

property OnTLSHandshake: TTLSHandshakeEvent read FOnTLSHandshake write FOnTLSHandshake;

Remarks

The component uses this event to notify the application about the start of a new TLS handshake to Host. If the handshake is successful, this event will be followed with TLSEstablished event. If the server chooses to request a client certificate, TLSCertNeeded event will also be fired.

TLSShutdown Event (CAdESVerifier Component)

Reports the graceful closure of a TLS connection.

Syntax

type TTLSShutdownEvent = procedure (
  Sender: TObject;
  const Host: String
) of Object;

property OnTLSShutdown: TTLSShutdownEvent read FOnTLSShutdown write FOnTLSShutdown;

Remarks

This event notifies the application about the closure of an earlier established TLS connection. Note that only graceful connection closures are reported.

CAdESSignature Type

Represents an individual signature in a CAdES container.

Remarks

This type contains information about a signature found in CAdES container. It holds various information about the signature, including its coverage and validation results.

Fields

Constructors

>

constructor Create();

Creates a new empty CAdES signature object.

Certificate Type

Provides details of an individual X.509 certificate.

Remarks

This type provides access to X.509 certificate details.

Fields

Constructors

>

constructor Create();

Creates a new object with default field values.

CRL Type

Represents a Certificate Revocation List.

Remarks

CRLs store information about revoked certificates, i.e., certificates that have been identified as invalid by their issuing certificate authority (CA) for any number of reasons.

Each CRL object lists certificates from a single CA and identifies them by their serial numbers. A CA may or may not publish a CRL, may publish several CRLs, or may publish the same CRL in multiple locations.

Unlike OCSP responses, CRLs only list certificates that have been revoked. They do not list certificates that are still valid.

Fields

Constructors

>

constructor Create();

Creates an empty CRL object.

OCSPResponse Type

Represents a single OCSP response originating from an OCSP responder.

Remarks

OCSP is a protocol that allows verification of certificate status in real-time, and is an alternative to Certificate Revocation Lists (CRL).

An OCSP response is a snapshot of the certificate status at a given time.

Fields

Constructors

>

constructor Create();

Creates an empty OCSP response object.

ProxySettings Type

A container for proxy server settings.

Remarks

This type exposes a collection of properties for tuning up the proxy server configuration.

Fields

Constructors

>

constructor Create();

Creates a new ProxySettings object.

SignatureAttribute Type

Represents an attribute of a digital PKCS#7/CMS signature.

Remarks

Attributes store auxiliary information about the signed message, the signature, or the owner. Each attribute is a OID=Value pair.

Common attributes are signing time, a content type, a policy identifier, and a signature timestamp.

Fields

Constructors

>

constructor Create();

Creates a new, empty, signature attribute.

SocketSettings Type

A container for the socket settings.

Remarks

This type is a container for socket-layer parameters.

Fields

Constructors

>

constructor Create();

Creates a new SocketSettings object.

TimestampInfo Type

A container for timestamp information.

Remarks

The TimestampInfo object contains details of a third-party timestamp and the outcome of its validation.

Fields

Constructors

>

constructor Create();

Creates a new TimestampInfo object with default field values.

TLSSettings Type

A container for TLS connection settings.

Remarks

TLS (Transport Layer Security) protocol provides security for information exchanged over insecure connections such as TCP/IP.

Fields

Constructors

>

constructor Create();

Creates a new TLSSettings object.

Config Settings (CAdESVerifier Component)

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

CAdESVerifier Config Settings

Base Config Settings

Trappable Errors (CAdESVerifier Component)

CAdESVerifier Errors

	1048577   Invalid parameter value (SB_ERROR_INVALID_PARAMETER)
	1048578   Component is configured incorrectly (SB_ERROR_INVALID_SETUP)
	1048579   Operation cannot be executed in the current state (SB_ERROR_INVALID_STATE)
	1048580   Attempt to set an invalid value to a property (SB_ERROR_INVALID_VALUE)
	1048581   Certificate does not have its private key loaded (SB_ERROR_NO_PRIVATE_KEY)
	1048581   Cancelled by the user (SB_ERROR_CANCELLED_BY_USER)