DCAuth Class

Properties   Methods   Events   Config Settings   Errors  

The DCAuth class represents the private key side of the SecureBlackbox distributed cryptography protocol.

Syntax

secureblackbox.DCAuth

Remarks

The purpose of DCAuth is to sign async requests produced by SignAsyncBegin calls. For each incoming async request containing a document hash, DCAuth produces the corresponding async response containing a signature over that hash.

Protocol Overview

The distributed cryptography protocol involves two principal parties. The signing party, represented by classes such as PDFSigner, XAdESSigner, or OfficeSigner, pre-signs documents (such as PDF files), and encapsulates their hashes into what is called an async request. It then communicates the async request to the private key side, where the DCAuth class extracts the hash and signs it with a local private key. DCAuth then encapsulates the signature into an async response, which is sent back to the signing party. The signing party completes the signing operation by extracting the signature from the async response and embedding it into the pre-signed document.

The protocol supports a variety of uses. The scheme above describes the most typical of them, where the signing party is represented by a web application, and the private key side is represented by a workstation. In that particular scenario DC provides a mechanism for the web app to sign documents residing on the web server with private keys residing on the users workstations, perhaps in non-exportable form (e.g. a USB dongle). Other uses include creation of a signing server for a team of driver developers, or an automated signing gateway for outgoing official documents.

In the webapp-to-browser setting the DCAuth control would normally be used within a web server running on the users workstation. That web server would accept async requests from the web page running in the browser, use DCAuth to generate the matching async response, and feed that response back to the web page. The web page will then submit it back to the web server.

Configuring and Using DCAuth

To process an async request, you need to set up a DCAuth object first, and then call its ProcessRequest method:

• Set the KeyId and KeySecret properties so they match the credentials used by the signing party - e.g. those of PDFSigner object: DCAuth.KeyId = "mykeyid"; DCAuth.KeySecret = "mykeysecret123";

  These two properties are used to verify the integrity of the incoming async requests. Keep them safe.

• Provide the signing certificate: DCAuth.SigningCertificate = "C:\Certs\SigningCert.pfx"; DCAuth.CertPassword = "password789";

  Alternatively, use StorageId to provide a certificate residing elsewhere, such as a PKCS#11 device.

• Assign the async request to the Input property: DCAuth.Input = Request;

  Make sure to provide the request in its original XML format. Some technologies and SecureBlackbox code samples may apply additional encoding when conveying async requests from their origin to the DCAuth endpoint. Please double check that you assign the request without any encodings applied. An async request is a properly formed XML document with the root element of SecureBlackboxAsyncState.

• Call the ProcessRequest method: DCAuth.ProcessRequest;

  This method performs the actual signing of the hash. Make sure your code is prepared for potential signing errors.

• If the ProcessRequest call has succeeded, grab the async response from the Output property: Result = DCAuth.Output;

Please see the demo folder for more in-depth code examples of this class.

Property List

---

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

ClaimedSigningTime Property (DCAuth Class)

The signing time from the signer's computer.

Syntax

public String getClaimedSigningTime();


public void setClaimedSigningTime(String claimedSigningTime);

Default Value

""

Remarks

Use this property to provide the signature production time. The claimed time is not supported by a trusted source; it may be inaccurate, forfeited, or wrong, and as such is usually taken for informational purposes only by verifiers. Use timestamp servers to embed verifiable trusted timestamps. The time is in UTC.

ExternalCrypto Property (DCAuth Class)

Provides access to external signing and DC parameters.

Syntax

public ExternalCrypto getExternalCrypto();

Remarks

Use this property to tune-up remote cryptography settings. SecureBlackbox supports two independent types of external cryptography: synchronous (based on the ExternalSign event) and asynchronous (based on the DC protocol and the DCAuth signing component).

This property is read-only.

Please refer to the ExternalCrypto type for a complete list of fields.

FIPSMode Property (DCAuth Class)

Reserved.

Syntax

public boolean isFIPSMode();


public void setFIPSMode(boolean FIPSMode);

Default Value

False

Remarks

This property is reserved for future use.

Input Property (DCAuth Class)

Contains the signing request to process.

Syntax

public String getInput();


public void setInput(String input);

Default Value

""

Remarks

Assign the request you received from the counterparty to this property before calling the ProcessRequest method. Use Output to read the resulting signature response after ProcessRequest completes.

InputEncoding Property (DCAuth Class)

Specifies request encoding.

Syntax

public int getInputEncoding();


public void setInputEncoding(int inputEncoding);


Enumerated values:
  public final static int encNone = 0;
  public final static int encAuto = 1;
  public final static int encBase64 = 2;

Default Value

0

Remarks

Use this property to specify the encoding to expect the requests to be in.

KeyId Property (DCAuth Class)

Specifies the KeyID of the pre-shared authentication key.

Syntax

public String getKeyId();


public void setKeyId(String keyId);

Default Value

""

Remarks

If processing requests from a single known party, assign the Id of the key you pre-shared with them to this property, and the key itself to the KeySecret property. If you expect to receive requests from many parties with different authentication keys, use KeySecretNeeded event instead.

KeySecret Property (DCAuth Class)

The pre-shared authentication key.

Syntax

public String getKeySecret();


public void setKeySecret(String keySecret);

Default Value

""

Remarks

If processing requests from a single known party, assign the key you pre-shared with them to this property. Use KeyId property to assign the ID of that key. If you expect to receive requests from many parties with different authentication keys, use KeySecretNeeded event instead.

Output Property (DCAuth Class)

Contains the output of the request processing.

Syntax

public String getOutput();

Default Value

""

Remarks

When ProcessRequest method completes it saves the processing output to this property. The output typically contains the response to be sent back to the requestor.

This property is read-only.

OutputEncoding Property (DCAuth Class)

Specifies response encoding.

Syntax

public int getOutputEncoding();


public void setOutputEncoding(int outputEncoding);


Enumerated values:
  public final static int encNone = 0;
  public final static int encAuto = 1;
  public final static int encBase64 = 2;

Default Value

0

Remarks

Use this property to specify the encoding you want the response to be produced in.

Policies Property (DCAuth Class)

Specifies the policies to use when processing requests.

Syntax

public int getPolicies();


public void setPolicies(int policies);

Default Value

0

Remarks

This property lets you specify policies to apply blanketly to the requests. If this property does not give you enough flexibility - for example, if you need to cherry-pick requests basing on their content - please consider using the SignRequest (allows you to track individual requests) and/or ExternalSign (lets you perform the signing manually) events. This setting is a bit mask of the following flags:

This property is not available at design time.

Profile Property (DCAuth Class)

Specifies a pre-defined profile to apply when creating the signature.

Syntax

public String getProfile();


public void setProfile(String profile);

Default Value

""

Remarks

Advanced signatures come in many variants, which are often defined by parties that needs to process them or by local standards. SecureBlackbox profiles are sets of pre-defined configurations which correspond to particular signature variants. By specifying a profile, you are pre-configuring the component to make it produce the signature that matches the configuration corresponding to that profile.

Proxy Property (DCAuth Class)

The proxy server settings.

Syntax

public ProxySettings getProxy();

Remarks

Use this property to tune up the proxy server settings.

This property is read-only.

Please refer to the ProxySettings type for a complete list of fields.

SigningCertificate Property (DCAuth Class)

The certificate to be used for signing.

Syntax

public Certificate getSigningCertificate();


public void setSigningCertificate(Certificate signingCertificate);

Remarks

Use this property to specify the certificate that shall be used for signing the data. Note that this certificate should have a private key associated with it. Use SigningChain to supply the rest of the certificate chain for inclusion into the signature.

This property is not available at design time.

Please refer to the Certificate type for a complete list of fields.

SigningChain Property (DCAuth Class)

The signing certificate chain.

Syntax

public CertificateList getSigningChain();


public void setSigningChain(CertificateList signingChain);

Remarks

Use this property to provide the chain for the signing certificate. Use the SigningCertificate property, if it is available, to provide the signing certificate itself.

This property is not available at design time.

Please refer to the Certificate type for a complete list of fields.

SocketSettings Property (DCAuth Class)

Manages network connection settings.

Syntax

public SocketSettings getSocketSettings();

Remarks

Use this property to tune up network connection parameters.

This property is read-only.

Please refer to the SocketSettings type for a complete list of fields.

StorageId Property (DCAuth Class)

Specifies the signing certificate residing in an alternative location.

Syntax

public String getStorageId();


public void setStorageId(String storageId);

Default Value

""

Remarks

Use this property to specify the signing certificate contained on alternative media, such as a hardware device or in a system certificate store.

Example 1: The certificate resides on a PKCS#11 device

pkcs11://user:pin@/c:/windows/system32/pkcsdriver.dll?slot=0&readonly=1

Example 2: The certificate resides in a system store

system://localmachine@/?store=MY

You can use the following URI modifiers to provide more accurate specifiers for the needed certificate:

• cn: the common name of the certificate subject.
• keyid: the unique identifier included in subject key identifier extension of the certificate.
• keyusage: a comma-separated list of enabled (+) or disabled (-) key usages. The following usages are supported: signature, nonrepudiation, keyencipherment, dataencipherment, keyagreement, keycertsign, crlsign, encipheronly, decipheronly, serverauth, clientauth, codesigning, emailprotection, timestamping, ocspsigning, smartcardlogon, keypurposeclientauth, keypurposekdc.
• fingerprint: the fingerprint of the certificate.

Example 3: selecting the certificate with a given fingerprint:

pkcs11://user:pin@/c:/windows/system32/pkcsdriver.dll?slot=0&readonly=1&fingerprint=001122334455667788aabbccddeeff0011223344

TimestampServer Property (DCAuth Class)

The address of the timestamping server.

Syntax

public String getTimestampServer();


public void setTimestampServer(String timestampServer);

Default Value

""

Remarks

Use this property to provide the address of the Time Stamping Authority (TSA) server to be used for timestamping the signature.

SecureBlackbox supports RFC3161-compliant timestamping servers, available via HTTP or HTTPS.

If your timestamping service enforces credential-based user authentication (basic or digest), you can provide the credentials in the same URL:

http://user:password@timestamp.server.com/TsaService

For TSAs using certificate-based TLS authentication, provide the client certificate via the TLSClientChain property.

If this property is left empty, no timestamp will be added to the signature.

Starting from summer 2021 update (Vol. 2), the virtual timestamping service is supported, which allows you to intervene in the timestamping routine and provide your own handling for the TSA exchange. This may be handy if the service that you are requesting timestamps from uses a non-standard TSP protocol or requires special authentication option.

To employ the virtual service, assign an URI of the following format to this property:

virtual://localhost?hashonly=true&includecerts=true&reqpolicy=1.2.3.4.5&halg=SHA256&ignorenonce=true

Subscribe to Notification event to get notified about the virtualized timestamping event. The EventID of the timestamping event is TimestampRequest. Inside the event handler, read the base16-encoded request from the EventParam parameter and forward it to the timestamping authority. Upon receiving the response, pass it back to the component, encoded in base16, via the TimestampResponse config property:

component.Config("TimestampResponse=308208ab...");

Note that all the exchange with your custom TSA should take place within the same invocation of the Notification event.

The hashonly parameter of the virtual URI tells the component to only return the timestamp message imprint via the EventParam parameter. If set to false, EventParam will contain the complete RFC3161 timestamping request.

The includecerts parameter specifies that the requestCertificates parameter of the timestamping request should be set to true.

The reqpolicy parameter lets you specify the request policy, and the halg parameter specifies the hash algorithm to use for timestamping.

The ignorenonce parameter allows you to switch off client nonce verification to enable compatibility with TSA services that do not support nonce mirroring.

All the parameters are optional.

TLSClientChain Property (DCAuth Class)

The TLS client certificate chain.

Syntax

public CertificateList getTLSClientChain();


public void setTLSClientChain(CertificateList TLSClientChain);

Remarks

Assign a certificate chain to this property to enable TLS client authentication in the class. Note that the client's end-entity certificate should have a private key associated with it.

Use the CertificateStorage or CertificateManager components to import the certificate from a file, system store, or PKCS11 device.

This property is not available at design time.

Please refer to the Certificate type for a complete list of fields.

TLSServerChain Property (DCAuth Class)

The TLS server's certificate chain.

Syntax

public CertificateList getTLSServerChain();

Remarks

Use this property to access the certificate chain sent by the TLS server. This property is ready to read when the TLSCertValidate event is fired by the client component.

This property is read-only and not available at design time.

Please refer to the Certificate type for a complete list of fields.

TLSSettings Property (DCAuth Class)

Manages TLS layer settings.

Syntax

public TLSSettings getTLSSettings();

Remarks

Use this property to tune up the TLS layer parameters.

This property is read-only.

Please refer to the TLSSettings type for a complete list of fields.

Config Method (DCAuth Class)

Sets or retrieves a configuration setting.

Syntax

public String config(String configurationString);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

DoAction Method (DCAuth Class)

Performs an additional action.

Syntax

public String doAction(String actionID, String actionParams);

Remarks

DoAction is a generic method available in every class. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insensitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

ProcessRequest Method (DCAuth Class)

Processes the request.

Syntax

public void processRequest();

Remarks

Use this method to process the request, sign the hashes, and produce the response. This is the main method of the class. Note that a single request received from the counterparty may contain more than one signature request. This method processes them all, reporting each atomic signature request with SignRequest and SignRequestCompleted events. Before calling this method, make sure you assign the request content to Input. Upon completion, read the response (containing all the signatures) from Output property.

Reset Method (DCAuth Class)

Resets the class settings.

Syntax

public void reset();

Remarks

Reset is a generic method available in every class.

CustomParametersReceived Event (DCAuth Class)

Passes custom request parameters to the application.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void customParametersReceived(DCAuthCustomParametersReceivedEvent e) {}
  ...
}

public class DCAuthCustomParametersReceivedEvent {
  public String value;
}

Remarks

This event is only provided for backward compatibility and is not currently used.

Error Event (DCAuth Class)

Reports information about errors during request processing or signing.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void error(DCAuthErrorEvent e) {}
  ...
}

public class DCAuthErrorEvent {
  public int errorCode;
  public String description;
}

Remarks

The event is fired if an error occurs during the request processing. Use the ErrorCode and Description parameters to get the details.

ExternalSign Event (DCAuth Class)

Handles remote or external signing initiated by the SignExternal method or other source.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void externalSign(DCAuthExternalSignEvent e) {}
  ...
}

public class DCAuthExternalSignEvent {
  public String operationId;
  public String hashAlgorithm;
  public String pars;
  public String methodPars;
  public String data;
  public String signedData; //read-write
}

Remarks

Assign a handler to this event if you need to delegate a low-level signing operation to an external, remote, or custom signing engine. Depending on the settings, the handler will receive a hashed or unhashed value to be signed.

The event handler must pass the value of Data to the signer, obtain the signature, and pass it back to the class via the SignedData parameter.

OperationId provides a comment about the operation and its origin. It depends on the exact class being used, and may be empty. HashAlgorithm specifies the hash algorithm being used for the operation, and Pars contains algorithm-dependent parameters.

The class uses base16 (hex) encoding for the Data, SignedData, and Pars parameters. If your signing engine uses a different input and output encoding, you may need to decode and/or encode the data before and/or after the signing.

A sample MD5 hash encoded in base16: a0dee2a0382afbb09120ffa7ccd8a152 - lower case base16 A0DEE2A0382AFBB09120FFA7CCD8A152 - upper case base16

A sample event handler that uses the .NET RSACryptoServiceProvider class may look like the following: signer.OnExternalSign += (s, e) => { var cert = new X509Certificate2("cert.pfx", "", X509KeyStorageFlags.Exportable); var key = (RSACryptoServiceProvider)cert.PrivateKey; var dataToSign = e.Data.FromBase16String(); var signedData = key.SignHash(dataToSign, "2.16.840.1.101.3.4.2.1"); e.SignedData = signedData.ToBase16String(); };

The MethodPars parameter contains the method-specific parameters. For example, for PKCS7 requests it contains the requested parameters of the PKCS7 blob.

KeySecretNeeded Event (DCAuth Class)

Requests the key secret from the application.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void keySecretNeeded(DCAuthKeySecretNeededEvent e) {}
  ...
}

public class DCAuthKeySecretNeededEvent {
  public String keyId;
  public String keySecret; //read-write
}

Remarks

Subscribe to this event to pass the key secret (a pre-shared request authentication code) to the signing component when it is needed. The authentication combination consists of the KeyId, a non-secret unique key identifier, and the KeySecret, shared by the parties, which should be kept private. This event is an alternative for KeySecret property. Use it when you expect to process requests from requestors with different KeyIds and secrets. If you only expect to receive requests from a single requestor with a known KeyId, providing the key secret via KeyId and KeySecret properties would be an easier route.

Notification Event (DCAuth Class)

This event notifies the application about an underlying control flow event.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void notification(DCAuthNotificationEvent e) {}
  ...
}

public class DCAuthNotificationEvent {
  public String eventID;
  public String eventParam;
}

Remarks

The class fires this event to let the application know about some event, occurrence, or milestone in the class. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the class, the exact action it is performing, or the document being processed, one or both may be omitted.

This class can fire this event with the following EventID values:

ParameterReceived Event (DCAuth Class)

Passes a standard request parameter to the user code.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void parameterReceived(DCAuthParameterReceivedEvent e) {}
  ...
}

public class DCAuthParameterReceivedEvent {
  public String name;
  public String value;
}

Remarks

This event is only provided for backward compatibility and is not currently used.

SignRequest Event (DCAuth Class)

This event signifies the processing of an atomic signing request.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void signRequest(DCAuthSignRequestEvent e) {}
  ...
}

public class DCAuthSignRequestEvent {
  public int method;
  public String hashAlgorithm;
  public byte[] hash;
  public String keyID;
  public String pars;
  public String methodPars;
  public boolean allow; //read-write
}

Remarks

Subscribe to this event to be notified of every signature request processed by the DC server. Note that any one request coming from the requestor may contain multiple individual signature requests (so-called 'batching'). This event is a good mechanism to track signature requests for accountability purposes, and provide basic access control over the signing operations. The Method parameter specifies the async signing method requested by the client:

The Hash parameter contains the hash, made using HashAlgorithm, that needs to be signed. KeyID contains the key identifier of the requestor.

The Pars string contains a semicolon-separated string of the principal signature parameters. This has the same format and content that is passed to ExternalSign, if it is used. The MethodPars contains a similar parameter string, but for the specific async signing method used. For the PKCS1 method there are no defined method parameters, while the PKCS7 method supports a selection of settings that tune up the CMS blob.

Set Allow to false to stop the request from being served. Use the SignRequestCompleted event to track completion of the initiated operation.

SignRequestCompleted Event (DCAuth Class)

This event signifies completion of the processing of an atomic signing request.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void signRequestCompleted(DCAuthSignRequestCompletedEvent e) {}
  ...
}

public class DCAuthSignRequestCompletedEvent {
  public int method;
  public String hashAlgorithm;
  public byte[] hash;
  public String keyID;
  public String pars;
  public String methodPars;
  public byte[] signature;
}

Remarks

Use this event to track completion of signing request processing. The Hash parameter contains the hash that is signed, as supplied by the requestor, and the Signature parameter contains the resulting cryptographic signature. The KeyID parameter matches the parameter in SignRequest event.

TimestampRequest Event (DCAuth Class)

Fires when the class is ready to request a timestamp from an external TSA.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void timestampRequest(DCAuthTimestampRequestEvent e) {}
  ...
}

public class DCAuthTimestampRequestEvent {
  public String TSA;
  public String timestampRequest;
  public String timestampResponse; //read-write
  public boolean suppressDefault; //read-write
}

Remarks

Subscribe to this event to intercept timestamp requests. You can use it to override timestamping requests and perform them in your code.

The TSA parameter indicates the timestamping service being used. It matches the value passed to the TimestampServer property. Set the SuppressDefault parameter to false if you would like to stop the built-in TSA request from going ahead. The built-in TSA request is also not performed if the returned TimestampResponse parameter is not empty.

TLSCertNeeded Event (DCAuth Class)

Fires when a remote TLS party requests a client certificate.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void TLSCertNeeded(DCAuthTLSCertNeededEvent e) {}
  ...
}

public class DCAuthTLSCertNeededEvent {
  public String host;
  public String CANames;
}

Remarks

This event fires to notify the implementation that a remote TLS server has requested a client certificate. The Host parameter identifies the host that makes a request, and the CANames parameter (optional, according to the TLS spec) advises on the accepted issuing CAs.

Use the TLSClientChain property in response to this event to provide the requested certificate. Please make sure the client certificate includes the associated private key. Note that you may set the certificates before the connection without waiting for this event to fire.

This event is preceded by the TLSHandshake event for the given host and, if the certificate was accepted, succeeded by the TLSEstablished event.

TLSCertValidate Event (DCAuth Class)

This event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void TLSCertValidate(DCAuthTLSCertValidateEvent e) {}
  ...
}

public class DCAuthTLSCertValidateEvent {
  public String serverHost;
  public String serverIP;
  public boolean accept; //read-write
}

Remarks

This event is fired during a TLS handshake. Use the TLSServerChain property to access the certificate chain. In general, classes may contact a number of TLS endpoints during their work, depending on their configuration.

Accept is assigned in accordance with the outcome of the internal validation check performed by the class, and can be adjusted if needed.

TLSEstablished Event (DCAuth Class)

Fires when a TLS handshake with Host successfully completes.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void TLSEstablished(DCAuthTLSEstablishedEvent e) {}
  ...
}

public class DCAuthTLSEstablishedEvent {
  public String host;
  public String version;
  public String ciphersuite;
  public byte[] connectionId;
  public boolean abort; //read-write
}

Remarks

The class uses this event to notify the application about a successful completion of a TLS handshake.

The Version, Ciphersuite, and ConnectionId parameters indicate the security parameters of the new connection. Use the Abort parameter if you need to terminate the connection at this stage.

TLSHandshake Event (DCAuth Class)

Fires when a new TLS handshake is initiated, before the handshake commences.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void TLSHandshake(DCAuthTLSHandshakeEvent e) {}
  ...
}

public class DCAuthTLSHandshakeEvent {
  public String host;
  public boolean abort; //read-write
}

Remarks

The class uses this event to notify the application about the start of a new TLS handshake to Host. If the handshake is successful, this event will be followed by the TLSEstablished event. If the server chooses to request a client certificate, the TLSCertNeeded event will also be fired.

TLSShutdown Event (DCAuth Class)

Reports the graceful closure of a TLS connection.

Syntax

public class DefaultDCAuthEventListener implements DCAuthEventListener {
  ...
  public void TLSShutdown(DCAuthTLSShutdownEvent e) {}
  ...
}

public class DCAuthTLSShutdownEvent {
  public String host;
}

Remarks

This event notifies the application about the closure of an earlier established TLS connection. Note that only graceful connection closures are reported.

Certificate Type

Encapsulates an individual X.509 certificate.

Remarks

This type keeps and provides access to X.509 certificate details.

Fields

Constructors

public Certificate( bytes,  startIndex,  count,  password);

public Certificate( certBytes,  certStartIndex,  certCount,  keyBytes,  keyStartIndex,  keyCount,  password);

public Certificate( bytes,  startIndex,  count);

public Certificate( path,  password);

public Certificate( certPath,  keyPath,  password);

public Certificate( path);

public Certificate( stream);

public Certificate( stream,  password);

public Certificate( certStream,  keyStream,  password);

public Certificate();

ExternalCrypto Type

Specifies the parameters of external cryptographic calls.

Remarks

External cryptocalls are used in a Distributed Cryptography (DC) subsystem, which allows the delegation of security operations to the remote agent. For instance, it can be used to compute the signature value on the server, while retaining the client's private key locally.

Fields

Constructors

public ExternalCrypto();

ProxySettings Type

A container for proxy server settings.

Remarks

This type exposes a collection of properties for tuning up the proxy server configuration.

Fields

Constructors

public ProxySettings();

SocketSettings Type

A container for the socket settings.

Remarks

This type is a container for socket-layer parameters.

Fields

Constructors

public SocketSettings();

TLSSettings Type

A container for TLS connection settings.

Remarks

The TLS (Transport Layer Security) protocol provides security for information exchanged over insecure connections such as TCP/IP.

Fields

Constructors

public TLSSettings();

Config Settings (DCAuth Class)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

DCAuth Config Settings

Base Config Settings

Trappable Errors (DCAuth Class)