MailReader Class

Properties   Methods   Events   Config Settings   Errors  

The MailReader class implements parsing and decryption of e-mail messages.

Syntax

class secureblackbox.MailReader

Remarks

MailReader parses and decrypts e-mail messages, as well as verifies electronic signatures.

Loading a e-mail message and accessing its properties: MailReader reader = new MailReader(); reader.LoadFromFile("path\\message.eml"); Console.WriteLine($"From: {reader.Message.From}"); Console.WriteLine($"To : {reader.Message.SendTo}"); Console.WriteLine($"Subject: {reader.Message.Subject}"); Console.WriteLine($"Attachments: {reader.Message.AttachmentCount}"); Console.WriteLine("Plain text:"); Console.WriteLine(reader.Message.PlainText);

Checking a signed message and validating its signature: MailReader reader = new MailReader(); reader.LoadFromFile("path\\message.eml"); if (reader.SecurityInfo.Signed) { if (reader.SecurityInfo.SignatureValidationResult == SignatureValidities.svtValid) Console.WriteLine($"Signed by {reader.SigningCertificate.Subject} and the signature is valid"); else Console.WriteLine("Signature is NOT valid"); }

Processing an encrypted e-mail message: MailReader reader = new MailReader(); reader.OnDecryptionInfoNeeded += (s, e) => { // here you should provide a certificate for decryption; // use the provided IssuerRDN and SerialNumber/SubjectKeyID // values to find an appropriate certificate, then // assign the certificate to DecryptionCertificate property; // the certificate should include its private key }; reader.LoadFromFile("path\\message.eml");

Property List

---

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

attach_count Property

The number of records in the Attach arrays.

Syntax

def get_attach_count() -> int: ...

attach_count = property(get_attach_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• attach_content_subtype
• attach_content_type
• attach_creation_date
• attach_data
• attach_description
• attach_file_name
• attach_handle
• attach_id
• attach_modification_date
• attach_read_date
• attach_size

The array indices start at 0 and end at attach_count - 1.

This property is read-only.

attach_content_subtype Property

Contains the content subtype of the attachment.

Syntax

def get_attach_content_subtype(attach_index: int) -> str: ...

Default Value

""

Remarks

Contains the content subtype of the attachment.

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

attach_content_type Property

Contains the content type of the attachment.

Syntax

def get_attach_content_type(attach_index: int) -> str: ...

Default Value

""

Remarks

Contains the content type of the attachment.

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

attach_creation_date Property

The creation date.

Syntax

def get_attach_creation_date(attach_index: int) -> str: ...

Default Value

""

Remarks

The creation date.

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

attach_data Property

The content of the attachment.

Syntax

def get_attach_data(attach_index: int) -> bytes: ...

Remarks

The content of the attachment.

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

attach_description Property

Textual description of the attachment.

Syntax

def get_attach_description(attach_index: int) -> str: ...

Default Value

""

Remarks

Textual description of the attachment.

This property maps to the Content-Description e-mail header field. Although the field is optional, the ability to associate descriptive information with a given body is often desirable. One example is specifying the title of an image using this property.

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

attach_file_name Property

Specifies the name of the attachment file.

Syntax

def get_attach_file_name(attach_index: int) -> str: ...

Default Value

""

Remarks

Specifies the name of the attachment file.

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

attach_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_attach_handle(attach_index: int) -> int: ...

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

attach_id Property

Contains the attachment's unique identifier.

Syntax

def get_attach_id(attach_index: int) -> str: ...

Default Value

""

Remarks

Contains the attachment's unique identifier.

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

attach_modification_date Property

Specifies the date and time of the file's last modification.

Syntax

def get_attach_modification_date(attach_index: int) -> str: ...

Default Value

""

Remarks

Specifies the date and time of the file's last modification.

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

attach_read_date Property

Specifies the file's last read date.

Syntax

def get_attach_read_date(attach_index: int) -> str: ...

Default Value

""

Remarks

Specifies the file's last read date.

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

attach_size Property

The attachment's size in bytes.

Syntax

def get_attach_size(attach_index: int) -> int: ...

Default Value

0

Remarks

The attachment's size in bytes.

The attach_index parameter specifies the index of the item in the array. The size of the array is controlled by the attach_count property.

This property is read-only.

bcc_addr_count Property

The number of records in the BccAddr arrays.

Syntax

def get_bcc_addr_count() -> int: ...

bcc_addr_count = property(get_bcc_addr_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• bcc_addr_address
• bcc_addr_display_name
• bcc_addr_group_name

The array indices start at 0 and end at bcc_addr_count - 1.

This property is read-only.

bcc_addr_address Property

Contains the e-mail address in the form of john@doe.

Syntax

def get_bcc_addr_address(bcc_addr_index: int) -> str: ...

Default Value

""

Remarks

Contains the e-mail address in the form of john@doe.com.

The bcc_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the bcc_addr_count property.

This property is read-only.

bcc_addr_display_name Property

Contains the friendly name of the user of this address, such as John Doe.

Syntax

def get_bcc_addr_display_name(bcc_addr_index: int) -> str: ...

Default Value

""

Remarks

Contains the friendly name of the user of this address, such as John Doe.

The bcc_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the bcc_addr_count property.

This property is read-only.

bcc_addr_group_name Property

The name of the group this address belongs to.

Syntax

def get_bcc_addr_group_name(bcc_addr_index: int) -> str: ...

Default Value

""

Remarks

The name of the group this address belongs to.

The bcc_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the bcc_addr_count property.

This property is read-only.

blocked_cert_count Property

The number of records in the BlockedCert arrays.

Syntax

def get_blocked_cert_count() -> int: ...
def set_blocked_cert_count(value: int) -> None: ...

blocked_cert_count = property(get_blocked_cert_count, set_blocked_cert_count)

Default Value

0

Remarks

This property controls the size of the following arrays:

• blocked_cert_bytes
• blocked_cert_handle

The array indices start at 0 and end at blocked_cert_count - 1.

blocked_cert_bytes Property

Returns the raw certificate data in DER format.

Syntax

def get_blocked_cert_bytes(blocked_cert_index: int) -> bytes: ...

Remarks

Returns the raw certificate data in DER format.

The blocked_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the blocked_cert_count property.

This property is read-only.

blocked_cert_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_blocked_cert_handle(blocked_cert_index: int) -> int: ...
def set_blocked_cert_handle(blocked_cert_index: int, value: int) -> None: ...

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The blocked_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the blocked_cert_count property.

cc_addr_count Property

The number of records in the CcAddr arrays.

Syntax

def get_cc_addr_count() -> int: ...

cc_addr_count = property(get_cc_addr_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• cc_addr_address
• cc_addr_display_name
• cc_addr_group_name

The array indices start at 0 and end at cc_addr_count - 1.

This property is read-only.

cc_addr_address Property

Contains the e-mail address in the form of john@doe.

Syntax

def get_cc_addr_address(cc_addr_index: int) -> str: ...

Default Value

""

Remarks

Contains the e-mail address in the form of john@doe.com.

The cc_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the cc_addr_count property.

This property is read-only.

cc_addr_display_name Property

Contains the friendly name of the user of this address, such as John Doe.

Syntax

def get_cc_addr_display_name(cc_addr_index: int) -> str: ...

Default Value

""

Remarks

Contains the friendly name of the user of this address, such as John Doe.

The cc_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the cc_addr_count property.

This property is read-only.

cc_addr_group_name Property

The name of the group this address belongs to.

Syntax

def get_cc_addr_group_name(cc_addr_index: int) -> str: ...

Default Value

""

Remarks

The name of the group this address belongs to.

The cc_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the cc_addr_count property.

This property is read-only.

decryption_cert_bytes Property

Returns the raw certificate data in DER format.

Syntax

def get_decryption_cert_bytes() -> bytes: ...

decryption_cert_bytes = property(get_decryption_cert_bytes, None)

Remarks

Returns the raw certificate data in DER format.

This property is read-only.

decryption_cert_ca Property

Indicates whether the certificate has a CA capability.

Syntax

def get_decryption_cert_ca() -> bool: ...
def set_decryption_cert_ca(value: bool) -> None: ...

decryption_cert_ca = property(get_decryption_cert_ca, set_decryption_cert_ca)

Default Value

FALSE

Remarks

Indicates whether the certificate has a CA capability. For the certificate to be considered a CA, it must have its Basic Constraints extension set with the CA indicator enabled.

Set this property when generating a new certificate to have its Basic Constraints extension generated automatically.

decryption_cert_ca_key_id Property

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Syntax

def get_decryption_cert_ca_key_id() -> bytes: ...

decryption_cert_ca_key_id = property(get_decryption_cert_ca_key_id, None)

Remarks

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Authority Key Identifier is a certificate extension which allows identification of certificates belonging to the same issuer, but with different public keys. It is a de-facto standard to include this extension in all certificates to facilitate chain building.

This setting cannot be set when generating a certificate as it always derives from another certificate property. CertificateManager generates this setting automatically if enough information is available to it: for self-signed certificates, this value is copied from the decryption_cert_subject_key_id setting, and for lower-level certificates, from the parent certificate's subject key ID extension.

This property is read-only.

decryption_cert_cert_type Property

Returns the type of the entity contained in the Certificate object.

Syntax

def get_decryption_cert_cert_type() -> int: ...

decryption_cert_cert_type = property(get_decryption_cert_cert_type, None)

Default Value

0

Remarks

Returns the type of the entity contained in the Certificate object.

A Certificate object can contain two types of cryptographic objects: a ready-to-use X.509 certificate, or a certificate request ("an unsigned certificate"). Certificate requests can be upgraded to full certificates by signing them with a CA certificate.

Use the CertificateManager class to load or create new certificate and certificate requests objects.

This property is read-only.

decryption_cert_crl_distribution_points Property

Contains a list of locations of CRL distribution points used to check this certificate's validity.

Syntax

def get_decryption_cert_crl_distribution_points() -> str: ...
def set_decryption_cert_crl_distribution_points(value: str) -> None: ...

decryption_cert_crl_distribution_points = property(get_decryption_cert_crl_distribution_points, set_decryption_cert_crl_distribution_points)

Default Value

""

Remarks

Contains a list of locations of CRL distribution points used to check this certificate's validity. The list is taken from the respective certificate extension.

Use this property when generating a certificate to provide a list of CRL endpoints that should be made part of the new certificate.

The endpoints are provided as a list of CRLF-separated URLs. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the location separator.

decryption_cert_curve Property

Specifies the elliptic curve associated with the certificate's public key.

Syntax

def get_decryption_cert_curve() -> str: ...
def set_decryption_cert_curve(value: str) -> None: ...

decryption_cert_curve = property(get_decryption_cert_curve, set_decryption_cert_curve)

Default Value

""

Remarks

Specifies the elliptic curve associated with the certificate's public key. This setting only applies to certificates containing EC keys.

decryption_cert_fingerprint Property

Contains the fingerprint (a hash imprint) of this certificate.

Syntax

def get_decryption_cert_fingerprint() -> str: ...

decryption_cert_fingerprint = property(get_decryption_cert_fingerprint, None)

Default Value

""

Remarks

Contains the fingerprint (a hash imprint) of this certificate.

While there is no formal standard defining what a fingerprint is, a SHA1 hash of the certificate's DER-encoded body is typically used.

This property is read-only.

decryption_cert_friendly_name Property

Contains an associated alias (friendly name) of the certificate.

Syntax

def get_decryption_cert_friendly_name() -> str: ...

decryption_cert_friendly_name = property(get_decryption_cert_friendly_name, None)

Default Value

""

Remarks

Contains an associated alias (friendly name) of the certificate. The friendly name is not a property of a certificate: it is maintained by the certificate media rather than being included in its DER representation. Windows certificate stores are one example of media that does support friendly names.

This property is read-only.

decryption_cert_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_decryption_cert_handle() -> int: ...
def set_decryption_cert_handle(value: int) -> None: ...

decryption_cert_handle = property(get_decryption_cert_handle, set_decryption_cert_handle)

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

decryption_cert_hash_algorithm Property

Provides means to set the hash algorithm to be used in the subsequent operation on the certificate (such as generation or key signing).

Syntax

def get_decryption_cert_hash_algorithm() -> str: ...
def set_decryption_cert_hash_algorithm(value: str) -> None: ...

decryption_cert_hash_algorithm = property(get_decryption_cert_hash_algorithm, set_decryption_cert_hash_algorithm)

Default Value

""

Remarks

Provides means to set the hash algorithm to be used in the subsequent operation on the certificate (such as generation or key signing). It is not a property of a certificate; use decryption_cert_sig_algorithm to find out the hash algorithm that is part of the certificate signature.

decryption_cert_issuer Property

The common name of the certificate issuer (CA), typically a company name.

Syntax

def get_decryption_cert_issuer() -> str: ...

decryption_cert_issuer = property(get_decryption_cert_issuer, None)

Default Value

""

Remarks

The common name of the certificate issuer (CA), typically a company name. This is part of a larger set of credentials available via decryption_cert_issuer_rdn.

This property is read-only.

decryption_cert_issuer_rdn Property

A list of Property=Value pairs that uniquely identify the certificate issuer.

Syntax

def get_decryption_cert_issuer_rdn() -> str: ...
def set_decryption_cert_issuer_rdn(value: str) -> None: ...

decryption_cert_issuer_rdn = property(get_decryption_cert_issuer_rdn, set_decryption_cert_issuer_rdn)

Default Value

""

Remarks

A list of Property=Value pairs that uniquely identify the certificate issuer.

Example: /C=US/O=Nationwide CA/CN=Web Certification Authority

decryption_cert_key_algorithm Property

Specifies the public key algorithm of this certificate.

Syntax

def get_decryption_cert_key_algorithm() -> str: ...
def set_decryption_cert_key_algorithm(value: str) -> None: ...

decryption_cert_key_algorithm = property(get_decryption_cert_key_algorithm, set_decryption_cert_key_algorithm)

Default Value

"0"

Remarks

Specifies the public key algorithm of this certificate.

Use the decryption_cert_key_bits, decryption_cert_curve, and decryption_cert_public_key_bytes properties to get more details about the key the certificate contains.

decryption_cert_key_bits Property

Returns the length of the public key in bits.

Syntax

def get_decryption_cert_key_bits() -> int: ...

decryption_cert_key_bits = property(get_decryption_cert_key_bits, None)

Default Value

0

Remarks

Returns the length of the public key in bits.

This value indicates the length of the principal cryptographic parameter of the key, such as the length of the RSA modulus or ECDSA field. The key data returned by the decryption_cert_public_key_bytes or decryption_cert_private_key_bytes property would typically contain auxiliary values, and therefore be longer.

This property is read-only.

decryption_cert_key_fingerprint Property

Returns a SHA1 fingerprint of the public key contained in the certificate.

Syntax

def get_decryption_cert_key_fingerprint() -> str: ...

decryption_cert_key_fingerprint = property(get_decryption_cert_key_fingerprint, None)

Default Value

""

Remarks

Returns a SHA1 fingerprint of the public key contained in the certificate.

Note that the key fingerprint is different from the certificate fingerprint accessible via the decryption_cert_fingerprint property. The key fingeprint uniquely identifies the public key, and so can be the same for multiple certificates containing the same key.

This property is read-only.

decryption_cert_key_usage Property

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

Syntax

def get_decryption_cert_key_usage() -> int: ...
def set_decryption_cert_key_usage(value: int) -> None: ...

decryption_cert_key_usage = property(get_decryption_cert_key_usage, set_decryption_cert_key_usage)

Default Value

0

Remarks

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

This value is a bit mask of the following values:

Set this property before generating the certificate to propagate the key usage flags to the new certificate.

decryption_cert_key_valid Property

Returns True if the certificate's key is cryptographically valid, and False otherwise.

Syntax

def get_decryption_cert_key_valid() -> bool: ...

decryption_cert_key_valid = property(get_decryption_cert_key_valid, None)

Default Value

FALSE

Remarks

Returns True if the certificate's key is cryptographically valid, and False otherwise.

This property is read-only.

decryption_cert_ocsp_locations Property

Locations of OCSP services that can be used to check this certificate's validity in real time, as recorded by the CA.

Syntax

def get_decryption_cert_ocsp_locations() -> str: ...
def set_decryption_cert_ocsp_locations(value: str) -> None: ...

decryption_cert_ocsp_locations = property(get_decryption_cert_ocsp_locations, set_decryption_cert_ocsp_locations)

Default Value

""

Remarks

Locations of OCSP services that can be used to check this certificate's validity in real time, as recorded by the CA.

Set this property before calling the certificate manager's generate method to propagate it to the new certificate.

The OCSP locations are provided as a list of CRLF-separated URLs. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the location separator.

decryption_cert_ocsp_no_check Property

Accessor to the value of the certificate's ocsp-no-check extension.

Syntax

def get_decryption_cert_ocsp_no_check() -> bool: ...
def set_decryption_cert_ocsp_no_check(value: bool) -> None: ...

decryption_cert_ocsp_no_check = property(get_decryption_cert_ocsp_no_check, set_decryption_cert_ocsp_no_check)

Default Value

FALSE

Remarks

Accessor to the value of the certificate's ocsp-no-check extension.

decryption_cert_origin Property

Returns the location that the certificate was taken or loaded from.

Syntax

def get_decryption_cert_origin() -> int: ...

decryption_cert_origin = property(get_decryption_cert_origin, None)

Default Value

0

Remarks

Returns the location that the certificate was taken or loaded from.

This property is read-only.

decryption_cert_policy_i_ds Property

Contains identifiers (OIDs) of the applicable certificate policies.

Syntax

def get_decryption_cert_policy_i_ds() -> str: ...
def set_decryption_cert_policy_i_ds(value: str) -> None: ...

decryption_cert_policy_i_ds = property(get_decryption_cert_policy_i_ds, set_decryption_cert_policy_i_ds)

Default Value

""

Remarks

Contains identifiers (OIDs) of the applicable certificate policies.

The Certificate Policies extension identifies a sequence of policies under which the certificate has been issued, and which regulate its usage.

Set this property when generating a certificate to propagate the policies information to the new certificate.

The policies are provided as a list of CRLF-separated entries. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the policy element separator.

decryption_cert_private_key_bytes Property

Returns the certificate's private key in DER-encoded format.

Syntax

def get_decryption_cert_private_key_bytes() -> bytes: ...

decryption_cert_private_key_bytes = property(get_decryption_cert_private_key_bytes, None)

Remarks

Returns the certificate's private key in DER-encoded format. It is normal for this property to be empty if the private key is non-exportable, which, for example, is typical for certificates originating from hardware security devices.

This property is read-only.

decryption_cert_private_key_exists Property

Indicates whether the certificate has a usable private key associated with it.

Syntax

def get_decryption_cert_private_key_exists() -> bool: ...

decryption_cert_private_key_exists = property(get_decryption_cert_private_key_exists, None)

Default Value

FALSE

Remarks

Indicates whether the certificate has a usable private key associated with it. If it is set to True, the certificate can be used for private key operations, such as signing or decryption.

This property is independent from decryption_cert_private_key_bytes, and can be set to True even if the former is empty. This would imply that the private key is non-exportable, but still can be used for cryptographic operations.

This property is read-only.

decryption_cert_private_key_extractable Property

Indicates whether the private key is extractable (exportable).

Syntax

def get_decryption_cert_private_key_extractable() -> bool: ...

decryption_cert_private_key_extractable = property(get_decryption_cert_private_key_extractable, None)

Default Value

FALSE

Remarks

Indicates whether the private key is extractable (exportable).

This property is read-only.

decryption_cert_public_key_bytes Property

Contains the certificate's public key in DER format.

Syntax

def get_decryption_cert_public_key_bytes() -> bytes: ...

decryption_cert_public_key_bytes = property(get_decryption_cert_public_key_bytes, None)

Remarks

Contains the certificate's public key in DER format.

This typically would contain an ASN.1-encoded public key value. The exact format depends on the type of the public key contained in the certificate.

This property is read-only.

decryption_cert_qualified Property

Indicates whether the certificate is qualified.

Syntax

def get_decryption_cert_qualified() -> bool: ...

decryption_cert_qualified = property(get_decryption_cert_qualified, None)

Default Value

FALSE

Remarks

Indicates whether the certificate is qualified.

This property is set to True if the certificate is confirmed by a Trusted List to be qualified.

This property is read-only.

decryption_cert_qualified_statements Property

Returns a simplified qualified status of the certificate.

Syntax

def get_decryption_cert_qualified_statements() -> int: ...
def set_decryption_cert_qualified_statements(value: int) -> None: ...

decryption_cert_qualified_statements = property(get_decryption_cert_qualified_statements, set_decryption_cert_qualified_statements)

Default Value

0

Remarks

Returns a simplified qualified status of the certificate.

decryption_cert_qualifiers Property

A list of qualifiers.

Syntax

def get_decryption_cert_qualifiers() -> str: ...

decryption_cert_qualifiers = property(get_decryption_cert_qualifiers, None)

Default Value

""

Remarks

A list of qualifiers.

Contains a comma-separated list of qualifier aliases for the certificate, for example QCP-n-qscd,QCWithSSCD.

This property is read-only.

decryption_cert_self_signed Property

Indicates whether the certificate is self-signed (root) or signed by an external CA.

Syntax

def get_decryption_cert_self_signed() -> bool: ...

decryption_cert_self_signed = property(get_decryption_cert_self_signed, None)

Default Value

FALSE

Remarks

Indicates whether the certificate is self-signed (root) or signed by an external CA.

This property is read-only.

decryption_cert_serial_number Property

Returns the certificate's serial number.

Syntax

def get_decryption_cert_serial_number() -> bytes: ...
def set_decryption_cert_serial_number(value: bytes) -> None: ...

decryption_cert_serial_number = property(get_decryption_cert_serial_number, set_decryption_cert_serial_number)

Remarks

Returns the certificate's serial number.

The serial number is a binary string that uniquely identifies a certificate among others issued by the same CA. According to the X.509 standard, the (issuer, serial number) pair should be globally unique to facilitate chain building.

decryption_cert_sig_algorithm Property

Indicates the algorithm that was used by the CA to sign this certificate.

Syntax

def get_decryption_cert_sig_algorithm() -> str: ...

decryption_cert_sig_algorithm = property(get_decryption_cert_sig_algorithm, None)

Default Value

""

Remarks

Indicates the algorithm that was used by the CA to sign this certificate.

A signature algorithm typically combines hash and public key algorithms together, such as sha256WithRSAEncryption or ecdsa-with-SHA256.

This property is read-only.

decryption_cert_source Property

Returns the source (location or disposition) of a cryptographic primitive entity, such as a certificate, CRL, or OCSP response.

Syntax

def get_decryption_cert_source() -> int: ...

decryption_cert_source = property(get_decryption_cert_source, None)

Default Value

0

Remarks

Returns the source (location or disposition) of a cryptographic primitive entity, such as a certificate, CRL, or OCSP response.

This property is read-only.

decryption_cert_subject Property

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.

Syntax

def get_decryption_cert_subject() -> str: ...

decryption_cert_subject = property(get_decryption_cert_subject, None)

Default Value

""

Remarks

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. This is part of a larger set of credentials available via decryption_cert_subject_rdn.

This property is read-only.

decryption_cert_subject_alternative_name Property

Returns or sets the value of the Subject Alternative Name extension of the certificate.

Syntax

def get_decryption_cert_subject_alternative_name() -> str: ...
def set_decryption_cert_subject_alternative_name(value: str) -> None: ...

decryption_cert_subject_alternative_name = property(get_decryption_cert_subject_alternative_name, set_decryption_cert_subject_alternative_name)

Default Value

""

Remarks

Returns or sets the value of the Subject Alternative Name extension of the certificate.

Subject alternative names are used to provide additional names that are impractical to store in the main decryption_cert_subject_rdn field. For example, it is often used to store all the domain names that a TLS certificate is authorized to protect.

The alternative names are provided as a list of CRLF-separated entries. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the element separator.

decryption_cert_subject_key_id Property

Contains a unique identifier of the certificate's cryptographic key.

Syntax

def get_decryption_cert_subject_key_id() -> bytes: ...
def set_decryption_cert_subject_key_id(value: bytes) -> None: ...

decryption_cert_subject_key_id = property(get_decryption_cert_subject_key_id, set_decryption_cert_subject_key_id)

Remarks

Contains a unique identifier of the certificate's cryptographic key.

Subject Key Identifier is a certificate extension which allows a specific public key to be associated with a certificate holder. Typically, subject key identifiers of CA certificates are recorded as respective CA key identifiers in the subordinate certificates that they issue, which facilitates chain building.

The decryption_cert_subject_key_id and decryption_cert_ca_key_id properties of self-signed certificates typically contain identical values, as in that specific case, the issuer and the subject are the same entity.

decryption_cert_subject_rdn Property

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Syntax

def get_decryption_cert_subject_rdn() -> str: ...
def set_decryption_cert_subject_rdn(value: str) -> None: ...

decryption_cert_subject_rdn = property(get_decryption_cert_subject_rdn, set_decryption_cert_subject_rdn)

Default Value

""

Remarks

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Depending on the purpose of the certificate and the policies of the CA that issued it, the values included in the subject record may differ drastically and contain business or personal names, web URLs, email addresses, and other data.

Example: /C=US/O=Oranges and Apples, Inc./OU=Accounts Receivable/1.2.3.4.5=Value with unknown OID/CN=Margaret Watkins.

decryption_cert_valid Property

Indicates whether or not the signature over the certificate or the request is valid and matches the public key contained in the CA certificate/request.

Syntax

def get_decryption_cert_valid() -> bool: ...

decryption_cert_valid = property(get_decryption_cert_valid, None)

Default Value

FALSE

Remarks

Indicates whether or not the signature over the certificate or the request is valid and matches the public key contained in the CA certificate/request.

This property is read-only.

decryption_cert_valid_from Property

The time point at which the certificate becomes valid, in UTC.

Syntax

def get_decryption_cert_valid_from() -> str: ...
def set_decryption_cert_valid_from(value: str) -> None: ...

decryption_cert_valid_from = property(get_decryption_cert_valid_from, set_decryption_cert_valid_from)

Default Value

""

Remarks

The time point at which the certificate becomes valid, in UTC.

decryption_cert_valid_to Property

The time point at which the certificate expires, in UTC.

Syntax

def get_decryption_cert_valid_to() -> str: ...
def set_decryption_cert_valid_to(value: str) -> None: ...

decryption_cert_valid_to = property(get_decryption_cert_valid_to, set_decryption_cert_valid_to)

Default Value

""

Remarks

The time point at which the certificate expires, in UTC.

external_crypto_async_document_id Property

Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.

Syntax

def get_external_crypto_async_document_id() -> str: ...
def set_external_crypto_async_document_id(value: str) -> None: ...

external_crypto_async_document_id = property(get_external_crypto_async_document_id, set_external_crypto_async_document_id)

Default Value

""

Remarks

Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.

Use this property when working with multi-signature DCAuth requests and responses to uniquely identify documents signed within a larger batch. On the completion stage, this value helps the signing component identify the correct signature in the returned batch of responses.

If using batched requests, make sure to set this property to the same value on both the pre-signing (SignAsyncBegin) and completion (SignAsyncEnd) stages.

external_crypto_custom_params Property

Custom parameters to be passed to the signing service (uninterpreted).

Syntax

def get_external_crypto_custom_params() -> str: ...
def set_external_crypto_custom_params(value: str) -> None: ...

external_crypto_custom_params = property(get_external_crypto_custom_params, set_external_crypto_custom_params)

Default Value

""

Remarks

Custom parameters to be passed to the signing service (uninterpreted).

external_crypto_data Property

Additional data to be included in the async state and mirrored back by the requestor.

Syntax

def get_external_crypto_data() -> str: ...
def set_external_crypto_data(value: str) -> None: ...

external_crypto_data = property(get_external_crypto_data, set_external_crypto_data)

Default Value

""

Remarks

Additional data to be included in the async state and mirrored back by the requestor.

external_crypto_external_hash_calculation Property

Specifies whether the message hash is to be calculated at the external endpoint.

Syntax

def get_external_crypto_external_hash_calculation() -> bool: ...
def set_external_crypto_external_hash_calculation(value: bool) -> None: ...

external_crypto_external_hash_calculation = property(get_external_crypto_external_hash_calculation, set_external_crypto_external_hash_calculation)

Default Value

FALSE

Remarks

Specifies whether the message hash is to be calculated at the external endpoint. Please note that this mode is not supported by the DCAuth class.

If set to true, the class will pass a few kilobytes of to-be-signed data from the document to the OnExternalSign event. This only applies when SignExternal() is called.

external_crypto_hash_algorithm Property

Specifies the request's signature hash algorithm.

Syntax

def get_external_crypto_hash_algorithm() -> str: ...
def set_external_crypto_hash_algorithm(value: str) -> None: ...

external_crypto_hash_algorithm = property(get_external_crypto_hash_algorithm, set_external_crypto_hash_algorithm)

Default Value

"SHA256"

Remarks

Specifies the request's signature hash algorithm.

external_crypto_key_id Property

The ID of the pre-shared key used for DC request authentication.

Syntax

def get_external_crypto_key_id() -> str: ...
def set_external_crypto_key_id(value: str) -> None: ...

external_crypto_key_id = property(get_external_crypto_key_id, set_external_crypto_key_id)

Default Value

""

Remarks

The ID of the pre-shared key used for DC request authentication.

Asynchronous DCAuth-driven communication requires that parties authenticate each other with a secret pre-shared cryptographic key. This provides an extra protection layer for the protocol and diminishes the risk of the private key becoming abused by foreign parties. Use this property to provide the pre-shared key identifier, and use external_crypto_key_secret to pass the key itself.

The same KeyID/KeySecret pair should be used on the DCAuth side for the signing requests to be accepted.

Note: The KeyID/KeySecret scheme is very similar to the AuthKey scheme used in various Cloud service providers to authenticate users.

Example: signer.ExternalCrypto.KeyID = "MainSigningKey"; signer.ExternalCrypto.KeySecret = "abcdef0123456789";

external_crypto_key_secret Property

The pre-shared key used for DC request authentication.

Syntax

def get_external_crypto_key_secret() -> str: ...
def set_external_crypto_key_secret(value: str) -> None: ...

external_crypto_key_secret = property(get_external_crypto_key_secret, set_external_crypto_key_secret)

Default Value

""

Remarks

The pre-shared key used for DC request authentication. This key must be set and match the key used by the DCAuth counterpart for the scheme to work.

Read more about configuring authentication in the external_crypto_key_id topic.

external_crypto_method Property

Specifies the asynchronous signing method.

Syntax

def get_external_crypto_method() -> int: ...
def set_external_crypto_method(value: int) -> None: ...

external_crypto_method = property(get_external_crypto_method, set_external_crypto_method)

Default Value

0

Remarks

Specifies the asynchronous signing method. This is typically defined by the DC server capabilities and setup.

Available options:

external_crypto_mode Property

Specifies the external cryptography mode.

Syntax

def get_external_crypto_mode() -> int: ...
def set_external_crypto_mode(value: int) -> None: ...

external_crypto_mode = property(get_external_crypto_mode, set_external_crypto_mode)

Default Value

0

Remarks

Specifies the external cryptography mode.

Available options:

external_crypto_public_key_algorithm Property

Provide the public key algorithm here if the certificate is not available on the pre-signing stage.

Syntax

def get_external_crypto_public_key_algorithm() -> str: ...
def set_external_crypto_public_key_algorithm(value: str) -> None: ...

external_crypto_public_key_algorithm = property(get_external_crypto_public_key_algorithm, set_external_crypto_public_key_algorithm)

Default Value

""

Remarks

Provide the public key algorithm here if the certificate is not available on the pre-signing stage.

fips_mode Property

Reserved.

Syntax

def get_fips_mode() -> bool: ...
def set_fips_mode(value: bool) -> None: ...

fips_mode = property(get_fips_mode, set_fips_mode)

Default Value

FALSE

Remarks

This property is reserved for future use.

from_addr_count Property

The number of records in the FromAddr arrays.

Syntax

def get_from_addr_count() -> int: ...

from_addr_count = property(get_from_addr_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• from_addr_address
• from_addr_display_name
• from_addr_group_name

The array indices start at 0 and end at from_addr_count - 1.

This property is read-only.

from_addr_address Property

Contains the e-mail address in the form of john@doe.

Syntax

def get_from_addr_address(from_addr_index: int) -> str: ...

Default Value

""

Remarks

Contains the e-mail address in the form of john@doe.com.

The from_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the from_addr_count property.

This property is read-only.

from_addr_display_name Property

Contains the friendly name of the user of this address, such as John Doe.

Syntax

def get_from_addr_display_name(from_addr_index: int) -> str: ...

Default Value

""

Remarks

Contains the friendly name of the user of this address, such as John Doe.

The from_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the from_addr_count property.

This property is read-only.

from_addr_group_name Property

The name of the group this address belongs to.

Syntax

def get_from_addr_group_name(from_addr_index: int) -> str: ...

Default Value

""

Remarks

The name of the group this address belongs to.

The from_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the from_addr_count property.

This property is read-only.

ignore_chain_validation_errors Property

Makes the class tolerant to chain validation errors.

Syntax

def get_ignore_chain_validation_errors() -> bool: ...
def set_ignore_chain_validation_errors(value: bool) -> None: ...

ignore_chain_validation_errors = property(get_ignore_chain_validation_errors, set_ignore_chain_validation_errors)

Default Value

FALSE

Remarks

If this property is set to True, any errors emerging during certificate chain validation will be ignored. This setting may be handy if the purpose of validation is the creation of an LTV signature, and the validation is performed in an environment that doesn't trust the signer's certificate chain.

known_cert_count Property

The number of records in the KnownCert arrays.

Syntax

def get_known_cert_count() -> int: ...
def set_known_cert_count(value: int) -> None: ...

known_cert_count = property(get_known_cert_count, set_known_cert_count)

Default Value

0

Remarks

This property controls the size of the following arrays:

• known_cert_bytes
• known_cert_handle

The array indices start at 0 and end at known_cert_count - 1.

known_cert_bytes Property

Returns the raw certificate data in DER format.

Syntax

def get_known_cert_bytes(known_cert_index: int) -> bytes: ...

Remarks

Returns the raw certificate data in DER format.

The known_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the known_cert_count property.

This property is read-only.

known_cert_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_known_cert_handle(known_cert_index: int) -> int: ...
def set_known_cert_handle(known_cert_index: int, value: int) -> None: ...

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The known_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the known_cert_count property.

known_crl_count Property

The number of records in the KnownCRL arrays.

Syntax

def get_known_crl_count() -> int: ...
def set_known_crl_count(value: int) -> None: ...

known_crl_count = property(get_known_crl_count, set_known_crl_count)

Default Value

0

Remarks

This property controls the size of the following arrays:

• known_crl_bytes
• known_crl_handle

The array indices start at 0 and end at known_crl_count - 1.

known_crl_bytes Property

Returns the raw CRL data in DER format.

Syntax

def get_known_crl_bytes(known_crl_index: int) -> bytes: ...

Remarks

Returns the raw CRL data in DER format.

The known_crl_index parameter specifies the index of the item in the array. The size of the array is controlled by the known_crl_count property.

This property is read-only.

known_crl_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_known_crl_handle(known_crl_index: int) -> int: ...
def set_known_crl_handle(known_crl_index: int, value: int) -> None: ...

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The known_crl_index parameter specifies the index of the item in the array. The size of the array is controlled by the known_crl_count property.

known_ocsp_count Property

The number of records in the KnownOCSP arrays.

Syntax

def get_known_ocsp_count() -> int: ...
def set_known_ocsp_count(value: int) -> None: ...

known_ocsp_count = property(get_known_ocsp_count, set_known_ocsp_count)

Default Value

0

Remarks

This property controls the size of the following arrays:

• known_ocsp_bytes
• known_ocsp_handle

The array indices start at 0 and end at known_ocsp_count - 1.

known_ocsp_bytes Property

A buffer containing the raw OCSP response data.

Syntax

def get_known_ocsp_bytes(known_ocsp_index: int) -> bytes: ...

Remarks

A buffer containing the raw OCSP response data.

The known_ocsp_index parameter specifies the index of the item in the array. The size of the array is controlled by the known_ocsp_count property.

This property is read-only.

known_ocsp_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_known_ocsp_handle(known_ocsp_index: int) -> int: ...
def set_known_ocsp_handle(known_ocsp_index: int, value: int) -> None: ...

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The known_ocsp_index parameter specifies the index of the item in the array. The size of the array is controlled by the known_ocsp_count property.

msg_attachment_count Property

Returns the number of attachments in this message.

Syntax

def get_msg_attachment_count() -> int: ...

msg_attachment_count = property(get_msg_attachment_count, None)

Default Value

0

Remarks

Returns the number of attachments in this message.

This property is read-only.

msg_bcc Property

The contents of the BCC header property.

Syntax

def get_msg_bcc() -> str: ...
def set_msg_bcc(value: str) -> None: ...

msg_bcc = property(get_msg_bcc, set_msg_bcc)

Default Value

""

Remarks

The contents of the BCC header field.

The BCC header field contains the addresses of secondary recipients of the message whose addresses are not to be revealed to other recipients of the message. Mail servers remove the BCC header when processing the message and use its value for dispatching the message only.

msg_cc Property

The value of the CC header property.

Syntax

def get_msg_cc() -> str: ...
def set_msg_cc(value: str) -> None: ...

msg_cc = property(get_msg_cc, set_msg_cc)

Default Value

""

Remarks

The value of the CC header field.

The CC field contains the addresses of secondary recipients of the message.

msg_comments Property

Contains additional information about the message body.

Syntax

def get_msg_comments() -> str: ...
def set_msg_comments(value: str) -> None: ...

msg_comments = property(get_msg_comments, set_msg_comments)

Default Value

""

Remarks

Contains additional information about the message body.

msg_date Property

The date and time when the message entered the mail delivery system.

Syntax

def get_msg_date() -> str: ...
def set_msg_date(value: str) -> None: ...

msg_date = property(get_msg_date, set_msg_date)

Default Value

""

Remarks

The date and time when the message entered the mail delivery system.

This field contains the date and time at which the creator of the message posted the message to the mail delivery system.

The date is returned and accepted in UTC time zone.

msg_delivery_receipt Property

Enables delivery notification.

Syntax

def get_msg_delivery_receipt() -> bool: ...
def set_msg_delivery_receipt(value: bool) -> None: ...

msg_delivery_receipt = property(get_msg_delivery_receipt, set_msg_delivery_receipt)

Default Value

FALSE

Remarks

Enables delivery notification.

msg_from Property

Contains the value of the From header property.

Syntax

def get_msg_from() -> str: ...
def set_msg_from(value: str) -> None: ...

msg_from = property(get_msg_from, set_msg_from)

Default Value

""

Remarks

Contains the value of the From header field.

This field contains the address(es) of the message author(s). If the actual sender is not the author of the message, use msg_sender to specify the sender separately.

msg_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_msg_handle() -> int: ...
def set_msg_handle(value: int) -> None: ...

msg_handle = property(get_msg_handle, set_msg_handle)

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

msg_html_text Property

The HTML version of the message.

Syntax

def get_msg_html_text() -> str: ...
def set_msg_html_text(value: str) -> None: ...

msg_html_text = property(get_msg_html_text, set_msg_html_text)

Default Value

""

Remarks

The HTML version of the message.

msg_id Property

The contents of the Message-ID header property.

Syntax

def get_msg_id() -> str: ...
def set_msg_id(value: str) -> None: ...

msg_id = property(get_msg_id, set_msg_id)

Default Value

""

Remarks

The contents of the Message-ID header field.

This field contains a unique identifier that refers to a particular version of this message.

msg_in_reply_to Property

The value of the In-Reply-To header property.

Syntax

def get_msg_in_reply_to() -> str: ...
def set_msg_in_reply_to(value: str) -> None: ...

msg_in_reply_to = property(get_msg_in_reply_to, set_msg_in_reply_to)

Default Value

""

Remarks

The value of the In-Reply-To header field.

A reply message should have the "In-Reply-To:" header field which may be used to identify the message (or messages) to which the new message is a reply.

msg_keywords Property

The value of the Keywords header property.

Syntax

def get_msg_keywords() -> str: ...
def set_msg_keywords(value: str) -> None: ...

msg_keywords = property(get_msg_keywords, set_msg_keywords)

Default Value

""

Remarks

The value of the Keywords header field.

This field can be used to add some important words and phrases that might be useful for the recipient.

msg_mailer Property

The name of the software that was used to send the message.

Syntax

def get_msg_mailer() -> str: ...

msg_mailer = property(get_msg_mailer, None)

Default Value

""

Remarks

The name of the software that was used to send the message.

This property is read-only.

msg_plain_text Property

The plain text version of the message.

Syntax

def get_msg_plain_text() -> str: ...
def set_msg_plain_text(value: str) -> None: ...

msg_plain_text = property(get_msg_plain_text, set_msg_plain_text)

Default Value

""

Remarks

The plain text version of the message.

msg_priority Property

Specifies the message priority.

Syntax

def get_msg_priority() -> int: ...
def set_msg_priority(value: int) -> None: ...

msg_priority = property(get_msg_priority, set_msg_priority)

Default Value

2

Remarks

Specifies the message priority.

Available options:

msg_read_receipt Property

Enables a read notification.

Syntax

def get_msg_read_receipt() -> bool: ...
def set_msg_read_receipt(value: bool) -> None: ...

msg_read_receipt = property(get_msg_read_receipt, set_msg_read_receipt)

Default Value

FALSE

Remarks

Enables a read notification.

msg_references Property

The value of the References header property.

Syntax

def get_msg_references() -> str: ...
def set_msg_references(value: str) -> None: ...

msg_references = property(get_msg_references, set_msg_references)

Default Value

""

Remarks

The value of the References header field.

A reply message should include a "References:" header field which may be used to identify the "conversation thread". If the initial message is a reply itself, the References of the reply contain combined content of its "References:", "InReplyTo:" and "MessageID:" fields, subject to their presence in the original message.

msg_reply_to Property

The value of the Reply-To header property.

Syntax

def get_msg_reply_to() -> str: ...
def set_msg_reply_to(value: str) -> None: ...

msg_reply_to = property(get_msg_reply_to, set_msg_reply_to)

Default Value

""

Remarks

The value of the Reply-To header field.

This field contains the addresses to which the replies to this message should be sent. This field is optional. If not specified, the replies must be sent to the addresses specified in the msg_from field.

msg_return_path Property

The value of the Return-Path header property.

Syntax

def get_msg_return_path() -> str: ...
def set_msg_return_path(value: str) -> None: ...

msg_return_path = property(get_msg_return_path, set_msg_return_path)

Default Value

""

Remarks

The value of the Return-Path header field.

This field contains the address to which this message shall be returned in case of unsuccessful delivery.

msg_sender Property

The value of the Sender header property.

Syntax

def get_msg_sender() -> str: ...
def set_msg_sender(value: str) -> None: ...

msg_sender = property(get_msg_sender, set_msg_sender)

Default Value

""

Remarks

The value of the Sender header field.

This field specifies the mailbox of the agent responsible for the actual transmission of this message. If the originator of the message can be indicated by a single mailbox and both the author and the transmitter are identical, the "Sender:" field is deemed excessive and should not be used.

msg_send_to Property

The value of the To header property.

Syntax

def get_msg_send_to() -> str: ...
def set_msg_send_to(value: str) -> None: ...

msg_send_to = property(get_msg_send_to, set_msg_send_to)

Default Value

""

Remarks

The value of the To header field.

This field specifies the address(es) of the primary recipient(s) of the message.

msg_subject Property

Contains the subject property of this message.

Syntax

def get_msg_subject() -> str: ...
def set_msg_subject(value: str) -> None: ...

msg_subject = property(get_msg_subject, set_msg_subject)

Default Value

""

Remarks

Contains the subject field of this message.

offline_mode Property

Switches the class to offline mode.

Syntax

def get_offline_mode() -> bool: ...
def set_offline_mode(value: bool) -> None: ...

offline_mode = property(get_offline_mode, set_offline_mode)

Default Value

FALSE

Remarks

When working in offline mode, the class restricts itself from using any online revocation information sources, such as CRL or OCSP responders.

Offline mode may be useful if there is a need to verify the completeness of the validation information included within the signature or provided via known_certificates, known_crls, and other related properties.

header_field_count Property

The number of records in the HeaderField arrays.

Syntax

def get_header_field_count() -> int: ...

header_field_count = property(get_header_field_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• header_field_category
• header_field_format
• header_field_name
• header_field_value

The array indices start at 0 and end at header_field_count - 1.

This property is read-only.

header_field_category Property

Specifies the string category of the contained value.

Syntax

def get_header_field_category(header_field_index: int) -> str: ...

Default Value

""

Remarks

Specifies the string category of the contained value.

This property allows to check or set the category (or type) associated with the contained value. Depending on the format used to load or save the string, the category parameter may or may not be used.

For example, for ASN.1 property lists the category contains the ASN.1 tag of the contained data (OCTETSTRING, UTF8STRING, INTEGER, ...). For basic (name, value) pairs, such as HTTP headers, the category parameter is not used.

The header_field_index parameter specifies the index of the item in the array. The size of the array is controlled by the header_field_count property.

This property is read-only.

header_field_format Property

Specifies the format (encoding) of the value contained in the Value property.

Syntax

def get_header_field_format(header_field_index: int) -> int: ...

Default Value

0

Remarks

Specifies the format (encoding) of the value contained in the header_field_value property.

Use this property to check or set the format of the contained value. Remember to provide the actual value in the appropriate format that matches this setting: utils.NameValuePairs[0].Name = "key"; utils.NameValuePairs[0].Format = svfBinary; utils.NameValuePairs[0].Name = "0a1b2c3d4e5f6071";

The following formats are currently supported:

The header_field_index parameter specifies the index of the item in the array. The size of the array is controlled by the header_field_count property.

This property is read-only.

header_field_name Property

The name element in a (name, value) pair.

Syntax

def get_header_field_name(header_field_index: int) -> str: ...

Default Value

""

Remarks

The name element in a (name, value) pair.

The header_field_index parameter specifies the index of the item in the array. The size of the array is controlled by the header_field_count property.

This property is read-only.

header_field_value Property

The value element in a (name, value) pair.

Syntax

def get_header_field_value(header_field_index: int) -> str: ...

Default Value

""

Remarks

The value element in a (name, value) pair.

The header_field_index parameter specifies the index of the item in the array. The size of the array is controlled by the header_field_count property.

This property is read-only.

profile Property

Specifies a pre-defined profile to apply when creating the signature.

Syntax

def get_profile() -> str: ...
def set_profile(value: str) -> None: ...

profile = property(get_profile, set_profile)

Default Value

""

Remarks

Advanced signatures come in many variants, which are often defined by parties that needs to process them or by local standards. SecureBlackbox profiles are sets of pre-defined configurations which correspond to particular signature variants. By specifying a profile, you are pre-configuring the component to make it produce the signature that matches the configuration corresponding to that profile.

proxy_address Property

The IP address of the proxy server.

Syntax

def get_proxy_address() -> str: ...
def set_proxy_address(value: str) -> None: ...

proxy_address = property(get_proxy_address, set_proxy_address)

Default Value

""

Remarks

The IP address of the proxy server.

proxy_authentication Property

The authentication type used by the proxy server.

Syntax

def get_proxy_authentication() -> int: ...
def set_proxy_authentication(value: int) -> None: ...

proxy_authentication = property(get_proxy_authentication, set_proxy_authentication)

Default Value

0

Remarks

The authentication type used by the proxy server.

proxy_password Property

The password to authenticate to the proxy server.

Syntax

def get_proxy_password() -> str: ...
def set_proxy_password(value: str) -> None: ...

proxy_password = property(get_proxy_password, set_proxy_password)

Default Value

""

Remarks

The password to authenticate to the proxy server.

proxy_port Property

The port on the proxy server to connect to.

Syntax

def get_proxy_port() -> int: ...
def set_proxy_port(value: int) -> None: ...

proxy_port = property(get_proxy_port, set_proxy_port)

Default Value

0

Remarks

The port on the proxy server to connect to.

proxy_proxy_type Property

The type of the proxy server.

Syntax

def get_proxy_proxy_type() -> int: ...
def set_proxy_proxy_type(value: int) -> None: ...

proxy_proxy_type = property(get_proxy_proxy_type, set_proxy_proxy_type)

Default Value

0

Remarks

The type of the proxy server.

proxy_request_headers Property

Contains HTTP request headers for WebTunnel and HTTP proxy.

Syntax

def get_proxy_request_headers() -> str: ...
def set_proxy_request_headers(value: str) -> None: ...

proxy_request_headers = property(get_proxy_request_headers, set_proxy_request_headers)

Default Value

""

Remarks

Contains HTTP request headers for WebTunnel and HTTP proxy.

proxy_response_body Property

Contains the HTTP or HTTPS (WebTunnel) proxy response body.

Syntax

def get_proxy_response_body() -> str: ...
def set_proxy_response_body(value: str) -> None: ...

proxy_response_body = property(get_proxy_response_body, set_proxy_response_body)

Default Value

""

Remarks

Contains the HTTP or HTTPS (WebTunnel) proxy response body.

proxy_response_headers Property

Contains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.

Syntax

def get_proxy_response_headers() -> str: ...
def set_proxy_response_headers(value: str) -> None: ...

proxy_response_headers = property(get_proxy_response_headers, set_proxy_response_headers)

Default Value

""

Remarks

Contains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.

proxy_use_ipv6 Property

Specifies whether IPv6 should be used when connecting through the proxy.

Syntax

def get_proxy_use_ipv6() -> bool: ...
def set_proxy_use_ipv6(value: bool) -> None: ...

proxy_use_ipv6 = property(get_proxy_use_ipv6, set_proxy_use_ipv6)

Default Value

FALSE

Remarks

Specifies whether IPv6 should be used when connecting through the proxy.

proxy_username Property

Specifies the username credential for proxy authentication.

Syntax

def get_proxy_username() -> str: ...
def set_proxy_username(value: str) -> None: ...

proxy_username = property(get_proxy_username, set_proxy_username)

Default Value

""

Remarks

Specifies the username credential for proxy authentication.

reply_to_addr_count Property

The number of records in the ReplyToAddr arrays.

Syntax

def get_reply_to_addr_count() -> int: ...

reply_to_addr_count = property(get_reply_to_addr_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• reply_to_addr_address
• reply_to_addr_display_name
• reply_to_addr_group_name

The array indices start at 0 and end at reply_to_addr_count - 1.

This property is read-only.

reply_to_addr_address Property

Contains the e-mail address in the form of john@doe.

Syntax

def get_reply_to_addr_address(reply_to_addr_index: int) -> str: ...

Default Value

""

Remarks

Contains the e-mail address in the form of john@doe.com.

The reply_to_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the reply_to_addr_count property.

This property is read-only.

reply_to_addr_display_name Property

Contains the friendly name of the user of this address, such as John Doe.

Syntax

def get_reply_to_addr_display_name(reply_to_addr_index: int) -> str: ...

Default Value

""

Remarks

Contains the friendly name of the user of this address, such as John Doe.

The reply_to_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the reply_to_addr_count property.

This property is read-only.

reply_to_addr_group_name Property

The name of the group this address belongs to.

Syntax

def get_reply_to_addr_group_name(reply_to_addr_index: int) -> str: ...

Default Value

""

Remarks

The name of the group this address belongs to.

The reply_to_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the reply_to_addr_count property.

This property is read-only.

revocation_check Property

Specifies the kind(s) of revocation check to perform for all chain certificates.

Syntax

def get_revocation_check() -> int: ...
def set_revocation_check(value: int) -> None: ...

revocation_check = property(get_revocation_check, set_revocation_check)

Default Value

1

Remarks

Revocation checking is necessary to ensure the integrity of the chain and obtain up-to-date certificate validity and trustworthiness information.

Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) responses serve the same purpose of ensuring that the certificate had not been revoked by the Certificate Authority (CA) at the time of use. Depending on your circumstances and security policy requirements, you may want to use either one or both of the revocation information source types.

This setting controls the way the revocation checks are performed for every certificate in the chain. Typically certificates come with two types of revocation information sources: CRL (certificate revocation lists) and OCSP responders. CRLs are static objects periodically published by the CA at some online location. OCSP responders are active online services maintained by the CA that can provide up-to-date information on certificate statuses in near real time.

There are some conceptual differences between the two. CRLs are normally larger in size. Their use involves some latency because there is normally some delay between the time when a certificate was revoked and the time the subsequent CRL mentioning that is published. The benefits of CRL is that the same object can provide statuses for all certificates issued by a particular CA, and that the whole technology is much simpler than OCSP (and thus is supported by more CAs).

This setting lets you adjust the validation course by including or excluding certain types of revocation sources from the validation process. The crcAnyOCSPOrCRL setting (give preference to the faster OCSP route and only demand one source to succeed) is a good choice for most typical validation environments. The "crcAll*" modes are much stricter, and may be used in scenarios where bulletproof validity information is essential.

Note: If no CRL or OCSP endpoints are provided by the CA, the revocation check will be considered successful. This is because the CA chose not to supply revocation information for its certificates, meaning they are considered irrevocable.

Note: Within each of the above settings, if any retrieved CRL or OCSP response indicates that the certificate has been revoked, the revocation check fails.

sec_info_chain_validation_details Property

The details of a certificate chain validation outcome.

Syntax

def get_sec_info_chain_validation_details() -> int: ...

sec_info_chain_validation_details = property(get_sec_info_chain_validation_details, None)

Default Value

0

Remarks

The details of a certificate chain validation outcome. They may often suggest the reasons that contributed to the overall validation result.

Returns a bit mask of the following options:

This property is read-only.

sec_info_chain_validation_result Property

The outcome of a certificate chain validation routine.

Syntax

def get_sec_info_chain_validation_result() -> int: ...

sec_info_chain_validation_result = property(get_sec_info_chain_validation_result, None)

Default Value

0

Remarks

The outcome of a certificate chain validation routine.

Available options:

Use the ValidationLog property to access the detailed validation log.

This property is read-only.

sec_info_claimed_signing_time Property

Returns the signature's claimed signing time.

Syntax

def get_sec_info_claimed_signing_time() -> str: ...

sec_info_claimed_signing_time = property(get_sec_info_claimed_signing_time, None)

Default Value

""

Remarks

Returns the signature's claimed signing time.

Use this property to get the signature creation time from the signer's computer. Note that the claimed time is not covered by a trusted timestamp and may be forfeited or wrong. The time is provided in UTC.

This property is read-only.

sec_info_encrypted Property

Indicates whether the message is encrypted.

Syntax

def get_sec_info_encrypted() -> bool: ...

sec_info_encrypted = property(get_sec_info_encrypted, None)

Default Value

FALSE

Remarks

Indicates whether the message is encrypted.

This property is read-only.

sec_info_encryption_algorithm Property

Indicates the algorithm that was used to encrypt the message.

Syntax

def get_sec_info_encryption_algorithm() -> str: ...

sec_info_encryption_algorithm = property(get_sec_info_encryption_algorithm, None)

Default Value

""

Remarks

Indicates the algorithm that was used to encrypt the message.

This property is read-only.

sec_info_hash_algorithm Property

Specifies the hash algorithm that was used to calculate the signature.

Syntax

def get_sec_info_hash_algorithm() -> str: ...

sec_info_hash_algorithm = property(get_sec_info_hash_algorithm, None)

Default Value

""

Remarks

Specifies the hash algorithm that was used to calculate the signature.

This property is read-only.

sec_info_signature_validation_result Property

The outcome of the cryptographic signature validation.

Syntax

def get_sec_info_signature_validation_result() -> int: ...

sec_info_signature_validation_result = property(get_sec_info_signature_validation_result, None)

Default Value

0

Remarks

The outcome of the cryptographic signature validation.

The following signature validity values are supported:

This property is read-only.

sec_info_signed Property

Indicates whether the message is signed.

Syntax

def get_sec_info_signed() -> bool: ...

sec_info_signed = property(get_sec_info_signed, None)

Default Value

FALSE

Remarks

Indicates whether the message is signed.

This property is read-only.

sec_info_validation_log Property

Contains the signing certificate's chain validation log.

Syntax

def get_sec_info_validation_log() -> str: ...

sec_info_validation_log = property(get_sec_info_validation_log, None)

Default Value

""

Remarks

Contains the signing certificate's chain validation log. This information may be very useful in investigating chain validation failures.

This property is read-only.

sender_addr_address Property

Contains the e-mail address in the form of john@doe.

Syntax

def get_sender_addr_address() -> str: ...

sender_addr_address = property(get_sender_addr_address, None)

Default Value

""

Remarks

Contains the e-mail address in the form of john@doe.com.

This property is read-only.

sender_addr_display_name Property

Contains the friendly name of the user of this address, such as John Doe.

Syntax

def get_sender_addr_display_name() -> str: ...

sender_addr_display_name = property(get_sender_addr_display_name, None)

Default Value

""

Remarks

Contains the friendly name of the user of this address, such as John Doe.

This property is read-only.

sender_addr_group_name Property

The name of the group this address belongs to.

Syntax

def get_sender_addr_group_name() -> str: ...

sender_addr_group_name = property(get_sender_addr_group_name, None)

Default Value

""

Remarks

The name of the group this address belongs to.

This property is read-only.

send_to_addr_count Property

The number of records in the SendToAddr arrays.

Syntax

def get_send_to_addr_count() -> int: ...

send_to_addr_count = property(get_send_to_addr_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• send_to_addr_address
• send_to_addr_display_name
• send_to_addr_group_name

The array indices start at 0 and end at send_to_addr_count - 1.

This property is read-only.

send_to_addr_address Property

Contains the e-mail address in the form of john@doe.

Syntax

def get_send_to_addr_address(send_to_addr_index: int) -> str: ...

Default Value

""

Remarks

Contains the e-mail address in the form of john@doe.com.

The send_to_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the send_to_addr_count property.

This property is read-only.

send_to_addr_display_name Property

Contains the friendly name of the user of this address, such as John Doe.

Syntax

def get_send_to_addr_display_name(send_to_addr_index: int) -> str: ...

Default Value

""

Remarks

Contains the friendly name of the user of this address, such as John Doe.

The send_to_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the send_to_addr_count property.

This property is read-only.

send_to_addr_group_name Property

The name of the group this address belongs to.

Syntax

def get_send_to_addr_group_name(send_to_addr_index: int) -> str: ...

Default Value

""

Remarks

The name of the group this address belongs to.

The send_to_addr_index parameter specifies the index of the item in the array. The size of the array is controlled by the send_to_addr_count property.

This property is read-only.

signing_cert_bytes Property

Returns the raw certificate data in DER format.

Syntax

def get_signing_cert_bytes() -> bytes: ...

signing_cert_bytes = property(get_signing_cert_bytes, None)

Remarks

Returns the raw certificate data in DER format.

This property is read-only.

signing_cert_ca Property

Indicates whether the certificate has a CA capability.

Syntax

def get_signing_cert_ca() -> bool: ...

signing_cert_ca = property(get_signing_cert_ca, None)

Default Value

FALSE

Remarks

Indicates whether the certificate has a CA capability. For the certificate to be considered a CA, it must have its Basic Constraints extension set with the CA indicator enabled.

Set this property when generating a new certificate to have its Basic Constraints extension generated automatically.

This property is read-only.

signing_cert_ca_key_id Property

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Syntax

def get_signing_cert_ca_key_id() -> bytes: ...

signing_cert_ca_key_id = property(get_signing_cert_ca_key_id, None)

Remarks

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Authority Key Identifier is a certificate extension which allows identification of certificates belonging to the same issuer, but with different public keys. It is a de-facto standard to include this extension in all certificates to facilitate chain building.

This setting cannot be set when generating a certificate as it always derives from another certificate property. CertificateManager generates this setting automatically if enough information is available to it: for self-signed certificates, this value is copied from the signing_cert_subject_key_id setting, and for lower-level certificates, from the parent certificate's subject key ID extension.

This property is read-only.

signing_cert_crl_distribution_points Property

Contains a list of locations of CRL distribution points used to check this certificate's validity.

Syntax

def get_signing_cert_crl_distribution_points() -> str: ...

signing_cert_crl_distribution_points = property(get_signing_cert_crl_distribution_points, None)

Default Value

""

Remarks

Contains a list of locations of CRL distribution points used to check this certificate's validity. The list is taken from the respective certificate extension.

Use this property when generating a certificate to provide a list of CRL endpoints that should be made part of the new certificate.

The endpoints are provided as a list of CRLF-separated URLs. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the location separator.

This property is read-only.

signing_cert_curve Property

Specifies the elliptic curve associated with the certificate's public key.

Syntax

def get_signing_cert_curve() -> str: ...

signing_cert_curve = property(get_signing_cert_curve, None)

Default Value

""

Remarks

Specifies the elliptic curve associated with the certificate's public key. This setting only applies to certificates containing EC keys.

This property is read-only.

signing_cert_fingerprint Property

Contains the fingerprint (a hash imprint) of this certificate.

Syntax

def get_signing_cert_fingerprint() -> str: ...

signing_cert_fingerprint = property(get_signing_cert_fingerprint, None)

Default Value

""

Remarks

Contains the fingerprint (a hash imprint) of this certificate.

While there is no formal standard defining what a fingerprint is, a SHA1 hash of the certificate's DER-encoded body is typically used.

This property is read-only.

signing_cert_friendly_name Property

Contains an associated alias (friendly name) of the certificate.

Syntax

def get_signing_cert_friendly_name() -> str: ...

signing_cert_friendly_name = property(get_signing_cert_friendly_name, None)

Default Value

""

Remarks

Contains an associated alias (friendly name) of the certificate. The friendly name is not a property of a certificate: it is maintained by the certificate media rather than being included in its DER representation. Windows certificate stores are one example of media that does support friendly names.

This property is read-only.

signing_cert_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_signing_cert_handle() -> int: ...

signing_cert_handle = property(get_signing_cert_handle, None)

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

This property is read-only.

signing_cert_hash_algorithm Property

Provides means to set the hash algorithm to be used in the subsequent operation on the certificate (such as generation or key signing).

Syntax

def get_signing_cert_hash_algorithm() -> str: ...

signing_cert_hash_algorithm = property(get_signing_cert_hash_algorithm, None)

Default Value

""

Remarks

Provides means to set the hash algorithm to be used in the subsequent operation on the certificate (such as generation or key signing). It is not a property of a certificate; use signing_cert_sig_algorithm to find out the hash algorithm that is part of the certificate signature.

This property is read-only.

signing_cert_issuer Property

The common name of the certificate issuer (CA), typically a company name.

Syntax

def get_signing_cert_issuer() -> str: ...

signing_cert_issuer = property(get_signing_cert_issuer, None)

Default Value

""

Remarks

The common name of the certificate issuer (CA), typically a company name. This is part of a larger set of credentials available via signing_cert_issuer_rdn.

This property is read-only.

signing_cert_issuer_rdn Property

A list of Property=Value pairs that uniquely identify the certificate issuer.

Syntax

def get_signing_cert_issuer_rdn() -> str: ...

signing_cert_issuer_rdn = property(get_signing_cert_issuer_rdn, None)

Default Value

""

Remarks

A list of Property=Value pairs that uniquely identify the certificate issuer.

Example: /C=US/O=Nationwide CA/CN=Web Certification Authority

This property is read-only.

signing_cert_key_algorithm Property

Specifies the public key algorithm of this certificate.

Syntax

def get_signing_cert_key_algorithm() -> str: ...

signing_cert_key_algorithm = property(get_signing_cert_key_algorithm, None)

Default Value

"0"

Remarks

Specifies the public key algorithm of this certificate.

Use the signing_cert_key_bits, signing_cert_curve, and signing_cert_public_key_bytes properties to get more details about the key the certificate contains.

This property is read-only.

signing_cert_key_bits Property

Returns the length of the public key in bits.

Syntax

def get_signing_cert_key_bits() -> int: ...

signing_cert_key_bits = property(get_signing_cert_key_bits, None)

Default Value

0

Remarks

Returns the length of the public key in bits.

This value indicates the length of the principal cryptographic parameter of the key, such as the length of the RSA modulus or ECDSA field. The key data returned by the signing_cert_public_key_bytes or signing_cert_private_key_bytes property would typically contain auxiliary values, and therefore be longer.

This property is read-only.

signing_cert_key_fingerprint Property

Returns a SHA1 fingerprint of the public key contained in the certificate.

Syntax

def get_signing_cert_key_fingerprint() -> str: ...

signing_cert_key_fingerprint = property(get_signing_cert_key_fingerprint, None)

Default Value

""

Remarks

Returns a SHA1 fingerprint of the public key contained in the certificate.

Note that the key fingerprint is different from the certificate fingerprint accessible via the signing_cert_fingerprint property. The key fingeprint uniquely identifies the public key, and so can be the same for multiple certificates containing the same key.

This property is read-only.

signing_cert_key_usage Property

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

Syntax

def get_signing_cert_key_usage() -> int: ...

signing_cert_key_usage = property(get_signing_cert_key_usage, None)

Default Value

0

Remarks

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

This value is a bit mask of the following values:

Set this property before generating the certificate to propagate the key usage flags to the new certificate.

This property is read-only.

signing_cert_key_valid Property

Returns True if the certificate's key is cryptographically valid, and False otherwise.

Syntax

def get_signing_cert_key_valid() -> bool: ...

signing_cert_key_valid = property(get_signing_cert_key_valid, None)

Default Value

FALSE

Remarks

Returns True if the certificate's key is cryptographically valid, and False otherwise.

This property is read-only.

signing_cert_ocsp_locations Property

Locations of OCSP services that can be used to check this certificate's validity in real time, as recorded by the CA.

Syntax

def get_signing_cert_ocsp_locations() -> str: ...

signing_cert_ocsp_locations = property(get_signing_cert_ocsp_locations, None)

Default Value

""

Remarks

Locations of OCSP services that can be used to check this certificate's validity in real time, as recorded by the CA.

Set this property before calling the certificate manager's generate method to propagate it to the new certificate.

The OCSP locations are provided as a list of CRLF-separated URLs. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the location separator.

This property is read-only.

signing_cert_policy_i_ds Property

Contains identifiers (OIDs) of the applicable certificate policies.

Syntax

def get_signing_cert_policy_i_ds() -> str: ...

signing_cert_policy_i_ds = property(get_signing_cert_policy_i_ds, None)

Default Value

""

Remarks

Contains identifiers (OIDs) of the applicable certificate policies.

The Certificate Policies extension identifies a sequence of policies under which the certificate has been issued, and which regulate its usage.

Set this property when generating a certificate to propagate the policies information to the new certificate.

The policies are provided as a list of CRLF-separated entries. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the policy element separator.

This property is read-only.

signing_cert_public_key_bytes Property

Contains the certificate's public key in DER format.

Syntax

def get_signing_cert_public_key_bytes() -> bytes: ...

signing_cert_public_key_bytes = property(get_signing_cert_public_key_bytes, None)

Remarks

Contains the certificate's public key in DER format.

This typically would contain an ASN.1-encoded public key value. The exact format depends on the type of the public key contained in the certificate.

This property is read-only.

signing_cert_self_signed Property

Indicates whether the certificate is self-signed (root) or signed by an external CA.

Syntax

def get_signing_cert_self_signed() -> bool: ...

signing_cert_self_signed = property(get_signing_cert_self_signed, None)

Default Value

FALSE

Remarks

Indicates whether the certificate is self-signed (root) or signed by an external CA.

This property is read-only.

signing_cert_serial_number Property

Returns the certificate's serial number.

Syntax

def get_signing_cert_serial_number() -> bytes: ...

signing_cert_serial_number = property(get_signing_cert_serial_number, None)

Remarks

Returns the certificate's serial number.

The serial number is a binary string that uniquely identifies a certificate among others issued by the same CA. According to the X.509 standard, the (issuer, serial number) pair should be globally unique to facilitate chain building.

This property is read-only.

signing_cert_sig_algorithm Property

Indicates the algorithm that was used by the CA to sign this certificate.

Syntax

def get_signing_cert_sig_algorithm() -> str: ...

signing_cert_sig_algorithm = property(get_signing_cert_sig_algorithm, None)

Default Value

""

Remarks

Indicates the algorithm that was used by the CA to sign this certificate.

A signature algorithm typically combines hash and public key algorithms together, such as sha256WithRSAEncryption or ecdsa-with-SHA256.

This property is read-only.

signing_cert_subject Property

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.

Syntax

def get_signing_cert_subject() -> str: ...

signing_cert_subject = property(get_signing_cert_subject, None)

Default Value

""

Remarks

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. This is part of a larger set of credentials available via signing_cert_subject_rdn.

This property is read-only.

signing_cert_subject_key_id Property

Contains a unique identifier of the certificate's cryptographic key.

Syntax

def get_signing_cert_subject_key_id() -> bytes: ...

signing_cert_subject_key_id = property(get_signing_cert_subject_key_id, None)

Remarks

Contains a unique identifier of the certificate's cryptographic key.

Subject Key Identifier is a certificate extension which allows a specific public key to be associated with a certificate holder. Typically, subject key identifiers of CA certificates are recorded as respective CA key identifiers in the subordinate certificates that they issue, which facilitates chain building.

The signing_cert_subject_key_id and signing_cert_ca_key_id properties of self-signed certificates typically contain identical values, as in that specific case, the issuer and the subject are the same entity.

This property is read-only.

signing_cert_subject_rdn Property

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Syntax

def get_signing_cert_subject_rdn() -> str: ...

signing_cert_subject_rdn = property(get_signing_cert_subject_rdn, None)

Default Value

""

Remarks

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Depending on the purpose of the certificate and the policies of the CA that issued it, the values included in the subject record may differ drastically and contain business or personal names, web URLs, email addresses, and other data.

Example: /C=US/O=Oranges and Apples, Inc./OU=Accounts Receivable/1.2.3.4.5=Value with unknown OID/CN=Margaret Watkins.

This property is read-only.

signing_cert_valid_from Property

The time point at which the certificate becomes valid, in UTC.

Syntax

def get_signing_cert_valid_from() -> str: ...

signing_cert_valid_from = property(get_signing_cert_valid_from, None)

Default Value

""

Remarks

The time point at which the certificate becomes valid, in UTC.

This property is read-only.

signing_cert_valid_to Property

The time point at which the certificate expires, in UTC.

Syntax

def get_signing_cert_valid_to() -> str: ...

signing_cert_valid_to = property(get_signing_cert_valid_to, None)

Default Value

""

Remarks

The time point at which the certificate expires, in UTC.

This property is read-only.

socket_dns_mode Property

Selects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system.

Syntax

def get_socket_dns_mode() -> int: ...
def set_socket_dns_mode(value: int) -> None: ...

socket_dns_mode = property(get_socket_dns_mode, set_socket_dns_mode)

Default Value

0

Remarks

Selects the DNS resolver to use: the component's (secure) built-in one, or the one provided by the system.

socket_dns_port Property

Specifies the port number to be used for sending queries to the DNS server.

Syntax

def get_socket_dns_port() -> int: ...
def set_socket_dns_port(value: int) -> None: ...

socket_dns_port = property(get_socket_dns_port, set_socket_dns_port)

Default Value

0

Remarks

Specifies the port number to be used for sending queries to the DNS server.

socket_dns_query_timeout Property

The timeout (in milliseconds) for each DNS query.

Syntax

def get_socket_dns_query_timeout() -> int: ...
def set_socket_dns_query_timeout(value: int) -> None: ...

socket_dns_query_timeout = property(get_socket_dns_query_timeout, set_socket_dns_query_timeout)

Default Value

0

Remarks

The timeout (in milliseconds) for each DNS query. The value of 0 indicates an infinite timeout.

socket_dns_servers Property

The addresses of DNS servers to use for address resolution, separated by commas or semicolons.

Syntax

def get_socket_dns_servers() -> str: ...
def set_socket_dns_servers(value: str) -> None: ...

socket_dns_servers = property(get_socket_dns_servers, set_socket_dns_servers)

Default Value

""

Remarks

The addresses of DNS servers to use for address resolution, separated by commas or semicolons.

socket_dns_total_timeout Property

The timeout (in milliseconds) for the whole resolution process.

Syntax

def get_socket_dns_total_timeout() -> int: ...
def set_socket_dns_total_timeout(value: int) -> None: ...

socket_dns_total_timeout = property(get_socket_dns_total_timeout, set_socket_dns_total_timeout)

Default Value

0

Remarks

The timeout (in milliseconds) for the whole resolution process. The value of 0 indicates an infinite timeout.

socket_incoming_speed_limit Property

The maximum number of bytes to read from the socket, per second.

Syntax

def get_socket_incoming_speed_limit() -> int: ...
def set_socket_incoming_speed_limit(value: int) -> None: ...

socket_incoming_speed_limit = property(get_socket_incoming_speed_limit, set_socket_incoming_speed_limit)

Default Value

0

Remarks

The maximum number of bytes to read from the socket, per second.

socket_local_address Property

The local network interface to bind the socket to.

Syntax

def get_socket_local_address() -> str: ...
def set_socket_local_address(value: str) -> None: ...

socket_local_address = property(get_socket_local_address, set_socket_local_address)

Default Value

""

Remarks

The local network interface to bind the socket to.

socket_local_port Property

The local port number to bind the socket to.

Syntax

def get_socket_local_port() -> int: ...
def set_socket_local_port(value: int) -> None: ...

socket_local_port = property(get_socket_local_port, set_socket_local_port)

Default Value

0

Remarks

The local port number to bind the socket to.

socket_outgoing_speed_limit Property

The maximum number of bytes to write to the socket, per second.

Syntax

def get_socket_outgoing_speed_limit() -> int: ...
def set_socket_outgoing_speed_limit(value: int) -> None: ...

socket_outgoing_speed_limit = property(get_socket_outgoing_speed_limit, set_socket_outgoing_speed_limit)

Default Value

0

Remarks

The maximum number of bytes to write to the socket, per second.

socket_timeout Property

The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.

Syntax

def get_socket_timeout() -> int: ...
def set_socket_timeout(value: int) -> None: ...

socket_timeout = property(get_socket_timeout, set_socket_timeout)

Default Value

60000

Remarks

The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.

If Timeout is set to 0, a socket operation will expire after the system-default timeout (2 hrs 8 min for TCP stack).

socket_use_ipv6 Property

Enables or disables IP protocol version 6.

Syntax

def get_socket_use_ipv6() -> bool: ...
def set_socket_use_ipv6(value: bool) -> None: ...

socket_use_ipv6 = property(get_socket_use_ipv6, set_socket_use_ipv6)

Default Value

FALSE

Remarks

Enables or disables IP protocol version 6.

tls_auto_validate_certificates Property

Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.

Syntax

def get_tls_auto_validate_certificates() -> bool: ...
def set_tls_auto_validate_certificates(value: bool) -> None: ...

tls_auto_validate_certificates = property(get_tls_auto_validate_certificates, set_tls_auto_validate_certificates)

Default Value

TRUE

Remarks

Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.

tls_base_configuration Property

Selects the base configuration for the TLS settings.

Syntax

def get_tls_base_configuration() -> int: ...
def set_tls_base_configuration(value: int) -> None: ...

tls_base_configuration = property(get_tls_base_configuration, set_tls_base_configuration)

Default Value

0

Remarks

Selects the base configuration for the TLS settings. Several profiles are offered and tuned up for different purposes, such as high security or higher compatibility.

tls_ciphersuites Property

A list of ciphersuites separated with commas or semicolons.

Syntax

def get_tls_ciphersuites() -> str: ...
def set_tls_ciphersuites(value: str) -> None: ...

tls_ciphersuites = property(get_tls_ciphersuites, set_tls_ciphersuites)

Default Value

""

Remarks

A list of ciphersuites separated with commas or semicolons. Each ciphersuite in the list may be prefixed with a minus sign (-) to indicate that the ciphersuite should be disabled rather than enabled. Besides the specific ciphersuite modifiers, this property supports the all (and -all) aliases, allowing all ciphersuites to be blanketly enabled or disabled at once.

Note: the list of ciphersuites provided to this property alters the baseline list of ciphersuites as defined by tls_base_configuration. Remember to start your ciphersuite string with -all; if you need to only enable a specific fixed set of ciphersuites. The list of supported ciphersuites is provided below:

• NULL_NULL_NULL
• RSA_NULL_MD5
• RSA_NULL_SHA
• RSA_RC4_MD5
• RSA_RC4_SHA
• RSA_RC2_MD5
• RSA_IDEA_MD5
• RSA_IDEA_SHA
• RSA_DES_MD5
• RSA_DES_SHA
• RSA_3DES_MD5
• RSA_3DES_SHA
• RSA_AES128_SHA
• RSA_AES256_SHA
• DH_DSS_DES_SHA
• DH_DSS_3DES_SHA
• DH_DSS_AES128_SHA
• DH_DSS_AES256_SHA
• DH_RSA_DES_SHA
• DH_RSA_3DES_SHA
• DH_RSA_AES128_SHA
• DH_RSA_AES256_SHA
• DHE_DSS_DES_SHA
• DHE_DSS_3DES_SHA
• DHE_DSS_AES128_SHA
• DHE_DSS_AES256_SHA
• DHE_RSA_DES_SHA
• DHE_RSA_3DES_SHA
• DHE_RSA_AES128_SHA
• DHE_RSA_AES256_SHA
• DH_ANON_RC4_MD5
• DH_ANON_DES_SHA
• DH_ANON_3DES_SHA
• DH_ANON_AES128_SHA
• DH_ANON_AES256_SHA
• RSA_RC2_MD5_EXPORT
• RSA_RC4_MD5_EXPORT
• RSA_DES_SHA_EXPORT
• DH_DSS_DES_SHA_EXPORT
• DH_RSA_DES_SHA_EXPORT
• DHE_DSS_DES_SHA_EXPORT
• DHE_RSA_DES_SHA_EXPORT
• DH_ANON_RC4_MD5_EXPORT
• DH_ANON_DES_SHA_EXPORT
• RSA_CAMELLIA128_SHA
• DH_DSS_CAMELLIA128_SHA
• DH_RSA_CAMELLIA128_SHA
• DHE_DSS_CAMELLIA128_SHA
• DHE_RSA_CAMELLIA128_SHA
• DH_ANON_CAMELLIA128_SHA
• RSA_CAMELLIA256_SHA
• DH_DSS_CAMELLIA256_SHA
• DH_RSA_CAMELLIA256_SHA
• DHE_DSS_CAMELLIA256_SHA
• DHE_RSA_CAMELLIA256_SHA
• DH_ANON_CAMELLIA256_SHA
• PSK_RC4_SHA
• PSK_3DES_SHA
• PSK_AES128_SHA
• PSK_AES256_SHA
• DHE_PSK_RC4_SHA
• DHE_PSK_3DES_SHA
• DHE_PSK_AES128_SHA
• DHE_PSK_AES256_SHA
• RSA_PSK_RC4_SHA
• RSA_PSK_3DES_SHA
• RSA_PSK_AES128_SHA
• RSA_PSK_AES256_SHA
• RSA_SEED_SHA
• DH_DSS_SEED_SHA
• DH_RSA_SEED_SHA
• DHE_DSS_SEED_SHA
• DHE_RSA_SEED_SHA
• DH_ANON_SEED_SHA
• SRP_SHA_3DES_SHA
• SRP_SHA_RSA_3DES_SHA
• SRP_SHA_DSS_3DES_SHA
• SRP_SHA_AES128_SHA
• SRP_SHA_RSA_AES128_SHA
• SRP_SHA_DSS_AES128_SHA
• SRP_SHA_AES256_SHA
• SRP_SHA_RSA_AES256_SHA
• SRP_SHA_DSS_AES256_SHA
• ECDH_ECDSA_NULL_SHA
• ECDH_ECDSA_RC4_SHA
• ECDH_ECDSA_3DES_SHA
• ECDH_ECDSA_AES128_SHA
• ECDH_ECDSA_AES256_SHA
• ECDHE_ECDSA_NULL_SHA
• ECDHE_ECDSA_RC4_SHA
• ECDHE_ECDSA_3DES_SHA
• ECDHE_ECDSA_AES128_SHA
• ECDHE_ECDSA_AES256_SHA
• ECDH_RSA_NULL_SHA
• ECDH_RSA_RC4_SHA
• ECDH_RSA_3DES_SHA
• ECDH_RSA_AES128_SHA
• ECDH_RSA_AES256_SHA
• ECDHE_RSA_NULL_SHA
• ECDHE_RSA_RC4_SHA
• ECDHE_RSA_3DES_SHA
• ECDHE_RSA_AES128_SHA
• ECDHE_RSA_AES256_SHA
• ECDH_ANON_NULL_SHA
• ECDH_ANON_RC4_SHA
• ECDH_ANON_3DES_SHA
• ECDH_ANON_AES128_SHA
• ECDH_ANON_AES256_SHA
• RSA_NULL_SHA256
• RSA_AES128_SHA256
• RSA_AES256_SHA256
• DH_DSS_AES128_SHA256
• DH_RSA_AES128_SHA256
• DHE_DSS_AES128_SHA256
• DHE_RSA_AES128_SHA256
• DH_DSS_AES256_SHA256
• DH_RSA_AES256_SHA256
• DHE_DSS_AES256_SHA256
• DHE_RSA_AES256_SHA256
• DH_ANON_AES128_SHA256
• DH_ANON_AES256_SHA256
• RSA_AES128_GCM_SHA256
• RSA_AES256_GCM_SHA384
• DHE_RSA_AES128_GCM_SHA256
• DHE_RSA_AES256_GCM_SHA384
• DH_RSA_AES128_GCM_SHA256
• DH_RSA_AES256_GCM_SHA384
• DHE_DSS_AES128_GCM_SHA256
• DHE_DSS_AES256_GCM_SHA384
• DH_DSS_AES128_GCM_SHA256
• DH_DSS_AES256_GCM_SHA384
• DH_ANON_AES128_GCM_SHA256
• DH_ANON_AES256_GCM_SHA384
• ECDHE_ECDSA_AES128_SHA256
• ECDHE_ECDSA_AES256_SHA384
• ECDH_ECDSA_AES128_SHA256
• ECDH_ECDSA_AES256_SHA384
• ECDHE_RSA_AES128_SHA256
• ECDHE_RSA_AES256_SHA384
• ECDH_RSA_AES128_SHA256
• ECDH_RSA_AES256_SHA384
• ECDHE_ECDSA_AES128_GCM_SHA256
• ECDHE_ECDSA_AES256_GCM_SHA384
• ECDH_ECDSA_AES128_GCM_SHA256
• ECDH_ECDSA_AES256_GCM_SHA384
• ECDHE_RSA_AES128_GCM_SHA256
• ECDHE_RSA_AES256_GCM_SHA384
• ECDH_RSA_AES128_GCM_SHA256
• ECDH_RSA_AES256_GCM_SHA384
• PSK_AES128_GCM_SHA256
• PSK_AES256_GCM_SHA384
• DHE_PSK_AES128_GCM_SHA256
• DHE_PSK_AES256_GCM_SHA384
• RSA_PSK_AES128_GCM_SHA256
• RSA_PSK_AES256_GCM_SHA384
• PSK_AES128_SHA256
• PSK_AES256_SHA384
• PSK_NULL_SHA256
• PSK_NULL_SHA384
• DHE_PSK_AES128_SHA256
• DHE_PSK_AES256_SHA384
• DHE_PSK_NULL_SHA256
• DHE_PSK_NULL_SHA384
• RSA_PSK_AES128_SHA256
• RSA_PSK_AES256_SHA384
• RSA_PSK_NULL_SHA256
• RSA_PSK_NULL_SHA384
• RSA_CAMELLIA128_SHA256
• DH_DSS_CAMELLIA128_SHA256
• DH_RSA_CAMELLIA128_SHA256
• DHE_DSS_CAMELLIA128_SHA256
• DHE_RSA_CAMELLIA128_SHA256
• DH_ANON_CAMELLIA128_SHA256
• RSA_CAMELLIA256_SHA256
• DH_DSS_CAMELLIA256_SHA256
• DH_RSA_CAMELLIA256_SHA256
• DHE_DSS_CAMELLIA256_SHA256
• DHE_RSA_CAMELLIA256_SHA256
• DH_ANON_CAMELLIA256_SHA256
• ECDHE_ECDSA_CAMELLIA128_SHA256
• ECDHE_ECDSA_CAMELLIA256_SHA384
• ECDH_ECDSA_CAMELLIA128_SHA256
• ECDH_ECDSA_CAMELLIA256_SHA384
• ECDHE_RSA_CAMELLIA128_SHA256
• ECDHE_RSA_CAMELLIA256_SHA384
• ECDH_RSA_CAMELLIA128_SHA256
• ECDH_RSA_CAMELLIA256_SHA384
• RSA_CAMELLIA128_GCM_SHA256
• RSA_CAMELLIA256_GCM_SHA384
• DHE_RSA_CAMELLIA128_GCM_SHA256
• DHE_RSA_CAMELLIA256_GCM_SHA384
• DH_RSA_CAMELLIA128_GCM_SHA256
• DH_RSA_CAMELLIA256_GCM_SHA384
• DHE_DSS_CAMELLIA128_GCM_SHA256
• DHE_DSS_CAMELLIA256_GCM_SHA384
• DH_DSS_CAMELLIA128_GCM_SHA256
• DH_DSS_CAMELLIA256_GCM_SHA384
• DH_anon_CAMELLIA128_GCM_SHA256
• DH_anon_CAMELLIA256_GCM_SHA384
• ECDHE_ECDSA_CAMELLIA128_GCM_SHA256
• ECDHE_ECDSA_CAMELLIA256_GCM_SHA384
• ECDH_ECDSA_CAMELLIA128_GCM_SHA256
• ECDH_ECDSA_CAMELLIA256_GCM_SHA384
• ECDHE_RSA_CAMELLIA128_GCM_SHA256
• ECDHE_RSA_CAMELLIA256_GCM_SHA384
• ECDH_RSA_CAMELLIA128_GCM_SHA256
• ECDH_RSA_CAMELLIA256_GCM_SHA384
• PSK_CAMELLIA128_GCM_SHA256
• PSK_CAMELLIA256_GCM_SHA384
• DHE_PSK_CAMELLIA128_GCM_SHA256
• DHE_PSK_CAMELLIA256_GCM_SHA384
• RSA_PSK_CAMELLIA128_GCM_SHA256
• RSA_PSK_CAMELLIA256_GCM_SHA384
• PSK_CAMELLIA128_SHA256
• PSK_CAMELLIA256_SHA384
• DHE_PSK_CAMELLIA128_SHA256
• DHE_PSK_CAMELLIA256_SHA384
• RSA_PSK_CAMELLIA128_SHA256
• RSA_PSK_CAMELLIA256_SHA384
• ECDHE_PSK_CAMELLIA128_SHA256
• ECDHE_PSK_CAMELLIA256_SHA384
• ECDHE_PSK_RC4_SHA
• ECDHE_PSK_3DES_SHA
• ECDHE_PSK_AES128_SHA
• ECDHE_PSK_AES256_SHA
• ECDHE_PSK_AES128_SHA256
• ECDHE_PSK_AES256_SHA384
• ECDHE_PSK_NULL_SHA
• ECDHE_PSK_NULL_SHA256
• ECDHE_PSK_NULL_SHA384
• ECDHE_RSA_CHACHA20_POLY1305_SHA256
• ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
• DHE_RSA_CHACHA20_POLY1305_SHA256
• PSK_CHACHA20_POLY1305_SHA256
• ECDHE_PSK_CHACHA20_POLY1305_SHA256
• DHE_PSK_CHACHA20_POLY1305_SHA256
• RSA_PSK_CHACHA20_POLY1305_SHA256
• AES128_GCM_SHA256
• AES256_GCM_SHA384
• CHACHA20_POLY1305_SHA256
• AES128_CCM_SHA256
• AES128_CCM8_SHA256

tls_client_auth Property

Enables or disables certificate-based client authentication.

Syntax

def get_tls_client_auth() -> int: ...
def set_tls_client_auth(value: int) -> None: ...

tls_client_auth = property(get_tls_client_auth, set_tls_client_auth)

Default Value

0

Remarks

Enables or disables certificate-based client authentication.

Set this property to true to tune up the client authentication type:

tls_ec_curves Property

Defines the elliptic curves to enable.

Syntax

def get_tls_ec_curves() -> str: ...
def set_tls_ec_curves(value: str) -> None: ...

tls_ec_curves = property(get_tls_ec_curves, set_tls_ec_curves)

Default Value

""

Remarks

Defines the elliptic curves to enable.

tls_extensions Property

Provides access to TLS extensions.

Syntax

def get_tls_extensions() -> str: ...
def set_tls_extensions(value: str) -> None: ...

tls_extensions = property(get_tls_extensions, set_tls_extensions)

Default Value

""

Remarks

Provides access to TLS extensions.

tls_force_resume_if_destination_changes Property

Whether to force TLS session resumption when the destination address changes.

Syntax

def get_tls_force_resume_if_destination_changes() -> bool: ...
def set_tls_force_resume_if_destination_changes(value: bool) -> None: ...

tls_force_resume_if_destination_changes = property(get_tls_force_resume_if_destination_changes, set_tls_force_resume_if_destination_changes)

Default Value

FALSE

Remarks

Whether to force TLS session resumption when the destination address changes.

tls_pre_shared_identity Property

Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

Syntax

def get_tls_pre_shared_identity() -> str: ...
def set_tls_pre_shared_identity(value: str) -> None: ...

tls_pre_shared_identity = property(get_tls_pre_shared_identity, set_tls_pre_shared_identity)

Default Value

""

Remarks

Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

tls_pre_shared_key Property

Contains the pre-shared key for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.

Syntax

def get_tls_pre_shared_key() -> str: ...
def set_tls_pre_shared_key(value: str) -> None: ...

tls_pre_shared_key = property(get_tls_pre_shared_key, set_tls_pre_shared_key)

Default Value

""

Remarks

Contains the pre-shared key for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.

tls_pre_shared_key_ciphersuite Property

Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.

Syntax

def get_tls_pre_shared_key_ciphersuite() -> str: ...
def set_tls_pre_shared_key_ciphersuite(value: str) -> None: ...

tls_pre_shared_key_ciphersuite = property(get_tls_pre_shared_key_ciphersuite, set_tls_pre_shared_key_ciphersuite)

Default Value

""

Remarks

Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.

tls_renegotiation_attack_prevention_mode Property

Selects the renegotiation attack prevention mechanism.

Syntax

def get_tls_renegotiation_attack_prevention_mode() -> int: ...
def set_tls_renegotiation_attack_prevention_mode(value: int) -> None: ...

tls_renegotiation_attack_prevention_mode = property(get_tls_renegotiation_attack_prevention_mode, set_tls_renegotiation_attack_prevention_mode)

Default Value

2

Remarks

Selects the renegotiation attack prevention mechanism.

The following options are available:

tls_revocation_check Property

Specifies the kind(s) of revocation check to perform.

Syntax

def get_tls_revocation_check() -> int: ...
def set_tls_revocation_check(value: int) -> None: ...

tls_revocation_check = property(get_tls_revocation_check, set_tls_revocation_check)

Default Value

1

Remarks

Specifies the kind(s) of revocation check to perform.

Revocation checking is necessary to ensure the integrity of the chain and obtain up-to-date certificate validity and trustworthiness information.

This setting controls the way the revocation checks are performed for every certificate in the chain. Typically certificates come with two types of revocation information sources: CRL (certificate revocation lists) and OCSP responders. CRLs are static objects periodically published by the CA at some online location. OCSP responders are active online services maintained by the CA that can provide up-to-date information on certificate statuses in near real time.

There are some conceptual differences between the two. CRLs are normally larger in size. Their use involves some latency because there is normally some delay between the time when a certificate was revoked and the time the subsequent CRL mentioning that is published. The benefits of CRL is that the same object can provide statuses for all certificates issued by a particular CA, and that the whole technology is much simpler than OCSP (and thus is supported by more CAs).

This setting lets you adjust the validation course by including or excluding certain types of revocation sources from the validation process. The crcAnyOCSPOrCRL setting (give preference to the faster OCSP route and only demand one source to succeed) is a good choice for most typical validation environments. The "crcAll*" modes are much stricter, and may be used in scenarios where bulletproof validity information is essential.

Note: If no CRL or OCSP endpoints are provided by the CA, the revocation check will be considered successful. This is because the CA chose not to supply revocation information for its certificates, meaning they are considered irrevocable.

Note: Within each of the above settings, if any retrieved CRL or OCSP response indicates that the certificate has been revoked, the revocation check fails.

tls_ssl_options Property

Various SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.

Syntax

def get_tls_ssl_options() -> int: ...
def set_tls_ssl_options(value: int) -> None: ...

tls_ssl_options = property(get_tls_ssl_options, set_tls_ssl_options)

Default Value

16

Remarks

Various SSL (TLS) protocol options, set of

tls_tls_mode Property

Specifies the TLS mode to use.

Syntax

def get_tls_tls_mode() -> int: ...
def set_tls_tls_mode(value: int) -> None: ...

tls_tls_mode = property(get_tls_tls_mode, set_tls_tls_mode)

Default Value

0

Remarks

Specifies the TLS mode to use.

tls_use_extended_master_secret Property

Enables the Extended Master Secret Extension, as defined in RFC 7627.

Syntax

def get_tls_use_extended_master_secret() -> bool: ...
def set_tls_use_extended_master_secret(value: bool) -> None: ...

tls_use_extended_master_secret = property(get_tls_use_extended_master_secret, set_tls_use_extended_master_secret)

Default Value

FALSE

Remarks

Enables the Extended Master Secret Extension, as defined in RFC 7627.

tls_use_session_resumption Property

Enables or disables the TLS session resumption capability.

Syntax

def get_tls_use_session_resumption() -> bool: ...
def set_tls_use_session_resumption(value: bool) -> None: ...

tls_use_session_resumption = property(get_tls_use_session_resumption, set_tls_use_session_resumption)

Default Value

FALSE

Remarks

Enables or disables the TLS session resumption capability.

tls_versions Property

The SSL/TLS versions to enable by default.

Syntax

def get_tls_versions() -> int: ...
def set_tls_versions(value: int) -> None: ...

tls_versions = property(get_tls_versions, set_tls_versions)

Default Value

16

Remarks

The SSL/TLS versions to enable by default.

trusted_cert_count Property

The number of records in the TrustedCert arrays.

Syntax

def get_trusted_cert_count() -> int: ...
def set_trusted_cert_count(value: int) -> None: ...

trusted_cert_count = property(get_trusted_cert_count, set_trusted_cert_count)

Default Value

0

Remarks

This property controls the size of the following arrays:

• trusted_cert_bytes
• trusted_cert_handle

The array indices start at 0 and end at trusted_cert_count - 1.

trusted_cert_bytes Property

Returns the raw certificate data in DER format.

Syntax

def get_trusted_cert_bytes(trusted_cert_index: int) -> bytes: ...

Remarks

Returns the raw certificate data in DER format.

The trusted_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the trusted_cert_count property.

This property is read-only.

trusted_cert_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_trusted_cert_handle(trusted_cert_index: int) -> int: ...
def set_trusted_cert_handle(trusted_cert_index: int, value: int) -> None: ...

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The trusted_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the trusted_cert_count property.

used_cert_count Property

The number of records in the UsedCert arrays.

Syntax

def get_used_cert_count() -> int: ...

used_cert_count = property(get_used_cert_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• used_cert_bytes
• used_cert_ca
• used_cert_ca_key_id
• used_cert_cert_type
• used_cert_crl_distribution_points
• used_cert_curve
• used_cert_fingerprint
• used_cert_friendly_name
• used_cert_handle
• used_cert_hash_algorithm
• used_cert_issuer
• used_cert_issuer_rdn
• used_cert_key_algorithm
• used_cert_key_bits
• used_cert_key_fingerprint
• used_cert_key_usage
• used_cert_key_valid
• used_cert_ocsp_locations
• used_cert_ocsp_no_check
• used_cert_origin
• used_cert_policy_i_ds
• used_cert_private_key_bytes
• used_cert_private_key_exists
• used_cert_private_key_extractable
• used_cert_public_key_bytes
• used_cert_qualified
• used_cert_qualified_statements
• used_cert_qualifiers
• used_cert_self_signed
• used_cert_serial_number
• used_cert_sig_algorithm
• used_cert_source
• used_cert_subject
• used_cert_subject_alternative_name
• used_cert_subject_key_id
• used_cert_subject_rdn
• used_cert_valid
• used_cert_valid_from
• used_cert_valid_to

The array indices start at 0 and end at used_cert_count - 1.

This property is read-only.

used_cert_bytes Property

Returns the raw certificate data in DER format.

Syntax

def get_used_cert_bytes(used_cert_index: int) -> bytes: ...

Remarks

Returns the raw certificate data in DER format.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_ca Property

Indicates whether the certificate has a CA capability.

Syntax

def get_used_cert_ca(used_cert_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether the certificate has a CA capability. For the certificate to be considered a CA, it must have its Basic Constraints extension set with the CA indicator enabled.

Set this property when generating a new certificate to have its Basic Constraints extension generated automatically.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_ca_key_id Property

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Syntax

def get_used_cert_ca_key_id(used_cert_index: int) -> bytes: ...

Remarks

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Authority Key Identifier is a certificate extension which allows identification of certificates belonging to the same issuer, but with different public keys. It is a de-facto standard to include this extension in all certificates to facilitate chain building.

This setting cannot be set when generating a certificate as it always derives from another certificate property. CertificateManager generates this setting automatically if enough information is available to it: for self-signed certificates, this value is copied from the used_cert_subject_key_id setting, and for lower-level certificates, from the parent certificate's subject key ID extension.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_cert_type Property

Returns the type of the entity contained in the Certificate object.

Syntax

def get_used_cert_cert_type(used_cert_index: int) -> int: ...

Default Value

0

Remarks

Returns the type of the entity contained in the Certificate object.

A Certificate object can contain two types of cryptographic objects: a ready-to-use X.509 certificate, or a certificate request ("an unsigned certificate"). Certificate requests can be upgraded to full certificates by signing them with a CA certificate.

Use the CertificateManager class to load or create new certificate and certificate requests objects.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_crl_distribution_points Property

Contains a list of locations of CRL distribution points used to check this certificate's validity.

Syntax

def get_used_cert_crl_distribution_points(used_cert_index: int) -> str: ...

Default Value

""

Remarks

Contains a list of locations of CRL distribution points used to check this certificate's validity. The list is taken from the respective certificate extension.

Use this property when generating a certificate to provide a list of CRL endpoints that should be made part of the new certificate.

The endpoints are provided as a list of CRLF-separated URLs. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the location separator.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_curve Property

Specifies the elliptic curve associated with the certificate's public key.

Syntax

def get_used_cert_curve(used_cert_index: int) -> str: ...

Default Value

""

Remarks

Specifies the elliptic curve associated with the certificate's public key. This setting only applies to certificates containing EC keys.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_fingerprint Property

Contains the fingerprint (a hash imprint) of this certificate.

Syntax

def get_used_cert_fingerprint(used_cert_index: int) -> str: ...

Default Value

""

Remarks

Contains the fingerprint (a hash imprint) of this certificate.

While there is no formal standard defining what a fingerprint is, a SHA1 hash of the certificate's DER-encoded body is typically used.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_friendly_name Property

Contains an associated alias (friendly name) of the certificate.

Syntax

def get_used_cert_friendly_name(used_cert_index: int) -> str: ...

Default Value

""

Remarks

Contains an associated alias (friendly name) of the certificate. The friendly name is not a property of a certificate: it is maintained by the certificate media rather than being included in its DER representation. Windows certificate stores are one example of media that does support friendly names.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_used_cert_handle(used_cert_index: int) -> int: ...

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_hash_algorithm Property

Provides means to set the hash algorithm to be used in the subsequent operation on the certificate (such as generation or key signing).

Syntax

def get_used_cert_hash_algorithm(used_cert_index: int) -> str: ...

Default Value

""

Remarks

Provides means to set the hash algorithm to be used in the subsequent operation on the certificate (such as generation or key signing). It is not a property of a certificate; use used_cert_sig_algorithm to find out the hash algorithm that is part of the certificate signature.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_issuer Property

The common name of the certificate issuer (CA), typically a company name.

Syntax

def get_used_cert_issuer(used_cert_index: int) -> str: ...

Default Value

""

Remarks

The common name of the certificate issuer (CA), typically a company name. This is part of a larger set of credentials available via used_cert_issuer_rdn.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_issuer_rdn Property

A list of Property=Value pairs that uniquely identify the certificate issuer.

Syntax

def get_used_cert_issuer_rdn(used_cert_index: int) -> str: ...

Default Value

""

Remarks

A list of Property=Value pairs that uniquely identify the certificate issuer.

Example: /C=US/O=Nationwide CA/CN=Web Certification Authority

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_key_algorithm Property

Specifies the public key algorithm of this certificate.

Syntax

def get_used_cert_key_algorithm(used_cert_index: int) -> str: ...

Default Value

"0"

Remarks

Specifies the public key algorithm of this certificate.

Use the used_cert_key_bits, used_cert_curve, and used_cert_public_key_bytes properties to get more details about the key the certificate contains.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_key_bits Property

Returns the length of the public key in bits.

Syntax

def get_used_cert_key_bits(used_cert_index: int) -> int: ...

Default Value

0

Remarks

Returns the length of the public key in bits.

This value indicates the length of the principal cryptographic parameter of the key, such as the length of the RSA modulus or ECDSA field. The key data returned by the used_cert_public_key_bytes or used_cert_private_key_bytes property would typically contain auxiliary values, and therefore be longer.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_key_fingerprint Property

Returns a SHA1 fingerprint of the public key contained in the certificate.

Syntax

def get_used_cert_key_fingerprint(used_cert_index: int) -> str: ...

Default Value

""

Remarks

Returns a SHA1 fingerprint of the public key contained in the certificate.

Note that the key fingerprint is different from the certificate fingerprint accessible via the used_cert_fingerprint property. The key fingeprint uniquely identifies the public key, and so can be the same for multiple certificates containing the same key.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_key_usage Property

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

Syntax

def get_used_cert_key_usage(used_cert_index: int) -> int: ...

Default Value

0

Remarks

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

This value is a bit mask of the following values:

Set this property before generating the certificate to propagate the key usage flags to the new certificate.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_key_valid Property

Returns True if the certificate's key is cryptographically valid, and False otherwise.

Syntax

def get_used_cert_key_valid(used_cert_index: int) -> bool: ...

Default Value

FALSE

Remarks

Returns True if the certificate's key is cryptographically valid, and False otherwise.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_ocsp_locations Property

Locations of OCSP services that can be used to check this certificate's validity in real time, as recorded by the CA.

Syntax

def get_used_cert_ocsp_locations(used_cert_index: int) -> str: ...

Default Value

""

Remarks

Locations of OCSP services that can be used to check this certificate's validity in real time, as recorded by the CA.

Set this property before calling the certificate manager's generate method to propagate it to the new certificate.

The OCSP locations are provided as a list of CRLF-separated URLs. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the location separator.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_ocsp_no_check Property

Accessor to the value of the certificate's ocsp-no-check extension.

Syntax

def get_used_cert_ocsp_no_check(used_cert_index: int) -> bool: ...

Default Value

FALSE

Remarks

Accessor to the value of the certificate's ocsp-no-check extension.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_origin Property

Returns the location that the certificate was taken or loaded from.

Syntax

def get_used_cert_origin(used_cert_index: int) -> int: ...

Default Value

0

Remarks

Returns the location that the certificate was taken or loaded from.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_policy_i_ds Property

Contains identifiers (OIDs) of the applicable certificate policies.

Syntax

def get_used_cert_policy_i_ds(used_cert_index: int) -> str: ...

Default Value

""

Remarks

Contains identifiers (OIDs) of the applicable certificate policies.

The Certificate Policies extension identifies a sequence of policies under which the certificate has been issued, and which regulate its usage.

Set this property when generating a certificate to propagate the policies information to the new certificate.

The policies are provided as a list of CRLF-separated entries. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the policy element separator.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_private_key_bytes Property

Returns the certificate's private key in DER-encoded format.

Syntax

def get_used_cert_private_key_bytes(used_cert_index: int) -> bytes: ...

Remarks

Returns the certificate's private key in DER-encoded format. It is normal for this property to be empty if the private key is non-exportable, which, for example, is typical for certificates originating from hardware security devices.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_private_key_exists Property

Indicates whether the certificate has a usable private key associated with it.

Syntax

def get_used_cert_private_key_exists(used_cert_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether the certificate has a usable private key associated with it. If it is set to True, the certificate can be used for private key operations, such as signing or decryption.

This property is independent from used_cert_private_key_bytes, and can be set to True even if the former is empty. This would imply that the private key is non-exportable, but still can be used for cryptographic operations.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_private_key_extractable Property

Indicates whether the private key is extractable (exportable).

Syntax

def get_used_cert_private_key_extractable(used_cert_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether the private key is extractable (exportable).

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_public_key_bytes Property

Contains the certificate's public key in DER format.

Syntax

def get_used_cert_public_key_bytes(used_cert_index: int) -> bytes: ...

Remarks

Contains the certificate's public key in DER format.

This typically would contain an ASN.1-encoded public key value. The exact format depends on the type of the public key contained in the certificate.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_qualified Property

Indicates whether the certificate is qualified.

Syntax

def get_used_cert_qualified(used_cert_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether the certificate is qualified.

This property is set to True if the certificate is confirmed by a Trusted List to be qualified.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_qualified_statements Property

Returns a simplified qualified status of the certificate.

Syntax

def get_used_cert_qualified_statements(used_cert_index: int) -> int: ...

Default Value

0

Remarks

Returns a simplified qualified status of the certificate.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_qualifiers Property

A list of qualifiers.

Syntax

def get_used_cert_qualifiers(used_cert_index: int) -> str: ...

Default Value

""

Remarks

A list of qualifiers.

Contains a comma-separated list of qualifier aliases for the certificate, for example QCP-n-qscd,QCWithSSCD.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_self_signed Property

Indicates whether the certificate is self-signed (root) or signed by an external CA.

Syntax

def get_used_cert_self_signed(used_cert_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether the certificate is self-signed (root) or signed by an external CA.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_serial_number Property

Returns the certificate's serial number.

Syntax

def get_used_cert_serial_number(used_cert_index: int) -> bytes: ...

Remarks

Returns the certificate's serial number.

The serial number is a binary string that uniquely identifies a certificate among others issued by the same CA. According to the X.509 standard, the (issuer, serial number) pair should be globally unique to facilitate chain building.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_sig_algorithm Property

Indicates the algorithm that was used by the CA to sign this certificate.

Syntax

def get_used_cert_sig_algorithm(used_cert_index: int) -> str: ...

Default Value

""

Remarks

Indicates the algorithm that was used by the CA to sign this certificate.

A signature algorithm typically combines hash and public key algorithms together, such as sha256WithRSAEncryption or ecdsa-with-SHA256.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_source Property

Returns the source (location or disposition) of a cryptographic primitive entity, such as a certificate, CRL, or OCSP response.

Syntax

def get_used_cert_source(used_cert_index: int) -> int: ...

Default Value

0

Remarks

Returns the source (location or disposition) of a cryptographic primitive entity, such as a certificate, CRL, or OCSP response.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_subject Property

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.

Syntax

def get_used_cert_subject(used_cert_index: int) -> str: ...

Default Value

""

Remarks

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. This is part of a larger set of credentials available via used_cert_subject_rdn.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_subject_alternative_name Property

Returns or sets the value of the Subject Alternative Name extension of the certificate.

Syntax

def get_used_cert_subject_alternative_name(used_cert_index: int) -> str: ...

Default Value

""

Remarks

Returns or sets the value of the Subject Alternative Name extension of the certificate.

Subject alternative names are used to provide additional names that are impractical to store in the main used_cert_subject_rdn field. For example, it is often used to store all the domain names that a TLS certificate is authorized to protect.

The alternative names are provided as a list of CRLF-separated entries. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the element separator.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_subject_key_id Property

Contains a unique identifier of the certificate's cryptographic key.

Syntax

def get_used_cert_subject_key_id(used_cert_index: int) -> bytes: ...

Remarks

Contains a unique identifier of the certificate's cryptographic key.

Subject Key Identifier is a certificate extension which allows a specific public key to be associated with a certificate holder. Typically, subject key identifiers of CA certificates are recorded as respective CA key identifiers in the subordinate certificates that they issue, which facilitates chain building.

The used_cert_subject_key_id and used_cert_ca_key_id properties of self-signed certificates typically contain identical values, as in that specific case, the issuer and the subject are the same entity.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_subject_rdn Property

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Syntax

def get_used_cert_subject_rdn(used_cert_index: int) -> str: ...

Default Value

""

Remarks

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Depending on the purpose of the certificate and the policies of the CA that issued it, the values included in the subject record may differ drastically and contain business or personal names, web URLs, email addresses, and other data.

Example: /C=US/O=Oranges and Apples, Inc./OU=Accounts Receivable/1.2.3.4.5=Value with unknown OID/CN=Margaret Watkins.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_valid Property

Indicates whether or not the signature over the certificate or the request is valid and matches the public key contained in the CA certificate/request.

Syntax

def get_used_cert_valid(used_cert_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether or not the signature over the certificate or the request is valid and matches the public key contained in the CA certificate/request.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_valid_from Property

The time point at which the certificate becomes valid, in UTC.

Syntax

def get_used_cert_valid_from(used_cert_index: int) -> str: ...

Default Value

""

Remarks

The time point at which the certificate becomes valid, in UTC.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

used_cert_valid_to Property

The time point at which the certificate expires, in UTC.

Syntax

def get_used_cert_valid_to(used_cert_index: int) -> str: ...

Default Value

""

Remarks

The time point at which the certificate expires, in UTC.

The used_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the used_cert_count property.

This property is read-only.

validation_moment Property

The time point at which signature validity is to be established.

Syntax

def get_validation_moment() -> str: ...
def set_validation_moment(value: str) -> None: ...

validation_moment = property(get_validation_moment, set_validation_moment)

Default Value

""

Remarks

Use this property to specify the moment in time at which signature validity should be established. The time is in UTC. Leave the setting empty to stick to the default moment (either the signature creation time or the current time).

The validity of the same signature may differ depending on the time point chosen due to temporal changes in chain validities, revocation statuses, and timestamp times.

config Method

Sets or retrieves a configuration setting.

Syntax

def config(configuration_string: str) -> str: ...

Remarks

config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

do_action Method

Performs an additional action.

Syntax

def do_action(action_id: str, action_params: str) -> str: ...

Remarks

do_action is a generic method available in every class. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insensitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

find_attachment Method

Looks up a Message's attachment by its ID.

Syntax

def find_attachment(id: str) -> int: ...

Remarks

Use this method to find the attachment by its ID.

load_from_bytes Method

Loads an e-mail message from a byte array.

Syntax

def load_from_bytes(message_bytes: bytes) -> None: ...

Remarks

Use this method to load a message from a byte array and process it. Once the message has been loaded, use message to access its properties.

load_from_file Method

Loads an e-mail message from a file.

Syntax

def load_from_file(file_name: str) -> None: ...

Remarks

Use this method to load a message from a file and process it. Once the message has been loaded, use message to access its properties.

reset Method

Resets the class settings.

Syntax

def reset() -> None: ...

Remarks

reset is a generic method available in every class.

on_chain_validated Event

Reports the completion of a certificate chain validation.

Syntax

class MailReaderChainValidatedEventParams(object):
  @property
  def subject_rdn() -> str: ...

  @property
  def validation_result() -> int: ...

  @property
  def validation_details() -> int: ...

# In class MailReader:
@property
def on_chain_validated() -> Callable[[MailReaderChainValidatedEventParams], None]: ...
@on_chain_validated.setter
def on_chain_validated(event_hook: Callable[[MailReaderChainValidatedEventParams], None]) -> None: ...

Remarks

This event is fired when a certificate chain validation routine completes. SubjectRDN identifies the owner of the validated certificate.

ValidationResult set to 0 (zero) indicates successful chain validation.

Any other value reports a failure, and ValidationDetails provides more details on its reasons.

on_decryption_info_needed Event

Asks the application to provide a decryption certificate.

Syntax

class MailReaderDecryptionInfoNeededEventParams(object):
  @property
  def issuer_rdn() -> str: ...

  @property
  def serial_number() -> bytes: ...

  @property
  def subject_key_id() -> bytes: ...

# In class MailReader:
@property
def on_decryption_info_needed() -> Callable[[MailReaderDecryptionInfoNeededEventParams], None]: ...
@on_decryption_info_needed.setter
def on_decryption_info_needed(event_hook: Callable[[MailReaderDecryptionInfoNeededEventParams], None]) -> None: ...

Remarks

This event is fired when the component needs a decryption certificate. Use the provided values to look up the certificate, and assign it to decryption_certificate property.

Note that the decryption certificate must have an associated private key.

on_error Event

Reports information about errors during e-mail message loading, parsing or saving.

Syntax

class MailReaderErrorEventParams(object):
  @property
  def error_code() -> int: ...

  @property
  def description() -> str: ...

# In class MailReader:
@property
def on_error() -> Callable[[MailReaderErrorEventParams], None]: ...
@on_error.setter
def on_error(event_hook: Callable[[MailReaderErrorEventParams], None]) -> None: ...

Remarks

The event is fired in case of exceptional conditions during message processing.

ErrorCode contains an error code and Description contains a textual description of the error.

on_external_decrypt Event

Handles remote or external decryption.

Syntax

class MailReaderExternalDecryptEventParams(object):
  @property
  def operation_id() -> str: ...

  @property
  def algorithm() -> str: ...

  @property
  def pars() -> str: ...

  @property
  def encrypted_data() -> str: ...

  @property
  def data() -> str: ...
  @data.setter
  def data(value) -> None: ...

# In class MailReader:
@property
def on_external_decrypt() -> Callable[[MailReaderExternalDecryptEventParams], None]: ...
@on_external_decrypt.setter
def on_external_decrypt(event_hook: Callable[[MailReaderExternalDecryptEventParams], None]) -> None: ...

Remarks

Assign a handler to this event if you need to delegate a low-level decryption operation to an external, remote, or custom decryption engine. The handler receives an encrypted value in the EncryptedData parameter, and is expected to decrypt it and place the decrypted value into the Data parameter.

OperationId provides a comment about the operation and its origin. It depends on the exact class being used, and may be empty. Algorithm specifies the encryption algorithm being used, and Pars contains algorithm-dependent parameters.

The class uses base16 (hex) encoding for the EncryptedData, Data, and Pars parameters. If your decryption engine uses a different input and output encoding, you may need to decode and/or encode the data before and/or after the decryption.

Sample data encoded in base16: a0dee2a0382afbb09120ffa7ccd8a152 - lower case base16 A0DEE2A0382AFBB09120FFA7CCD8A152 - upper case base16

on_notification Event

This event notifies the application about an underlying control flow event.

Syntax

class MailReaderNotificationEventParams(object):
  @property
  def event_id() -> str: ...

  @property
  def event_param() -> str: ...

# In class MailReader:
@property
def on_notification() -> Callable[[MailReaderNotificationEventParams], None]: ...
@on_notification.setter
def on_notification(event_hook: Callable[[MailReaderNotificationEventParams], None]) -> None: ...

Remarks

The class fires this event to let the application know about some event, occurrence, or milestone in the class. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the class, the exact action it is performing, or the document being processed, one or both may be omitted.

on_signature_found Event

Signifies the start of signature validation.

Syntax

class MailReaderSignatureFoundEventParams(object):
  @property
  def issuer_rdn() -> str: ...

  @property
  def serial_number() -> bytes: ...

  @property
  def subject_key_id() -> bytes: ...

  @property
  def cert_found() -> bool: ...

  @property
  def validate_signature() -> bool: ...
  @validate_signature.setter
  def validate_signature(value) -> None: ...

  @property
  def validate_chain() -> bool: ...
  @validate_chain.setter
  def validate_chain(value) -> None: ...

# In class MailReader:
@property
def on_signature_found() -> Callable[[MailReaderSignatureFoundEventParams], None]: ...
@on_signature_found.setter
def on_signature_found(event_hook: Callable[[MailReaderSignatureFoundEventParams], None]) -> None: ...

Remarks

This event tells the application that signature validation is about to start, and provides the details about the signer's certificate via its IssuerRDN, SerialNumber, and SubjectKeyID parameters. It fires for every signature located in the verified document or message.

The CertFound parameter is set to True if the class has found the needed certificate in one of the known locations, and to False otherwise, in which case you must provide it manually via the known_certificates property.

Signature validation consists of two independent stages: cryptographic signature validation and chain validation. Separate validation results are reported for each, with the and properties respectively.

Use the ValidateSignature and ValidateChain parameters to tell the verifier which stages to include in the validation.

on_signature_validated Event

Marks the completion of the signature validation routine.

Syntax

class MailReaderSignatureValidatedEventParams(object):
  @property
  def issuer_rdn() -> str: ...

  @property
  def serial_number() -> bytes: ...

  @property
  def subject_key_id() -> bytes: ...

  @property
  def validation_result() -> int: ...

# In class MailReader:
@property
def on_signature_validated() -> Callable[[MailReaderSignatureValidatedEventParams], None]: ...
@on_signature_validated.setter
def on_signature_validated(event_hook: Callable[[MailReaderSignatureValidatedEventParams], None]) -> None: ...

Remarks

This event is fired upon the completion of the signature validation routine, and reports the respective validation result.

Use the IssuerRDN, SerialNumber, and/or SubjectKeyID parameters to identify the signing certificate.

ValidationResult is set to 0 if the validation has been successful, or to a non-zero value in case of a validation failure.

MailReader Config Settings

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

MailReader Config Settings

Base Config Settings

MailReader Errors

MailReader Errors