SecureBlackbox Lite 2020 C++ Edition

Questions / Feedback?

CertificateValidator Class

Properties   Methods   Events   Configuration Settings   Errors  

The CertificateValidator class provides fine-grained validation of X.509 certificates.

Syntax

CertificateValidator

Remarks

This is a powerful and configurable class which can be used to validate all kinds of certificates and their chains.

The purpose of CertificateValidator is to validate certificate chains according to the X.509 specification. It supports a variety of technologies, including CRL and OCSP services, and can provide a comprehensive output on the certificate cryptographic validity, chain integrity, and trust levels. CertificateValidator is used internally in many other SecureBlackbox components, such as PDFSigner, HTTPClient, and OfficeVerifier.

To validate a certificate, please tune up the component as following:

  • Assign the certificate to be validated to the Certificate property.
  • Set RevocationCheck in accordance with your revocation check preferences.
  • Enable UseSystemCertificates property to trust certificates that are trusted by the operating system. Copy any certificates that are not available in the standard system locations to KnownCertificates and TrustedCertificates collections (see Note 1 below).
  • Optionally, adjust TLSSettings and SocketSettings.
  • Adjust ValidationMoment if you would like to check the certificate validity at a different moment in time. Leave it unchanged to validate the certificate at the current time moment.
  • Call Validate or ValidateForSSL method to initiate chain validation.

Depending on the complexity of the chain and the configuration of the component, the validation routine may take certain amount of time. The validator reports chain validation progress using a selection of events, such as BeforeCertificateProcessing, AfterCertificateProcessing, and CRLDownloaded events. It may also ask you for missing objects using CRLNeeded or CACertificateNeeded events. In each such event handler you can access the currently validated certificate via the CurrentCertificate property, and the interim validity figures via the InterimValidationResult and InterimValidationDetails property.

The return of the Validate (or similar) method indicates the completion of the validation procedure. The outcome of the chain validation is represented with the two parameters:

  • ChainValidationResult reports the general validation outcome: valid, valid-but-untrusted, invalid, and unknown. As a rule, only the valid result can be taken as a good reason to consider the chain valid.
  • ChainValidationDetails provides insights into the factors that caused the validation to fail.
Apart from these two parameters, you can check the low-level validation details by consulting the ValidationLog property. The validation log is often a great source for tracking and reacting to various validation issues.

Note 1: On Windows, CertificateValidator can use CA and ROOT system stores to look for any missing CA certificates and trust anchors. No similar functionality is currently available for other platforms, so in most cases you must provide your own list of trusted and CA certificates via TrustedCertificates and KnownCertificates collections to have your chains validate fully in Linux and macOS projects.

Note 2: The OfflineMode property is a handy way to check the completeness of your revocation/validation information. When the offline mode is on, CertificateValidator won't go online for any missing certificates, CRLs, and OCSP responses. Paired with a switched-off UseSystemCertificates property, it allows to make sure that any content provided via KnownCertificates, KnownCRLs, and KnownOCSPs represents the complete set of validation information required to validate the chain.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

BlockedCertCountThe number of records in the BlockedCert arrays.
BlockedCertBytesReturns raw certificate data in DER format.
BlockedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
CacheValidationResultsEnables or disables validation result caching.
CertBytesReturns raw certificate data in DER format.
CertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
ChainValidationDetailsThe details of a certificate chain validation outcome.
ChainValidationResultThe general outcome of a certificate chain validation routine. Use ChainValidationDetails to get information about the reasons that contributed to the validation result.
CurrentCACertBytesReturns raw certificate data in DER format.
CurrentCACertCAIndicates whether the certificate has a CA capability (a setting in BasicConstraints extension).
CurrentCACertCAKeyIDA unique identifier (fingerprint) of the CA certificate's private key.
CurrentCACertCRLDistributionPointsLocations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
CurrentCACertCurveSpecifies the elliptic curve of the EC public key.
CurrentCACertFingerprintContains the fingerprint (a hash imprint) of this certificate.
CurrentCACertFriendlyNameContains an associated alias (friendly name) of the certificate.
CurrentCACertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
CurrentCACertHashAlgorithmSpecifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
CurrentCACertIssuerThe common name of the certificate issuer (CA), typically a company name.
CurrentCACertIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
CurrentCACertKeyAlgorithmSpecifies the public key algorithm of this certificate.
CurrentCACertKeyBitsReturns the length of the public key.
CurrentCACertKeyFingerprintReturns a fingerprint of the public key contained in the certificate.
CurrentCACertKeyUsageIndicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
CurrentCACertKeyValidReturns True if the certificate's key is cryptographically valid, and False otherwise.
CurrentCACertOCSPLocationsLocations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
CurrentCACertOriginReturns the origin of this certificate.
CurrentCACertPolicyIDsContains identifiers (OIDs) of the applicable certificate policies.
CurrentCACertPrivateKeyBytesContains the certificate's private key.
CurrentCACertPrivateKeyExistsIndicates whether the certificate has an associated private key.
CurrentCACertPrivateKeyExtractableIndicates whether the private key is extractable.
CurrentCACertPublicKeyBytesContains the certificate's public key in DER format.
CurrentCACertSelfSignedIndicates whether the certificate is self-signed (root) or signed by an external CA.
CurrentCACertSerialNumberReturns the certificate's serial number.
CurrentCACertSigAlgorithmIndicates the algorithm that was used by the CA to sign this certificate.
CurrentCACertSubjectThe common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
CurrentCACertSubjectKeyIDContains a unique identifier (fingerprint) of the certificate's private key.
CurrentCACertSubjectRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
CurrentCACertValidFromThe time point at which the certificate becomes valid, in UTC.
CurrentCACertValidToThe time point at which the certificate expires, in UTC.
CurrentCertBytesReturns raw certificate data in DER format.
CurrentCertCAIndicates whether the certificate has a CA capability (a setting in BasicConstraints extension).
CurrentCertCAKeyIDA unique identifier (fingerprint) of the CA certificate's private key.
CurrentCertCRLDistributionPointsLocations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
CurrentCertCurveSpecifies the elliptic curve of the EC public key.
CurrentCertFingerprintContains the fingerprint (a hash imprint) of this certificate.
CurrentCertFriendlyNameContains an associated alias (friendly name) of the certificate.
CurrentCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
CurrentCertHashAlgorithmSpecifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
CurrentCertIssuerThe common name of the certificate issuer (CA), typically a company name.
CurrentCertIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
CurrentCertKeyAlgorithmSpecifies the public key algorithm of this certificate.
CurrentCertKeyBitsReturns the length of the public key.
CurrentCertKeyFingerprintReturns a fingerprint of the public key contained in the certificate.
CurrentCertKeyUsageIndicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
CurrentCertKeyValidReturns True if the certificate's key is cryptographically valid, and False otherwise.
CurrentCertOCSPLocationsLocations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
CurrentCertOriginReturns the origin of this certificate.
CurrentCertPolicyIDsContains identifiers (OIDs) of the applicable certificate policies.
CurrentCertPrivateKeyBytesContains the certificate's private key.
CurrentCertPrivateKeyExistsIndicates whether the certificate has an associated private key.
CurrentCertPrivateKeyExtractableIndicates whether the private key is extractable.
CurrentCertPublicKeyBytesContains the certificate's public key in DER format.
CurrentCertSelfSignedIndicates whether the certificate is self-signed (root) or signed by an external CA.
CurrentCertSerialNumberReturns the certificate's serial number.
CurrentCertSigAlgorithmIndicates the algorithm that was used by the CA to sign this certificate.
CurrentCertSubjectThe common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
CurrentCertSubjectKeyIDContains a unique identifier (fingerprint) of the certificate's private key.
CurrentCertSubjectRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
CurrentCertValidFromThe time point at which the certificate becomes valid, in UTC.
CurrentCertValidToThe time point at which the certificate expires, in UTC.
GracePeriodSpecifies a grace period to apply during certificate validation.
InterimValidationDetailsContains the validation details of the moment.
InterimValidationResultContains the validation status of the moment.
KnownCertCountThe number of records in the KnownCert arrays.
KnownCertBytesReturns raw certificate data in DER format.
KnownCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
KnownCRLCountThe number of records in the KnownCRL arrays.
KnownCRLBytesReturns raw CRL data in DER format.
KnownCRLHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
KnownOCSPCountThe number of records in the KnownOCSP arrays.
KnownOCSPBytesBuffer containing raw OCSP response data.
KnownOCSPHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
MaxValidationTimeSpecifies the maximum time the validation process may take.
OfflineModeSwitches the class to the offline mode.
ProxyAddressThe IP address of the proxy server.
ProxyAuthenticationThe authentication type used by the proxy server.
ProxyPasswordThe password to authenticate to the proxy server.
ProxyPortThe port on the proxy server to connect to.
ProxyProxyTypeThe type of the proxy server.
ProxyRequestHeadersContains HTTP request headers for WebTunnel and HTTP proxy.
ProxyResponseBodyContains the HTTP or HTTPS (WebTunnel) proxy response body.
ProxyResponseHeadersContains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.
ProxyUseIPv6Specifies whether IPv6 should be used when connecting through the proxy.
ProxyUseProxyEnables or disables proxy-driven connection.
ProxyUsernameSpecifies the username credential for proxy authentication.
QualifiedIndicates a qualified electronic signature.
RevocationCheckSpecifies the kind(s) of revocation check to perform.
SocketDNSModeSelects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system.
SocketDNSPortSpecifies the port number to be used for sending queries to the DNS server.
SocketDNSQueryTimeoutThe timeout (in milliseconds) for each DNS query.
SocketDNSServersThe addresses of DNS servers to use for address resolution, separated by commas or semicolons.
SocketDNSTotalTimeoutThe timeout (in milliseconds) for the whole resolution process.
SocketIncomingSpeedLimitThe maximum number of bytes to read from the socket, per second.
SocketLocalAddressThe local network interface to bind the socket to.
SocketLocalPortThe local port number to bind the socket to.
SocketOutgoingSpeedLimitThe maximum number of bytes to write to the socket, per second.
SocketTimeoutThe maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
SocketUseIPv6Enables or disables IP protocol version 6.
TLSClientCertCountThe number of records in the TLSClientCert arrays.
TLSClientCertBytesReturns raw certificate data in DER format.
TLSClientCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
TLSServerCertCountThe number of records in the TLSServerCert arrays.
TLSServerCertBytesReturns raw certificate data in DER format.
TLSServerCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
TLSAutoValidateCertificatesSpecifies whether server-side TLS certificates should be validated automatically using internal validation rules.
TLSBaseConfigurationSelects the base configuration for the TLS settings.
TLSCiphersuitesA list of ciphersuites separated with commas or semicolons.
TLSECCurvesDefines the elliptic curves to enable.
TLSForceResumeIfDestinationChangesWhether to force TLS session resumption when the destination address changes.
TLSPreSharedIdentityDefines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
TLSPreSharedKeyContains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
TLSPreSharedKeyCiphersuiteDefines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
TLSRenegotiationAttackPreventionModeSelects renegotiation attack prevention mechanism.
TLSRevocationCheckSpecifies the kind(s) of revocation check to perform.
TLSSSLOptionsVarious SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.
TLSTLSModeSpecifies the TLS mode to use.
TLSUseExtendedMasterSecretEnables Extended Master Secret Extension, as defined in RFC 7627.
TLSUseSessionResumptionEnables or disables TLS session resumption capability.
TLSVersionsTh SSL/TLS versions to enable by default.
TrustedCertCountThe number of records in the TrustedCert arrays.
TrustedCertBytesReturns raw certificate data in DER format.
TrustedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
UsedCertCountThe number of records in the UsedCert arrays.
UsedCertBytesReturns raw certificate data in DER format.
UsedCertCAIndicates whether the certificate has a CA capability (a setting in BasicConstraints extension).
UsedCertCAKeyIDA unique identifier (fingerprint) of the CA certificate's private key.
UsedCertCRLDistributionPointsLocations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
UsedCertCurveSpecifies the elliptic curve of the EC public key.
UsedCertFingerprintContains the fingerprint (a hash imprint) of this certificate.
UsedCertFriendlyNameContains an associated alias (friendly name) of the certificate.
UsedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
UsedCertHashAlgorithmSpecifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
UsedCertIssuerThe common name of the certificate issuer (CA), typically a company name.
UsedCertIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
UsedCertKeyAlgorithmSpecifies the public key algorithm of this certificate.
UsedCertKeyBitsReturns the length of the public key.
UsedCertKeyFingerprintReturns a fingerprint of the public key contained in the certificate.
UsedCertKeyUsageIndicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
UsedCertKeyValidReturns True if the certificate's key is cryptographically valid, and False otherwise.
UsedCertOCSPLocationsLocations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
UsedCertOriginReturns the origin of this certificate.
UsedCertPolicyIDsContains identifiers (OIDs) of the applicable certificate policies.
UsedCertPrivateKeyBytesContains the certificate's private key.
UsedCertPrivateKeyExistsIndicates whether the certificate has an associated private key.
UsedCertPrivateKeyExtractableIndicates whether the private key is extractable.
UsedCertPublicKeyBytesContains the certificate's public key in DER format.
UsedCertSelfSignedIndicates whether the certificate is self-signed (root) or signed by an external CA.
UsedCertSerialNumberReturns the certificate's serial number.
UsedCertSigAlgorithmIndicates the algorithm that was used by the CA to sign this certificate.
UsedCertSubjectThe common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
UsedCertSubjectKeyIDContains a unique identifier (fingerprint) of the certificate's private key.
UsedCertSubjectRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
UsedCertValidFromThe time point at which the certificate becomes valid, in UTC.
UsedCertValidToThe time point at which the certificate expires, in UTC.
UsedCRLCountThe number of records in the UsedCRL arrays.
UsedCRLBytesReturns raw CRL data in DER format.
UsedCRLHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
UsedCRLIssuerThe common name of the CRL issuer (CA), typically a company name.
UsedCRLIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the CRL issuer.
UsedCRLLocationThe URL that the CRL was downloaded from.
UsedCRLNextUpdateThe planned time and date of the next version of this CRL to be published.
UsedCRLThisUpdateThe date and time at which this version of the CRL was published.
UseDefaultTSLsEnables or disables the use of the default TSLs.
UsedOCSPCountThe number of records in the UsedOCSP arrays.
UsedOCSPBytesBuffer containing raw OCSP response data.
UsedOCSPHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
UsedOCSPIssuerIndicates the issuer of this response (a CA or its authorized representative).
UsedOCSPIssuerRDNIndicates the RDN of the issuer of this response (a CA or its authorized representative).
UsedOCSPLocationLocation of the OCSP responder.
UsedOCSPProducedAtSpecifies the time when the response was produced, in UTC.
UseSystemCertificatesEnables or disables the use of the system certificates.
ValidationLogContains the complete log of the certificate validation routine.
ValidationMomentThe time point at which chain validity is to be established.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

ConfigSets or retrieves a configuration setting.
RefreshCacheRefreshes the certificate cache.
ResetCacheClears all data contained in the validation cache.
TerminateTerminates the validation process.
ValidateValidates the certificate chain.
ValidateForSMIMEValidates an e-mail signing certificate.
ValidateForSSLValidates a server-side SSL/TLS certificate.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

AfterCertificateProcessingMarks the end of a single certificate processing step.
AfterCertificateValidationMarks the end of a single certificate validation step.
BeforeCACertificateDownloadFires when a CA certificate is about to be downloaded.
BeforeCertificateProcessingReports the start of certificate processing.
BeforeCertificateValidationReports the start of certificate validation.
BeforeCRLDownloadFires when a CRL is about to be downloaded.
BeforeOCSPDownloadFires when a certificate's OCSP status is about to be requested.
CACertificateDownloadedMarks the success of a certificate download.
CACertificateNeededRequests a missing certificate from the user.
CRLDownloadedMarks the success of a CRL download.
CRLNeededRequests a missing CRL from the user.
ErrorInformation about errors during certificate validation.
NotificationThis event notifies the application about an underlying control flow event.
OCSPDownloadedMarks the success of an OCSP request.
TLSCertValidateThis event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

CacheValidityTimeTime period during which to keep validation cache.
CheckStrongAlgorithmForTrustedWhether to check a 'strong' hash algorithm for trusted certificates.
CheckValidityPeriodForTrustedWhether to check validity period for trusted certificates.
CrossCertificationValidationStrategyDefines how the cross certification validation is performed.
ForceCompleteChainValidationForTrustedWhether to validate the whole chain.
ForceRevocationCheckForRootWhether to check revocation info for root certificates.
IgnoreBadOCSPChainsWhether to ignore bad OCSP chains during validation.
IgnoreCABasicConstraintsWhether to ignore the Basic Constraints extension for the CA certificates.
IgnoreCAKeyUsageWhether to ignore Key Usage extension for CA certificates.
IgnoreCANameConstraintsWhether to ignore the Name Constraints extension for the CA certificates.
IgnoreOCSPNoCheckExtensionWhether OCSP NoCheck extension should be ignored.
IgnoreRevocationKeyUsageWhether to check the CA certs used to sign revocation info.
IgnoreSSLKeyUsageWhether to check the CA certs used in SSL/TLS.
IgnoreSystemTrustWhether trusted Windows Certificate Stores should be treated as trusted.
ImplicitlyTrustSelfSignedCertificatesWhether to trust self-signed certificates.
LookupCRLByNameIfDPNotPresentWhether to look for implicit CRL Distribution Points.
PromoteLongOCSPResponsesWhether long OCSP responses are requested.
RevocationMomentGracePeriodGrace period for revocation information propagation.
SkipSubjectNameIfAltNameExistsWhether to check CommonName if SubjectAltName is present.
UseMicrosoftCTLEnables or disables automatic use of Microsoft online certificate trust list.
ValidateInvalidCertificatesWhether to do all checks on invalid certificates.
WeakAlgorithmHandlingModeHow to handle certificates signed with a 'weak' hash algorithm.
CustomTSLsSpecifies the custom TSLs.
QualifiedStatusIndicates a qualified electronic signature.
TSLDistributionPointsContains XML content of distribution points of the TSL used.
TSLDistributionPoints[Idx]Contains distribution point of the specified index of the TSL used.
TSLHistoricalInformationPeriodContains historical information period of the TSL used.
TSLLegalNoticesContains XML content of legal notices of the TSL used.
TSLLegalNotices[lang]Contains legal notices for the specified language of the TSL used.
TSLListIssueDateTimeContains list issue date and time of the TSL used.
TSLNextUpdateContains next update date and time of the TSL used.
TSLPoliciesContains XML content of policies of the TSL used.
TSLPolicies[lang]Contains policies for the specified language of the TSL used.
TSLSchemeExtensionsContains XML content of scheme extensions of the TSL used.
TSLSchemeExtensions[Idx]Contains XML content of scheme extension of the specified index of the TSL used.
TSLSchemeInformationURIContains XML content of scheme information URI of the TSL used.
TSLSchemeInformationURI[lang]Contains scheme information URI for the specified language of the TSL used.
TSLSchemeNameContains XML content of scheme name of the TSL used.
TSLSchemeName[lang]Contains scheme name for the specified language of the TSL used.
TSLSchemeOperatorAddressContains XML content of scheme operator address of the TSL used.
TSLSchemeOperatorNameContains XML content of scheme operator name of the TSL used.
TSLSchemeOperatorName[lang]Contains scheme operator name for the specified language of the TSL used.
TSLSchemeTerritoryContains scheme territory of the TSL used.
TSLSchemeTypeCommunityRulesContains XML content of scheme type/community/rules of the TSL used.
TSLSchemeTypeCommunityRules[lang]Contains scheme type/community/rules for the specified language of the TSL used.
TSLSequenceNumberContains sequence number of the TSL used.
TSLsRetrieveLogContains the complete log of the TSLs retrieve.
TSLStatusDeterminationApproachContains status determination approach of the TSL used.
TSLsValidationLogContains the complete log of the TSLs validation.
TSLTSPAdditionalServiceInformationContains addtional service information of the TSP service used.
TSLTSPAddressContains XML content of the address of the TSP used.
TSLTSPHistoryInstanceIndicates that TSP service history instance used.
TSLTSPHistoryInstanceAdditionalServiceInformationContains addtional service information of the TSP service history instance used.
TSLTSPHistoryInstanceQualifiersContains list of qualifiers of the TSP service history instance used.
TSLTSPHistoryInstanceServiceInformationExtensionsContains XML content of information extensions of the TSP service history instance used.
TSLTSPHistoryInstanceServiceInformationExtensions[Idx]Contains XML content of information extension of the specified index of the TSP service history instance used.
TSLTSPHistoryInstanceServiceNameContains XML content of name of the TSP service history instance used.
TSLTSPHistoryInstanceServiceName[lang]Contains name for the specified language of the TSP service history instance used.
TSLTSPHistoryInstanceServiceStatusContains status of the TSP service history instance used.
TSLTSPHistoryInstanceServiceStatusStartingTimeContains status starting time of the TSP service history instance used.
TSLTSPHistoryInstanceServiceTypeIdentifierContains type identifier of the TSP service history instance used.
TSLTSPHistoryInstanceXMLContains XML content of the TSP service history instance used.
TSLTSPInformationExtensionsContains XML content of information extensions of the TSP used.
TSLTSPInformationExtensions[Idx]Contains XML content of information extension of the specified index of the TSP used.
TSLTSPInformationURIContains XML content of information URI of the TSP used.
TSLTSPInformationURI[lang]Contains information URI for the specified language of the TSP used.
TSLTSPNameContains XML content of name of the TSP used.
TSLTSPName[lang]Contains name for the specified language of the TSP used.
TSLTSPSchemeServiceDefinitionURIContains XML content of scheme service definition URI of the TSP service used.
TSLTSPSchemeServiceDefinitionURI[lang]Contains scheme service definition URI for the specified language of the TSP service used.
TSLTSPServiceDefinitionURIContains XML content of definition URI of the TSP service used.
TSLTSPServiceDefinitionURI[lang]Contains definition URI for the specified language of the TSP service used.
TSLTSPServiceInformationExtensionsContains XML content of information extensions of the TSP service used.
TSLTSPServiceInformationExtensions[Idx]Contains XML content of information extension of the specified index of the TSP service used.
TSLTSPServiceNameContains XML content of name of the TSP service used.
TSLTSPServiceName[lang]Contains name for the specified language of the TSP service used.
TSLTSPServiceQualifiersContains list of qualifiers of the TSP service used.
TSLTSPServiceStatusContains status of the TSP service used.
TSLTSPServiceStatusStartingTimeContains status starting time of the TSP service used.
TSLTSPServiceSupplyPointsContains XML content of the supply points of the TSP service used.
TSLTSPServiceTypeIdentifierContains type identifier of the TSP service used.
TSLTSPServiceXMLContains XML content of the TSP service used.
TSLTSPTradeNameContains XML content of trade name of the TSP used.
TSLTSPTradeName[lang]Contains trade name for the specified language of the TSP used.
TSLTSPXMLContains XML content of the TSP used.
TSLTypeContains TSL type of the TSL used.
TSLVersionIdentifierContains version identifier of the TSL used.
TSLXMLContains XML content of the TSL used.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox Lite 2020 C++ Edition - Version 20.0 [Build 8166]