on_before_certificate_processing Event
Reports the start of certificate processing.
Syntax
class CertificateValidatorBeforeCertificateProcessingEventParams(object): @property def cert() -> str: ... @property def validity() -> int: ... @property def validation_details() -> int: ... # In class CertificateValidator: @property def on_before_certificate_processing() -> Callable[[CertificateValidatorBeforeCertificateProcessingEventParams], None]: ... @on_before_certificate_processing.setter def on_before_certificate_processing(event_hook: Callable[[CertificateValidatorBeforeCertificateProcessingEventParams], None]) -> None: ...
Remarks
This event is fired when the class is about to start the processing of Cert.
'Processing' consists of one or more 'validations' (with one CA certificate each), completion of each of which is reported via on_after_certificate_validation events. If a certificate is signed by a single CA (which is a typical case), processing is synonymous to validation.
The firing of on_after_certificate_processing marks the end of the certificate processing.
Validity and ValidationDetails specify the current validation status.
Validity status:
cvtValid | 0 | The chain is valid |
cvtValidButUntrusted | 1 | The chain is valid, but the root certificate is not trusted |
cvtInvalid | 2 | The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature) |
cvtCantBeEstablished | 3 | The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses) |
Validation details:
cvrBadData | 0x0001 | One or more certificates in the validation path are malformed |
cvrRevoked | 0x0002 | One or more certificates are revoked |
cvrNotYetValid | 0x0004 | One or more certificates are not yet valid |
cvrExpired | 0x0008 | One or more certificates are expired |
cvrInvalidSignature | 0x0010 | A certificate contains a non-valid digital signature |
cvrUnknownCA | 0x0020 | A CA certificate for one or more certificates has not been found (chain incomplete) |
cvrCAUnauthorized | 0x0040 | One of the CA certificates are not authorized to act as CA |
cvrCRLNotVerified | 0x0080 | One or more CRLs could not be verified |
cvrOCSPNotVerified | 0x0100 | One or more OCSP responses could not be verified |
cvrIdentityMismatch | 0x0200 | The identity protected by the certificate (a TLS endpoint or an e-mail addressee) does not match what is recorded in the certificate |
cvrNoKeyUsage | 0x0400 | A mandatory key usage is not enabled in one of the chain certificates |
cvrBlocked | 0x0800 | One or more certificates are blocked |
cvrFailure | 0x1000 | General validation failure |
cvrChainLoop | 0x2000 | Chain loop: one of the CA certificates recursively signs itself |
cvrWeakAlgorithm | 0x4000 | A weak algorithm is used in one of certificates or revocation elements |
cvrUserEnforced | 0x8000 | The chain was considered invalid following intervention from a user code |