TElX509CertificateValidator.OnAfterCertificateValidation event

TElX509CertificateValidator.OnAfterCertificateValidation

Notifies about result of validation of certain certificate.

Declaration

[C#]
event TSBAfterCertificateValidationEvent OnAfterCertificateValidation;
delegate void TSBAfterCertificateValidationEvent(Object Sender, TElX509Certificate Certificate, TElX509Certificate CACertificate, ref TSBCertificateValidity Validity, ref TSBCertificateValidityReason Reason, ref bool DoContinue);

[VB.NET]
Event OnAfterCertificateValidation As TSBAfterCertificateValidationEvent
Delegate Sub TSBAfterCertificateValidationEvent(ByVal Sender As Object, ByVal Certificate As TElX509Certificate, ByVal CACertificate As TElX509Certificate, ByRef Validity As TSBCertificateValidity, ByRef Reason As TSBCertificateValidityReason, ByRef DoContinue As Boolean)

[Pascal]
property OnAfterCertificateValidation : TSBAfterCertificateValidationEvent;
TSBAfterCertificateValidationEvent = procedure (Sender : TObject; Certificate, CACertificate : TElX509Certificate; var Validity : TSBCertificateValidity; var Reason : TSBCertificateValidityReason; var DoContinue : boolean) of object;

[C++]
    void get_OnAfterCertificateValidation(TSBAfterCertificateValidationEvent &pMethodOutResult, void * &pDataOutResult);
    void set_OnAfterCertificateValidation(TSBAfterCertificateValidationEvent pMethodValue, void * pDataValue);
    typedef void (SB_CALLBACK *TSBAfterCertificateValidationEvent)(void * _ObjectData, TObjectHandle Sender, TElX509CertificateHandle Certificate, TElX509CertificateHandle CACertificate, TSBCertificateValidityRaw &Validity, TSBCertificateValidityReasonRaw &Reason, int8_t &DoContinue);

[PHP]
    TSBAfterCertificateValidationEvent|callable|NULL get_OnAfterCertificateValidation()
    void set_OnAfterCertificateValidation(TSBAfterCertificateValidationEvent|callable|NULL $Value)
    callable TSBAfterCertificateValidationEvent(TObject $Sender, TElX509Certificate $Certificate, TElX509Certificate $CACertificate, integer &$Validity, integer &$Reason, bool &$DoContinue)

[Java]
    TSBAfterCertificateValidationEvent getOnAfterCertificateValidation();
    void setOnAfterCertificateValidation(TSBAfterCertificateValidationEvent Value);
    TSBAfterCertificateValidationEvent.Callback OnAfterCertificateValidation = new TSBAfterCertificateValidationEvent.Callback() {
        public void TSBAfterCertificateValidationEventCallback(TObject arg0, TElX509Certificate arg1, TElX509Certificate arg2, TElAfterCertificateValidationEventParams arg3) {
            //...
        }
    }

Parameters

Certificate - specifies the certificate that has been validated.
CACertificate - specifies the certificate which signed the Certificate.
Can be nil / null / Nothing, if the Certificate is self-signed.
Validity - contains determined Validity of the certificate.
Reason - contains set of reasons for determined validity.
DoContinue - set this parameter to True to continue validation (when applicable) or to False to stop validation.

Possible validity values:

[.NET] [C++]	[Pascal]	Description
cvOk = 0	cvOk	Certificate was validated successfully and is valid
cvSelfSigned = 1	cvSelfSigned	Certificate is self signed
cvInvalid = 2	cvInvalid	Certificate is invalid
cvStorageError = 3	cvStorageError	Certificate was not validated due to certificate storage error
cvChainUnvalidated = 4	cvChainUnvalidated	Certificate chain was not validated because while the certificate itself is valid, one or more of CA Certificates in the chain have validation problems

Possible validity reasons:

[.NET]	[Pascal]	[C++]	Description
vrBadData = 1	vrBadData	f_vrBadData = 1	Invalid certificate format or certificate is corrupted
vrRevoked = 2	vrRevoked	f_vrRevoked = 2	Certificate is revoked by Issuer
vrNotYetValid = 4	vrNotYetValid	f_vrNotYetValid = 4	Certificate is not valid yet
vrExpired = 8	vrExpired	f_vrExpired = 8	Certificate is expired
vrInvalidSignature = 16	vrInvalidSignature	f_vrInvalidSignature = 16	Certificate contains invalid digital signature, it could be corrupted
vrUnknownCA = 32	vrUnknownCA	f_vrUnknownCA = 32	Issuer (CA) certificate was not found.
vrCAUnauthorized = 64	vrCAUnauthorized	f_vrCAUnauthorized = 64	Issuer (CA) certificate was found but its key usage fields don't allow use of this certificate for signing other certificates.
vrCRLNotVerified = 128	vrCRLNotVerified	f_vrCRLNotVerified = 128	Certificate Revocation List for this certificate could not be retrieved and/or validated.
vrOCSPNotVerified = 256	vrOCSPNotVerified	f_vrOCSPNotVerified = 256	OCSP response for this certificate could not be retrieved and/or validated.
vrIdentityMismatch = 512	vrIdentityMismatch	f_vrIdentityMismatch = 512	Provided certificate doesn't include the specified name and / or IP address. Either the remote side in TLS or sender in S/MIME is misconfigured, or the certificate is misused by the remote side or sender, or authenticity of the remote side or sender is forged.
vrNoKeyUsage = 1024	vrNoKeyUsage	f_vrNoKeyUsage = 1024	Provided certificate may not be used for chosen activity (identifying TLS server or client or S/MIME message sender)
vrBlocked = 2048	vrBlocked	f_vrBlocked = 2048	Provided certificate has been found in the list of blocked certificates
vrFailure = 4096	vrFailure	f_vrFailure = 4096	Validation took too long, aborted
vrChainLoop = 8192	vrChainLoop	f_vrChainLoop = 8192	Certificate chain includes a loop. Further validation is not possible.
vrWeakAlgorithm = 16384	vrWeakAlgorithm	f_vrWeakAlgorithm = 16384	One of certificates is signed using the weak hash algorithm

Description

This event is fired after certain certificate is validated. Note, that the event is fired not just for certificates in the chain, but also for all certificates, validated during CRL or OCSP checks (i.e. certificates used for signing CRLs and OCSP responses and their CAs). You can use this event to build validation report for the user or to enforce complete validation of the chain (i.e. check CA certificates even when the certificate itself is not valid).
Certificate Validity "cvSelfSigned" is set for self-signed certificate, which is not found in the list of trusted certificate. Otherwise cvOk validity status is reported.

Discuss this help topic in SecureBlackbox Forum