Website Download Support
 

Discuss this help topic in SecureBlackbox Forum

TElX509CertificateValidator.Validate

TElX509CertificateValidator     See also     

Filter: C#  VB.NET  Pascal  C++  PHP  Java  

Use this method to check validity of certificates.

Declaration

[C#]
    void Validate(TElX509Certificate Certificate, TElCustomCertStorage AdditionalCertificates, bool CompleteChainValidation, DateTime ValidityMoment, ref TSBCertificateValidity Validity, ref TSBCertificateValidityReason Reason);
    void Validate(TElX509Certificate Certificate, ref TSBCertificateValidity Validity, ref TSBCertificateValidityReason Reason);

[VB.NET]
    Sub Validate(ByVal Certificate As TElX509Certificate, ByVal AdditionalCertificates As TElCustomCertStorage, ByVal CompleteChainValidation As Boolean, ByVal ValidityMoment As DateTime, ByRef Validity As TSBCertificateValidity, ByRef Reason As TSBCertificateValidityReason)
    Sub Validate(ByVal Certificate As TElX509Certificate, ByRef Validity As TSBCertificateValidity, ByRef Reason As TSBCertificateValidityReason)

[Pascal]
    procedure Validate(Certificate : TElX509Certificate; AdditionalCertificates : TElCustomCertStorage; CompleteChainValidation : boolean; ValidityMoment : TDateTime, var Validity: TSBCertificateValidity; var Reason: TSBCertificateValidityReason);
    procedure Validate(Certificate : TElX509Certificate; var Validity : TSBCertificateValidity; var Reason : TSBCertificateValidityReason);

[C++]
    void Validate(TElX509Certificate &Certificate, TElCustomCertStorage &AdditionalCertificates, bool CompleteChainValidation, int64_t ValidityMoment, TSBCertificateValidity &Validity, TSBCertificateValidityReason &Reason);
    void Validate(TElX509Certificate *Certificate, TElCustomCertStorage *AdditionalCertificates, bool CompleteChainValidation, int64_t ValidityMoment, TSBCertificateValidity &Validity, TSBCertificateValidityReason &Reason);
    void Validate(TElX509Certificate &Certificate, TSBCertificateValidity &Validity, TSBCertificateValidityReason &Reason);
    void Validate(TElX509Certificate *Certificate, TSBCertificateValidity &Validity, TSBCertificateValidityReason &Reason);

[PHP]
    void Validate(TElX509Certificate $Certificate, TElCustomCertStorage $AdditionalCertificates, bool $CompleteChainValidation, DateTime $ValidityMoment, integer &$Validity, integer &$Reason)
    void Validate(TElX509Certificate $Certificate, integer &$Validity, integer &$Reason)

[Java]
    void validate(TElX509Certificate Certificate, TElCustomCertStorage AdditionalCertificates, boolean CompleteChainValidation, Date ValidityMoment, TElX509CertificateValidatorResult Res);
    void validate(TElX509Certificate Certificate, TElX509CertificateValidatorResult Res);

Parameters

  • Certificate - Certificate to be validated.
  • AdditionalCertificates - Additional certificates that might be known.
  • CompleteChainValidation - Specifies whether to check issuer (CA) certificates when the certificate is invalid.
  • ValidityMoment - Specifies the time when the certificate must be valid (i.e. the moment of e-mail creation or sending or receipt).
  • Validity - On return contains validity status of the certificate.
  • Reason - On return contains validity status reasons of the certificate.
  • Res -

Validity values

[.NET] [C++] [Pascal] Description
cvOk = 0 cvOk Certificate was validated successfully and is valid
cvSelfSigned = 1 cvSelfSigned Certificate is self signed
cvInvalid = 2 cvInvalid Certificate is invalid
cvStorageError = 3 cvStorageError Certificate was not validated due to certificate storage error
cvChainUnvalidated = 4 cvChainUnvalidated Certificate chain was not validated because while the certificate itself is valid, one or more of CA Certificates in the chain have validation problems

Validity reasons

[.NET] [Pascal] [C++] Description
vrBadData = 1 vrBadData f_vrBadData = 1 Invalid certificate format or certificate is corrupted
vrRevoked = 2 vrRevoked f_vrRevoked = 2 Certificate is revoked by Issuer
vrNotYetValid = 4 vrNotYetValid f_vrNotYetValid = 4 Certificate is not valid yet
vrExpired = 8 vrExpired f_vrExpired = 8 Certificate is expired
vrInvalidSignature = 16 vrInvalidSignature f_vrInvalidSignature = 16 Certificate contains invalid digital signature, it could be corrupted
vrUnknownCA = 32 vrUnknownCA f_vrUnknownCA = 32 Issuer (CA) certificate was not found.
vrCAUnauthorized = 64 vrCAUnauthorized f_vrCAUnauthorized = 64 Issuer (CA) certificate was found but its key usage fields don't allow use of this certificate for signing other certificates.
vrCRLNotVerified = 128 vrCRLNotVerified f_vrCRLNotVerified = 128 Certificate Revocation List for this certificate could not be retrieved and/or validated.
vrOCSPNotVerified = 256 vrOCSPNotVerified f_vrOCSPNotVerified = 256 OCSP response for this certificate could not be retrieved and/or validated.
vrIdentityMismatch = 512 vrIdentityMismatch f_vrIdentityMismatch = 512 Provided certificate doesn't include the specified name and / or IP address. Either the remote side in TLS or sender in S/MIME is misconfigured, or the certificate is misused by the remote side or sender, or authenticity of the remote side or sender is forged.
vrNoKeyUsage = 1024 vrNoKeyUsage f_vrNoKeyUsage = 1024 Provided certificate may not be used for chosen activity (identifying TLS server or client or S/MIME message sender)
vrBlocked = 2048 vrBlocked f_vrBlocked = 2048 Provided certificate has been found in the list of blocked certificates
vrFailure = 4096 vrFailure f_vrFailure = 4096 Validation took too long, aborted
vrChainLoop = 8192 vrChainLoop f_vrChainLoop = 8192 Certificate chain includes a loop. Further validation is not possible.
vrWeakAlgorithm = 16384 vrWeakAlgorithm f_vrWeakAlgorithm = 16384 One of certificates is signed using the weak hash algorithm

Description

     Use one of Validate methods to validate the certificate and its issuer (CA) certificates. You need to pass the end-entity certificate only - CA certificates will be retrieved via Certificate's Chain property. If the chain is not available, you can pass CA certificates via AdditionalCertificates parameter or using AddKnownCertificates() method.

     On return Validity contains the result of certificate validation. If the last certificate in the chain was self-signed (as it usually should be, because the chain is built up to the self-signed root certificate), Validity can be cvSelfSigned, if the topmost certificate was not found in the list of trusted certificates, or cvOk if the topmost certificate is trusted.

     When CompleteChainValidation = true and the certificate is found to be not valid, certificate validation continues, i.e. issuer (CA) certificates are validated as well. This lets you create validation report which should include all certificates in the chain. When CompleteChainValidation = false and the certificate is not valid, further validation is not performed and Validate() method returns immediately.

     Since version 13 ResetCertificateCache parameter has been replaced with ResetCertificateCache class method.

See also:     ResetCertificateCache     ValidateForSMIME     ValidateForSSL     ValidateForTimestamping    

Discuss this help topic in SecureBlackbox Forum

Copyright (c) 2018, /n software, inc.